WASHINGTON -- U.S. officials say two Chinese citizens acting on behalf of their country's main intelligence agency carried out an extensive hacking campaign to steal data from private companies, military service members and government agencies in the United States and nearly a dozen other nations. It was the latest in a series of Justice Department indictments targeting cyberespionage from Beijing.
The two are accused of breaching computer networks in a broad array of industries, including aviation and space, banking and finance, oil and gas exploration and pharmaceutical technology. Prosecutors say they also compromised the names, Social Security numbers and other personal information of more than 100,000 Navy personnel.
Prosecutors said the suspects stole "hundreds of gigabytes" of data, breaching computers of more than 45 entities in 12 states including NASA's Jet Propulsion Lab and Goddard Space Center. The suspects, identified as members of the group APT10, or "Stone Panda," are not in custody. Prosecutors said their names are Zhu Hua and Zhang Shillong.
U.S. law enforcement officials described the case as part of a trend of state-sponsored hackers breaking into American networks and stealing technological secrets and confidential and valuable information in a range of industries. More than 90 percent of Justice Department economic espionage cases over the last seven years involve China, said Deputy Attorney General Rod Rosenstein, and more than two-thirds of trade secrets cases are connected to the country.
"China's state-sponsored actors are the most active perpetrators of economic espionage," FBI Director Chris Wray said Thursday in announcing the case. "While we welcome fair competition, we cannot and will not tolerate illegal hacking, stealing or cheating."
The indictment filed in New York's Southern District describes how in recent years, as government agencies and corporations have shifted data to cloud computing providers and services including email and collaboration tools to tech service providers, the Stone Panda hackers followed, typically stealing the log-in credentials of system administrators in order to reach coveted proprietary data of clients.
Wray likened it to "breaking into and getting the keys from the maintenance department."
The indictment says the Chinese hackers sometimes deleted files they stole seeking to avoid detection.
Last week, officials from the Justice Department, the FBI and the Department of Homeland Security testified to the Senate Judiciary Committee that China is working to steal trade secrets and intellectual property from U.S. companies in order to harm America's economy and further its own development. Those efforts have continued even after Beijing committed in 2015 to halting the theft of trade secrets following a first-of-its-kind indictment that accused Chinese hackers of stealing corporate data from U.S. companies.
"We want China to cease illegal cyber activities and honor its commitment to the international community, but the evidence suggests that China may not intend to live up to its promises," Rosenstein said.
In recent months, the Justice Department has filed cases against several Chinese intelligence officials and hackers. Hackers working for the Chinese government were revealed to be behind the cyberattack on the Marriott Hotel chain that collected personal details of about 500 million guests. And a Chinese intelligence official who groomed the employees of U.S. companies to steal trade secrets was arrested in Belgium and extradited to the United States in October to face espionage charges.
Chinese espionage efforts have become "the most severe counterintelligence threat facing our country today," Bill Priestap, the assistant director of the FBI's counterintelligence division, told the Senate committee.
As the U.S. was announcing its charges Thursday, the British government accused China of conducting a "widespread and significant" campaign of cyberespionage against the U.K. and its allies. The Foreign Office said a group known as APT 10 -- the same one cited by the U.S. -- carried out "a malicious cyber campaign targeting intellectual property and sensitive commercial data in Europe, Asia and the U.S."
It said the group "almost certainly continues to target a range of global companies, seeking to gain access to commercial secrets."
Chinese state-backed hacking dramatically escalated over the summer in response to the trade war with the U.S. and military tensions in the South China Sea, said Tom Kellermann, chief cybersecurity officer of Carbon Black, whose company's threat-hunting tool is used in global cyber investigations.
He credited the Justice Department with targeting a group that he said was China's "most prolific hacker crew." He said he was not optimistic that the pair would be prosecuted in the U.S., but that's not the point.
"The Chinese are operating on a 50-year plan of information dominance, a comprehensive national strategy, and it's high time we actually reacted," Kellermann said.
Information for this article was contributed by Michael Balsamo, Eric Tucker, Jill Lawless and Frank Bajak of The Associated Press and by Katie Benner, Julian E. Barnes and Glenn Thrush of The New York Times.
Business on 12/21/2018