The Justice Department harshly criticized the Chinese Communist Party for allegedly allowing cybercriminals to operate freely in China in announcing new charges against five Chinese nationals for a host of thefts targeting companies in the United States and worldwide.
“The Department of Justice has used every tool available to disrupt the illegal computer intrusions and cyberattacks by these Chinese citizens,” Deputy Attorney General Jeffrey Rosen said Wednesday. “Ideally, I would be thanking Chinese law enforcement authorities for their cooperation in this matter, and the five Chinese hackers would now be in custody awaiting trial. … Regrettably, the Chinese Communist Party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China.”
The Justice Department revealed in a press release that in August 2019 and last month, a federal grand jury in Washington, D.C., returned two separate indictments charging the five Chinese hackers “with computer intrusions affecting over 100 victim companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.” The Justice Department identified the Chinese hackers as being part of Advanced Persistent Threat 41, a China-based hacker group also variously known by “Barium” and “Wicked Panda,” which “facilitated the theft of source code, software code signing certificates, customer account data, and valuable business information.”
Law enforcement said the computer intrusions by the five hackers “also facilitated the defendants’ other criminal schemes, including ransomware and ‘crypto-jacking’ schemes, the latter of which refers to the group’s unauthorized use of victim computers to ‘mine’ cryptocurrency.” The Justice Department blamed the Chinese hackers for millions of dollars in losses. The crimes they are charged with include racketeering conspiracy, with a sentence of up to 20 years in prison, conspiracy to commit computer fraud, with up to five years in prison, and intentional damage to a protected computer, which carries up to 10 years in prison.
The Justice Department also said last month a third indictment charged “two Malaysian businessmen who conspired with two of the Chinese hackers to profit from computer intrusions targeting the video game industry in the United States and abroad.” After arrest warrants were issued, Malaysian authorities arrested the duo, and they currently await extradition to the U.S. The Justice Department said that unlike China, the U.S. “appreciates the significant cooperation and assistance provided by the Government of Malaysia” in arresting the alleged criminals.
“We know the Chinese authorities to be at least as able as the law enforcement authorities here and in like-minded states to enforce laws against computer intrusions. But they choose not to. But know this: No country can be respected as a global leader while paying only lip service to the rule of law and without taking steps to disrupt brazen criminal acts like these. No responsible government knowingly shelters cybercriminals that target victims worldwide in acts of rank theft,” Rosen said. “Responsible nations not only condemn criminal conduct, they root it out and punish it. Responsible nations disavow criminals within their borders and bring them to justice. Responsible nations work with other countries’ law enforcement authorities and ensure that justice is served in a court of law. The People’s Republic of China has done none of these things.”
In addition to issuing arrest warrants, the Justice Department said D.C.’s district court issued seizure warrants to allow the recent takedown of “hundreds of accounts, servers, domain names, and command-and-control ‘dead drop’ web pages used by the defendants to conduct their computer intrusion offenses.” The FBI said it “executed the warrants in coordination with other actions by several private-sector companies, which included disabling numerous accounts for violations of the companies’ terms of service” and that “in partnership with the department, Microsoft developed and implemented technical measures to block this threat actor from accessing victims’ computer systems.” The FBI said it “has also released a Liaison Alert System report that contains critical, relevant technical information collected by the FBI for use by specific private-sector partners.”
Besides thanking Microsoft’s Threat Intelligence Center and Digital Crimes Unit, the Justice Department also said it was assisted by Facebook, Google’s Threat Analysis Group, and Verizon Media’s Paranoids Advanced Cyber Threats Team.
“The scope and sophistication of the crimes in these unsealed indictments is unprecedented. The alleged criminal scheme used actors in China and Malaysia to illegally hack, intrude, and steal information from victims worldwide,” said Michael Sherwin, the acting U.S. attorney for the District of Columbia. “As set forth in the charging documents, some of these criminal actors believed their association with the PRC provided them free license to hack and steal across the globe. This scheme also contained a new and troubling cybercriminal component – the targeting and utilization of gaming platforms to both defraud video game companies and launder illicit proceeds.”
“The Chinese government has the power to help stop crimes like these,” Rosen said Wednesday. “The Chinese Government has made a deliberate choice to allow its citizens to commit computer intrusions and attacks around the world because these actors will also help the PRC.”
The FBI and the Department of Homeland Security warned in May that Chinese hackers were targeting coronavirus vaccine research in the U.S., and in July, the Justice Department accused two Chinese hackers of seeking to hack into the computer systems of hundreds of victim companies, governments, nongovernmental organizations, and individual dissidents, clergy, and democratic and human rights activists in the U.S. and abroad with assistance from Beijing’s state security apparatus.
Microsoft said last week that Chinese, Russian, and Iranian hackers have been targeting people and organizations tied to the presidential election.
