U.S. Justice Department lays charges against 2 Chinese citizens in massive data breach


‘Hundreds of gigabytes’ of data hacked from 12 countries, including Canada.

The U.S. Justice Department has charged two Chinese citizens with carrying out an extensive hacking campaign to steal corporate data and commercial secrets from entities in 12 countries, including Canada.

An indictment was unsealed Thursday against Zhu Hua and Zhang Shillong, who prosecutors said were acting on behalf of China’s main intelligence agency. According to the charges, both were members of the group Advanced Persistent Threat 10 and worked for a company called Huaying Haitai.

Court papers filed in Manhattan Federal Court in New York City allege the hackers were able to breach the computers of more than 45 companies and agencies in a dozen countries. The victims were in a variety of industries — including aviation, telecommunications, pharmaceuticals and natural resources — and involved NASA and the personal information of more than 100,000 U.S. navy personnel.

U.S. and British authorities on Thursday condemned China for violating 2015 agreements to curb cyber espionage for business purposes, slamming Chinese efforts to steal other countries’ trade secrets and technologies and to compromise government computers.

“China’s goal, simply put, is to replace the US as the world’s leading superpower,” said FBI head Christopher Wray. “We’re talking about state-sponsored actors engaged in illegal behaviour.”

“No country poses a broader, more severe long-term threat” to the United States than China, Wray added.

FBI wanted poster

The US justice department has indicted two Chinese men accused of hacking into the computer networks of companies and government agencies in Western countries.

The pair are allegedly part of a “hacking group” known as Advanced Persistent Threat 10, affiliated with China’s main intelligence service.

‘Hundreds of gigabytes’ breached

Both men were charged with conspiracy to commit computer intrusions, conspiracy to commit wire fraud and aggravated identity theft. Prosecutors said the hackers were able to steal “hundreds of gigabytes” of data.

Court papers say they hacked computer service providers to gain access to the networks of businesses and governments in order to steal intellectual property and business data. U.S. officials said hacking attempts began in 2006 and ran through 2018.

The indictment was announced Thursday by Wray, deputy Attorney General Rod Rosenstein and Geoffrey Berman, the U.S. attorney in Manhattan.

“We want China to cease its illegal cyberactivities and honour its commitment to the international community, but the evidence suggests that China may not intend to abide by its promises,” Rosenstein said.

“There is no free pass to violate American laws merely because they do so under the protection of a foreign state.”

The RCMP had no immediate comment on the U.S. charges or the allegations involving Canadian companies.

Worsening tensions after Meng arrest?

The timing of the court action may worsen tensions between Western governments and Beijing after the arrest of Meng Wanzhou, the chief financial officer of Chinese telecommunications giant​ Huawei Technologies, in Canada at the request of the United States.

Not long after Meng’s arrest, Chinese officials confirmed two Canadian men — Michael Spavor and Michael Kovrig — were detained in China on national security concerns.

Michael Spavor and former Canadian diplomat Michael Kovrig were taken into custody in China this month, according to Chinese officials. (Associated Press/ International Crisis Group/Canadian Press)

Sarah McIver, a third Canadian, was also recently taken into custody in China, but her arrest does not appear to be related to the detention of two others, Prime Minister Justin Trudeau said Wednesday.

Britain and New Zealand both condemned the alleged Chinese-backed global hacking campaign after the charges were announced.

“This campaign shows that elements of the Chinese government are not upholding the commitments China made directly to the UK in a 2015 bilateral agreement,” the British government said in a statement.

Severe cyberthreat​

Last week, officials from the U.S. Justice Department, the FBI and the Department of Homeland Security testified to the Senate judiciary committee that China is working to steal trade secrets and intellectual property from U.S. companies in order to harm America’s economy and further its own development.

Chinese espionage efforts have become “the most severe counterintelligence threat facing our country today,” Bill Priestap, assistant director of the FBI’s counterintelligence division, told the committee.

In the last several months, the Justice Department has filed charges against several Chinese intelligence officials and hackers. A case filed in October marked the first time that a Chinese Ministry of State Security officer was extradited to the United States to stand trial.

Zhu and Zhang were charged with spying on some of the world’s largest companies by hacking into technology firms to which they outsource email, storage and other computing tasks, starting in 2014.

Over the past several years, as companies around the globe have sought to cut down information technology spending, they have increasingly relied on outside contractors to store and transfer data.

When a managed service provider is hacked, it can provide attackers access to secondary victims who are customers of that company and have their computer systems connected to them, according to experts.

With files from CBC News, Reuters and The Canadian Press, AP


Please enter your comment!
Please enter your name here