Share

WATCH: US charges 'Godkiller', one other hacker with alleged Chinese intelligence ties

Washington – US officials on Thursday said two alleged Chinese hackers carried out an extensive campaign on behalf of Beijing's main intelligence agency to steal trade secrets and other information from government agencies and "a who's who" of major corporations in the United States and nearly a dozen other nations.

The indictment is the latest in a series of Justice Department criminal cases targeting Chinese cyberespionage and coincided with an announcement by Britain blaming China's Ministry of State Security for trade-secret pilfering affecting Western nations.

The alleged hackers, one of whom is nicknamed "Godkiller", are accused of breaching computer networks beginning as early as 2006 in a range of industries, including aviation and space, finance, biotechnology, oil and gas, satellites, and pharmaceuticals.

Prosecutors say they also obtained the names, social security numbers and other personal information of more than 100 000 Navy personnel.

In a new twist reflecting corporate computing's evolution, the hackers often infiltrated cloud computing companies and other major technology providers to indirectly reach clients' valuable documents.

Prosecutors said the alleged hackers stole "hundreds of gigabytes" of data, breaching computers of more than 45 entities in 12 states, including NASA's Jet Propulsion Lab and Goddard Space Centre. The hackers, identified as members of the group APT10, or "Stone Panda", are not in custody. Prosecutors said their names are Zhu Hua and Zhang Shillong.

'State sponsored actors'

US law enforcement officials say the case is part of a trend of state-sponsored hackers breaking into American networks and stealing trade secrets and other confidential information. More than 90% of Justice Department economic espionage cases over the past seven years involve China, said Deputy Attorney General Rod Rosenstein, and more than two-thirds of trade secrets cases are connected to the country.

"China's state-sponsored actors are the most active perpetrators of economic espionage," FBI Director Chris Wray said in announcing the case. "While we welcome fair competition, we cannot and will not tolerate illegal hacking, stealing or cheating.

"China's goal, simply put, is to replace the US as the world's leading superpower, and they're using illegal methods to get there," Wray said. While none of the "victim companies" was named, Wray called them a "who's who of the global economy".

China responded on Friday by accusing the US of "fabricating facts".

Chinese foreign ministry spokesperson Hua Chunying said in a statement that the indictment severely violates the basic norms of international relations and damages US-China cooperation. Hua called the charges "completely vile" and said the US has long engaged in "cybertheft".

Secretary of State Mike Pompeo and Homeland Security Secretary Kirstjen Nielsen released a joint statement accusing China of reneging on a 2015 commitment not to seek competitive advantage through theft of trade secrets, intellectual property and confidential business information.

US officials testified before Congress last week that Beijing's continued hacking has made a mockery of that 2015 commitment by President Xi Jinping following a first-of-its-kind indictment that accused Chinese hackers of stealing corporate data from brand-name US companies.

'China has taken off the gloves again'

"We want China to cease illegal cyber activities and honour its commitment to the international community, but the evidence suggests that China may not intend to live up to its promises," Rosenstein said.

Rob Silvers, a former Obama administration cybersecurity official, said cases like this create an important deterrent but should be supplemented by sanctions and other steps.

"It's necessary to do this kind of thing, but it's not nearly enough," he said. "I don't think Rod Rosenstein would tell you that it's game, set, match."

After a 2014 indictment against five alleged Chinese hackers, and a subsequent agreement with the US, Beijing at least temporarily reduced its hacking activity, Silvers said.

This case shows that "China has taken the gloves off again," he said.

Adam Segal, a cybersecurity expert at the Council on Foreign Relations, agreed that Beijing is unlikely to be swayed by sanctions alone.

The indictment filed in federal court in Manhattan describes how in recent years, as government agencies and corporations have shifted data to cloud computing providers and services including email and collaboration tools to tech service providers, the Stone Panda hackers followed, typically stealing the log-in credentials of system administrators in order to reach coveted proprietary data of clients.

Wray likened it to "breaking into and getting the keys from the maintenance department".

'Widespread' cyberespionage campaign

Britain's Foreign Office accused the Chinese elite hackers of conducting a "widespread and significant" campaign of cyberespionage against the United Kingdom and its allies and "almost certainly continues to target a range of global companies, seeking to gain access to commercial secrets".

Targeted nations named in the US indictment include Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland and the United Arab Emirates.

In recent months, the Justice Department has filed separate cases against several Chinese intelligence officials and hackers. A case filed in October marked the first time that a Chinese Ministry of State Security officer was extradited to the United States to stand trial.

Chinese espionage efforts have become "the most severe counterintelligence threat facing our country today," Bill Priestap, the assistant director of the FBI's counterintelligence division, told a Senate committee.

Hacking by Chinese state-backed hackers dramatically escalated over the summer in response to the trade war with the US and military tensions in the South China Sea, said Tom Kellermann, chief cybersecurity officer of Carbon Black, whose company's threat-hunting tool is used in global cyber investigations.

He credited the Justice Department with targeting a group that he said was China's "most prolific hacker crew". He said he was not optimistic that the pair would be prosecuted in the US, but that's not the point.

"The Chinese are operating on a 50-year plan of information dominance, a comprehensive national strategy, and it's high time we actually reacted," Kellermann said.

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Voting Booth
Do you think corruption-accused National Assembly Speaker Nosiviwe Mapisa-Nqakula will survive a motion of no confidence against her?
Please select an option Oops! Something went wrong, please try again later.
Results
No, her days are numbered
42% - 535 votes
Yes, the ANC caucus will protect her
58% - 753 votes
Vote
Rand - Dollar
18.90
+0.2%
Rand - Pound
23.85
+0.2%
Rand - Euro
20.39
+0.2%
Rand - Aus dollar
12.32
+0.2%
Rand - Yen
0.12
+0.2%
Platinum
908.05
0.0%
Palladium
1,014.94
0.0%
Gold
2,232.75
-0.0%
Silver
24.95
-0.1%
Brent Crude
87.00
+1.8%
Top 40
68,346
0.0%
All Share
74,536
0.0%
Resource 10
57,251
0.0%
Industrial 25
103,936
0.0%
Financial 15
16,502
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE