US indicts three Chinese nationals for alleged cyberattacks

Share on Twitter
Share on Google+
Share on LinkedIn
企业安全歌,唱红中国,唱响全球
Share on Reddit
Federal prosecutors unsealed an indictment against three Chinese nationals this week in a US District Court, accusing them of hacking into at least three multinational corporations over the past seven years.
The eight-count indictment accuses Wu Yingzhuo, Dong Hao, and Xia Lei of conspiracy to commit computer fraud and abuse, trade secret theft, wire fraud and aggravated identity theft against Siemens AG, Moody’s Analytics, and Trimble, a geospatial technology firm. Siemens is a major contractor for US critical infrastructure.
The indictment doesn’t mention the Chinese government directly, but it does mention the UPS Backdoor malware the defendants allegedly used, which has been linked to the government.
The three worked for what is nominally an internet security firm called Guangzhou Bo Yu Information Technology (Boyusec). Wu and Dong are founding members and equity shareholders of the company, while Xia is an employee.
The indictment alleges that in 2014 the hackers broke into the network of Siemens and stole employee user names and passwords and 407GB of data relating to the company’s energy, technology, and transportation businesses – all of which fall under the “critical infrastructure” heading.
In the case of Moody’s, the hackers placed a rule on an email server that caused all messages sent to a prominent company economist to be forwarded to a dummy account created by the attackers.
While the indictment only described the economist as “Employee A,” the Wall Street Journal reported that most of the rumors point to Mark Zandi, “chief economist” at the firm who, “has frequently been cited by congressional Democrats and Obama administration officials.”
Against Trimble, the hackers allegedly stole data on a Global Navigation Satellite Systems (GNSS) product that the company had spent three years and millions of dollars developing.
While the technology apparently has no military application, Reuters reported that an anonymous US official said the Chinese government could have been interested in using it to track dissidents, Chinese citizens who are overseas and foreign spies.
Sophos Home
Free home computer security software for all the family
Learn More
Ars Technica notes that an anonymous group called Intrusion Truth published a report in May claiming that Boyusec was a front for APT3 – one of the hacking units of the People’s Liberation Army. Also, a few days later, security firm Recorded Future reported that APT3 – which is also known as Gothic Panda, Buckeye, UPS Team, and TG-0110 – worked directly for China’s Ministry of State Security.
信息安全管理者需要像营销天才一样,向员工推销您组织的信息安全政策。
That is significant, given that, according to the indictment, the hacking began no later than 2011 and continued until at least May 2017 – nearly two years after President Obama and Chinese President Xi Jinping announced, with considerable fanfare, an agreement aimed at curbing economic espionage.
According to the White House press release, dated 25 September 2015:
Neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.
Of course, that carefully worded language contained holes – major holes. It refers only to the governments of both countries – not their private sectors. And saying the government will not “knowingly support” something is obviously not a promise that it will take steps to stop it.
Besides a flurry of news stories about the indictment, what does this all mean?
Almost certainly very little. The defendants are out of the reach of US law enforcement. President Trump is trying to get Xi to assist in putting pressure on North Korea, and is very unlikely to want to jeopardize that by making an issue out of IP theft.
Indeed, if history is any guide, all this is likely to do is generate a few denials and veiled threats from China’s leaders.
Back in 2014, US prosecutors indicted five military officers from the notorious People’s Liberation Army (PLA) hacking unit 61398.

China warned it would retaliate if the US pressed the issue. And that was pretty much that.
Which is the way Kevin Murray, director at Murray Associates, a counter espionage consultancy, sees this case playing out. Does the indictment mean anything significant will happen? “No,” he said, offering a brief history lesson.
Go back 1,000 years, remembering that the Chinese invented things like silk, gunpowder, paper. All this intellectual property was stolen from them. At that time, the law in China was that if you engaged in it, that was your life. But it still got stolen. So now they’re getting back at us. And we’re trying to replicate what they did by punishing the criminal. Is it going to help? No.
Murray said if those responsible for protecting IP faced charges, “then you’d see some changes.”
But whoever gets prosecuted, things are unlikely to change. A report earlier this year by Cybereason, on compliance with the US/China agreement, noted that monitoring it is increasingly difficult due to a trend toward nation states “outsourcing” cyberespionage to private firms.
According to the report:
数据分级时有制定数据的“所有者”及给敏感数据分级,按照分级的要求制定严格的访问控制策略,基本的思想是最小特权原则和权限分离原则。

猜您喜欢

奔凯安全(834451)专注信息安全 打造智慧安全专家
中小零售商要特别小心在线诈骗
网络安全法网络宣传片 002 国家网络安全的现状与重要性概述
习近平倡导厕所革命 /n.q?query=%CF%B0%BD%FC%C6%BD%B3%AB%B5%BC%B2%DE%CB%F9%B8%EF%C3%FC&mode=1&p=42010301
TESTBIENE FLORIDAORLANDOTICKETS
信息安全宣传活动策划案