U.S. Claim of Broad Spying Campaign Prompts Chinese Rebuke
(Bloomberg) -- The U.S. Justice Department announced indictments accusing Chinese officials of coordinating a decade-long espionage campaign to steal intellectual property and other data from dozens of companies, drawing a strong denial from China.
Two Chinese nationals, Zhu Hua and Zhang Shilong, were accused Thursday of coordinating with state security officials in an “extensive” hacking campaign, allegedly infiltrating 45 U.S. companies and government agencies, as well as other firms in more than a dozen countries.
China’s Foreign Ministry said the government has never participated in or supported individuals in stealing commercial secrets. The U.S. accusations are “baseless,” spokeswoman Hua Chunying said, and the charges against its citizens should be immediately withdrawn “so as to avoid serious damage to bilateral relations.”
U.S. Secretary of State Michael Pompeo and Homeland Security Secretary Kirstjen Nielsen said in a statement they were “concerned” that the alleged operation violated a 2015 agreement China made with the U.S. to stop supporting cyber theft of intellectual property and trade secrets.
The indictments against the two, unsealed in federal court in Manhattan on Thursday, underscore one of the primary U.S. grievances in the ongoing trade fight between the Trump administration and Beijing: the systematic theft of U.S. intellectual property and forced technology transfers from companies doing business in China.
Those complaints are a central issue in negotiations U.S. and China are working under a 90-day deadline President Donald Trump and Chinese President Xi Jinping set after agreeing Dec. 1 to halt additional tariffs and trade penalties. Since July, the two countries have imposed tariffs on a combined $360 billion in each other’s imports, a bruising conflict could undermine the global economy at a time when growth is leveling off.
The hackers, known in the cybersecurity community as Advanced Persistent Threat 10, stole information from companies in an array of industries, including banking and finance, telecommunications, biotechnology, automotive, health care and mining, according to the indictment.
The group hacked the U.S. Navy, making off with the personal data of more than 100,000 personnel, and successfully infiltrated computers linked to NASA’s Jet Propulsion Laboratory, the indictment said. Zhu and Zhang were indicted in abstentia.
Law enforcement officials stressed the threat Chinese hacking poses to the U.S. as they announced the charges.
“This is outright cheating and theft, and it gives China an unfair advantage at the expense of law-abiding businesses and countries that follow international rules,” Deputy Attorney General Rod Rosenstein said in a statement.
“The threats we face have never been more severe and more pervasive and more potentially damaging to our national security, and no country poses a broader and more severe long-term threat to our nation’s economy and cyber infrastructure than China,” FBI Director Christopher Wray said at a news conference in Washington.
The U.K. Foreign Office joined in pressing the accusations, issuing a statement alleging that a group known as APT 10 acted on behalf of Chinese government “to carry out a malicious cyber campaign targeting intellectual property and sensitive commercial data in Europe, Asia and the U.S.”
The defendants named in the U.S. indictment worked for Huayhing Haitei Science and Technology Development Co. in Tianjin, China, and acted in coordination with the Chinese Ministry of State Security’s Tianjin State Security Bureau, according to court documents. Their group was also known as “Red Apollo,” “CVNX,” “Stone Panda” and other names, according to the indictment.
The group used a technique known as spear phishing, in which emails are sent pretending to be from legitimate addresses to targets with attached documents and files that would secretly install malware if opened, according to the U.S. That gives hackers access to the subject’s computer and allows them to steal user names and passwords, files and other information.
Zhu, Zhang and other hackers gained access to at least 90 computers belonging to commercial and defense technology companies and federal government agencies, in at least a dozen states -- including NASA’s Goddard Space Flight Center in Greenbelt, Maryland, and Jet Propulsion Laboratory in Pasadena, California, the U.S. said.
“It is galling that American companies and government agencies spent years of research and countless dollars to develop their intellectual property, while the defendants simply stole it and got it for free,” U.S. Attorney Geoffrey Berman in Manhattan said at the news conference. “We cannot, and will not, allow such brazen thievery to go unchecked.”
Prosecutors said in court filings that while the group used similar tools and methods in all its campaigns, the hackers increasingly strengthened their ability to breach network defenses as part of a “continuous and unrelenting effort” to steal technology and other information.
Starting in 2014, members of the group attempted to access computers and networks of managed service providers, which remotely manage information technology for businesses and governments worldwide, in order to break into their clients’ systems and steal “intellectual property and confidential business data on a global scale.”
That campaign included the hack of one managed service provider with offices in New York that compromised the data of the provider and clients located in a dozen countries involved in industries including banking and finance, consumer electronics and oil and gas exploration, prosecutors said.
Treasury Secretary Steven Mnuchin, speaking Thursday on Fox Business Network, said the case was unrelated to ongoing trade negotiations with China, but that cyber-security has consistently been part of the talks.
“The DOJ action is separate from the trade discussions,” Mnuchin said. “But as the administration we are clearly very focused on making sure that we protect American technology. This will be a separate dialogue but something that’s important to resolve.”
China’s foreign ministry also levied its own accusations of U.S. hacking, with Hua saying it’s an “open secret” that U.S. government departments have long engaged in “large-scale and organized cyber espionage and surveillance activities against foreign governments, enterprises and individuals.”
Fed Chairman Jerome Powell said this week the tit-for-tat tariffs are one of the factors the central bank is monitoring amid signs of slowing global growth.
The prospect of a deal has been clouded by the arrest in Canada of Huawei executive Meng Wanzhou, who the U.S. accuses of helping the telecom company evade sanctions against Iran.
©2018 Bloomberg L.P.