U.S. Charge Four Chinese Hackers, while China said itself a major victim of Cyberattacks

July 19, the US Department of Justice made public the names of four Chinese hackers, three of whom are from China’s Ministry of State Security and one of whom is affiliated with a front company–Hainan Xiandun Technology Development. They are accused of hacking into the computer systems of dozens of companies, universities and governments in the US and abroad between 2011 and 2018. They are charged with conspiracy to commit computer fraud and economic espionage.

A federal grand jury in San Diego, Califonia, handed down indictments in May, agreeing to indict four Chinese hackers.

According to an unclassified document of Ministry of Justice, the named of these four are Ding Xiaoyang, Cheng Qingmin, Zhu Yunmin and Wu Shurong. The first three come from the State Security Department in Hainan province, who coordinates, assists and manages hackers and linguists to carry out cyberattacks in China’s favor. The fourth defendant, Wu Shurong, was a hacker affiliated with a company called Hainan Xiandun Technology Development Co., Ltd., responsible for creating malicious software to break into the computer systems of foreign governments, companies and universities, and directing other hackers.

The justice department said in a statement, they conspired to invasion by hacking objects including the United States, Canada, Germany, Austria, Cambodia, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland and the United Kingdom, and the invasion of industries including aerospace, defense, education, government, health care, biological pharmaceutical and maritime domain.

The indicted are each charged with one count of conspiracy to commit computer fraud, which carries a maximum sentence of five years, and one count of conspiracy to commit economic espionage, which carries a maximum sentence of 15 years. The US Federal Bureau of Investigation has issued arrest warrants for the four hackers linked to China’s Hainan Guoan.

Gao Guangjun, a practicing lawyer in New York, said in an interview that the F.B.I. ‘s wanted warrants, which are even more powerful than Interpol’s “red list,” are enforced in countries that have mutual legal assistance with the United States, as exemplified by Ms. Meng.

Gao Guangjun: Judicial sentence is a very severe matter for many people. In other words, once there is a sentence, they must execute it. Then the remaining question is, how to implement it? There are many ways to enforce it. If the U.S. government must enforce this, then the person who made this judgment may only stay in China forever. Once he goes out to any other place, he will be threatened. The United States and Southeast Asian countries, Thailand, the Philippines, and all these countries, including South Korea and Japan, have judicial cooperation. If the FBI has a wanted person, if they want to arrest this person, of course.

Documents from the U.S. Department of Justice describe these hackers from China’s National Security Bureau. They coordinated hacking activities with university faculty and professors in Hainan and other parts of China. These universities not only assisted the Hainan Provincial Department of National Security in finding and recruiting hackers and linguists, but also Including colleagues from foreign universities. A university in Hainan also has personnel to assist in the support and management of “Hainan Xiandun”, including being responsible for salary, benefits, and address.

The trade secrets and secret business information stolen by it, including sensitive technologies used in submersibles and autonomous vehicles, special chemical formulas, commercial aircraft services, patented genetic sequencing, and support for Chinese state-owned enterprises to obtain foreign contracts, such as large high-speed rail Development project. As for research institutions and universities, the stolen included research on infectious diseases related to Ebola, Middle East Respiratory Syndrome, HIV, Marburg virus and Tularemia.

The Southern District of California Attorney Randy Grossman pointed out, “The indictment shows that the Chinese government chooses to deceive and steal, rather than relying on innovation. These crimes threaten our economy and national security. This indictment demonstrates the commitment of the Department of Justice. Harmony-Individuals and countries who steal the ideas and achievements of our country’s talents will be held accountable.”

About all this, the Chinese diplomatic mission in Brussels said China was itself a major victim of cyberattacks, citing an official 2020 report which said about 5.31 million hosts on the Chinese mainland were controlled by about 52,000 overseas servers, severely harming China’s national security, economic and social development, as well as people’s lives.

According to the embassy statement, the top three servers in terms of the number of compromised Chinese hosts were all located in Nato member states, controlling 4.46 million, 2.15 million and 1.94 million hosts respectively.

China urged the countries concerned to adhere to international norms on cyberspace and take immediate and concrete measures to investigate and stop malicious cyber activities, it said. “Politicisation and stigmatisation do no good to solve cybersecurity issues, but weaken mutual trust and cooperation.”

Chinese diplomatic missions in Norway, Canada, Britain, New Zealand and the US issued similar remarks. China’s embassy in Washington called its allegations of cyber espionage irresponsible, ill-intentioned and lacking in evidence.

Liu Pengyu, the spokesman of embassy, said “The Chinese government and relevant personnel never engage in cyberattacks or cyber theft. And we urge the US to immediately stop its ‘empire of hacker’ campaign and stop illegally damaging other countries’ interests and security.”

This Monday, The United States, along with NATO, the European Union, the United Kingdom, Japan, Canada, Australia and New Zealand specifically blamed China for a cyberattack in March that affected tens of thousands of organizations via Microsoft Exchange servers.   

This was a type of zero-day hack where a vulnerability is known to software vendors, but they do not yet have a patch in place to fix the flaw.   

White House press secretary Jen Psaki speaks during the daily briefing at the White House in Washington, July 19, 2021.

Asked by reporters why the U.S. hasn’t punished Beijing for the cyberattack, White House press secretary Jen Psaki replied that “we are not allowing any economic circumstance or consideration to prevent us from taking actions where warranted, and also, we reserve the option to take additional actions where warranted, as well.”

“This is not the conclusion of our efforts” concerning cyberattacks linked to China or Russia, Psaki added.

“This a big deal,” said Chris Painter, president of the Global Forum on Cyber Expertise Foundation Board, who was the State Department’s first cyber diplomat, explaining on Twitter that “the coalition of countries condemning China’s actions is unprecedented,” especially the inclusion of NATO.

The National Security Agency, the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation, in a joint advisory issued Monday, said they “have observed increasingly sophisticated Chinese state-sponsored cyber activity targeting U.S. political, economic, military, educational, and CI (critical infrastructure) personnel and organizations.”   

“This is really an unprecedented group of allies and partners holding China accountable,” a senior U.S. official said in a call with reporters prior to the public announcement.   

The U.S. agencies, in their public statement, said, “Chinese state-sponsored cyber actors consistently scan target networks for critical and high vulnerabilities within days of the vulnerability’s public disclosure” and use “a full array of tactics and techniques to exploit computer networks of interest worldwide and to acquire sensitive intellectual property, economic, political and military information.”