By: Denise Simon | Founders Code
Wonder if President Trump has called President Xi… The U.S. Treasury should at least sanction Guangzhou Bo Yu Information Technology Company Limited.
The Justice Department on Monday unsealed an indictment against three Chinese nationals in connection with cyberhacks and the alleged theft of intellectual property of three companies, according to US officials briefed on the investigation.
But the Trump administration is stopping short of publicly confronting the Chinese government about its role in the breach. The hacks occurred during both the Obama and Trump administrations.
The charges being brought in Pittsburgh allege that the hackers stole intellectual property from several companies, including Trimble, a maker of navigation systems; Siemens, a German technology company with major operations in the US; and Moody’s Analytics.
US investigators have concluded that the three charged by the US attorney in Pittsburgh were working for a Chinese intelligence contractor, the sources briefed on the investigation say. But missing from court documents filed in the case is any explicit mention that the thefts were state-sponsored.
A 2015 deal between then-President Barack Obama and Chinese President Xi Jinping prohibits the US and China from stealing intellectual property for the purpose of giving advantage to domestic companies.
In recent months some US intelligence agencies have concluded that China is breaking the agreement, sources briefed on the matter say. But there’s debate among intelligence officials about whether there’s sufficient evidence to publicly reveal the Chinese government’s role in the infractions, these people say.
Obama administration officials had touted the Obama-Xi agreement, as well as 2014 Justice Department charges against members of the Chinese People’s Liberation Army for commercial espionage, for reducing some of the Chinese cyberactivity against companies in the US.
But the 2015 Obama-Xi deal was met with skepticism inside the US agencies whose job it is to guard against Chinese cyberactivity targeting US companies. Some now say there was only a brief drop in the number of cyberspying incidents, if at all.
In the waning months of the Obama administration, intelligence officials briefed senior White House officials on information showing that the Chinese cyberattacks were back to levels previously seen, sources familiar with the matter told CNN. Early in the Trump administration, US intelligence officials briefed senior officials, including the President and vice president, as well as advisers Jared Kushner and Steve Bannon. More here.
Acting U.S. Attorney for Western Pennsylvania Soo C. Song charged Wu Yingzhuo, Dong Hao and Xia Lei with conspiracy to commit computer fraud and abuse, conspiracy to steal trade secrets, wire fraud and identity theft.
The most serious charge, wire fraud, carries a sentence of up 20 years in federal prison. Each conspiracy charge has a possible sentence of up to 10 years and the identity theft carries a sentence of up to two years.
The indictment alleged that Wu, Dong and Xia worked with Guangzhou Bo Yu Information Technology Company Limited, a Chinese cybersecurity firm in Guangzhou, but used their skills to launch attacks on corporations in the U.S.
Between 2011 and May 2017, the trio stole files containing documents and data pertaining to a new technology under development by Trimble, along with employee usernames and passwords and 407 gigabytes of proprietary data concerning Siemens’ energy, technology and transportation efforts, according to the indictment. The trio gained access to the internal email server at Moody’s Analytics and forwarded all emails sent to an “influential economist” working for the firm, the indictment stated. Those emails contained proprietary and confidential economic analyses, findings and opinions. The economist was not named in the indictment.
A Siemens spokesperson said that the company “rigorously” monitors and protects its infrastructure and continually detects and hunts for breaches. The company did not comment on the alleged breach by the Chinese hackers and declined to comment on internal security measures.
Michael Adler, a spokesman for Moody’s Analytics, said that to the company’s knowledge no confidential consumer data or other personal employee information was exposed in the alleged hack.
“We take information security very seriously and continuously review and enhance our cybersecurity defenses to safeguard the integrity of our data and systems,” Adler wrote in an email to the Tribune-Review.
Trimble, in a statement sent to the Trib, wrote that no client data was breached. The company concluded that the attack had no meaningful impact on its business.
Song, however, said the loss to the companies targeted was considerable.
“The fruit of these cyber intrusions and exfiltration of data represent a staggering amount of dollars and hours lost to the companies,” Song said.
Wu, Dong and Xia used “spearphish” emails to gain access to computers, spread malware to infect networks and covered their tracks by exploiting other computers known as “hop points.”
Hop points allow users to hide their identities and locations by routing themselves through third-party computer networks.
“But there were missteps that led our investigators right to them,” said FBI Special Agent in Charge Bob Johnson of the Pittsburgh office.
Johnson would not elaborate on the missteps the accused hackers took, claiming doing so could jeopardize future investigations.
The U.S. Attorney’s Office led the investigation and was assisted by the FBI’s Pittsburgh Division, the Navy Criminal Investigative Service Cyber Operations Field Office and the Air Force Office of Special Investigations.