U.S. Charges Chinese Hackers and Government Officials in Broad Cybercrime Campaign
Washington D.C. - In a significant development, the U.S. Department of Justice has charged 12 Chinese nationals, including mercenary hackers, law enforcement officers, and employees of a private hacking company, with global cybercrime campaigns targeting dissidents, news organizations, U.S. agencies, and universities.
The indictments, filed in New York and Washington, add new detail to what U.S. officials say is a booming hacking-for-hire ecosystem in China, where private companies and contractors are paid by the Chinese government to target victims of particular interest to Beijing. This arrangement allows Chinese state security forces to maintain cover and deniability for their operations.
Booming Hacking-For-Hire Ecosystem
The U.S. government has warned of an increasingly sophisticated cyber threat from China, including a hack last year of telecom firms called Salt Typhoon that gave Beijing access to private texts and phone conversations of an unknown number of Americans, including U.S. government officials and prominent public figures.
One indictment charges eight leaders and employees of a private hacking company known as I-Soon with conducting a sweeping array of computer breaches around the world meant to suppress speech, locate dissidents, and steal data from victims. Among those charged is Wu Haibo, who founded I-Soon in Shanghai in 2010 and was a member of China's first hacktivist group, Green Army.
Targeting Dissidents and Media Outlets
The indictment reveals that I-Soon targeted a wide range of Chinese dissidents, religious organizations, and media outlets based in the U.S., including a newspaper identified as publishing news related to China and opposed to the Chinese Communist Party. Other targets included individual critics of China living in the U.S., the Defense Intelligence Agency, and a research university.
The intended targets were in some cases directed by China's Ministry of Public Security - two law enforcement officers were charged with tasking certain assignments - but in other instances, the hackers acted at their own initiative and tried to sell the stolen information to the government afterward, the indictment says. The company charged the Chinese government the equivalent of between approximately $10,000 and $75,000 for each email inbox it successfully hacked.
Separate Indictment Charges Additional Hackers
A separate indictment charges two other Chinese hackers, identified as Yin Kecheng and Zhou Shuai, in a for-profit hacking campaign that targeted victims including U.S. technology companies, think tanks, defense contractors, and health care systems.
Among the targets was the U.S. Treasury Department, which disclosed a breach by Chinese actors late last year in what it called a "major cybersecurity incident." The Treasury Department announced sanctions Wednesday in connection with the hacking, and the State Department announced multimillion-dollar rewards for information about the defendants.
A Complex Web of Hacking Contractors
I-Soon is part of a sprawling industry in China, documented in an AP investigation last year, of private hacking contractors that steal data from other countries to sell to the Chinese authorities. Over the past two decades, Chinese state security's demand for overseas intelligence has soared, giving rise to a vast network of these private hackers-for-hire companies that have infiltrated hundreds of systems outside China.
China's hacking industry rose in the early days of the internet, when Wu and other Chinese hackers declared themselves "red hackers" - patriots who offered their services to the Chinese Communist Party, in contrast to the anti-establishment ethos popular among many coders. The indictment "proved the close ties and interaction among China's first generation patriotic hackers," said Mei Danowski, a cybersecurity analyst.
A Struggling but Still Operational Company
Since I-Soon documents were leaked online last year, the company has been struggling but is still in operation, according to Chinese corporate records. They've downsized and moved offices. "Apparently i-SOON companies have been struggling to survive," Danowski wrote on her blog.
"To Chinese state agencies, a company like i-SOON is disposable." This sentiment highlights the precarious nature of private hacking contractors in China, who can be discarded or abandoned at will, as long as they continue to provide valuable services to the government.