US Charges Chinese Hackers and Government Officials in Broad Cybercrime Campaign
A US Attorney's office announced today that it has charged 12 Chinese nationals, including mercenaries hackers, law enforcement officers, and employees of a private hacking company, in connection with global cybercrime campaigns targeting dissidents, news organizations, US agencies, and universities.
The indictments, filed in New York and Washington, add new detail to what US officials say is a booming hacking-for-hire ecosystem in China, where private companies and contractors are paid by the Chinese government to target victims of particular interest to Beijing. This arrangement is meant to provide Chinese state security forces with cover and deniability.
A Sweeping Array of Computer Breaches
The indictments charge eight leaders and employees of a private hacking company known as I-Soon, which was founded in Shanghai in 2010 by Wu Haibo. Wu is accused in the indictment of overseeing and directing hacking operations that targeted a wide range of governments, dissidents, religious organizations, and media outlets based in the US.
The targets included Chinese dissidents living in the US, the Defense Intelligence Agency, and a research university. In some cases, the hackers were directed by China's Ministry of Public Security to task certain assignments, while in other instances they acted at their own initiative and tried to sell the stolen information to the government.
The company charged the Chinese government an estimated $10,000 to $75,000 for each email inbox it successfully hacked, officials said. The indictment provides new insights into I-Soon's activities targeting a wide range of targets, including individual critics of China living in the US.
A For-Profit Hacking Campaign
A separate indictment charges two other Chinese hackers, identified as Yin Kecheng and Zhou Shuai, in a for-profit hacking campaign that targeted victims including US technology companies, think tanks, defense contractors, and healthcare systems.
Among the targets was the US Treasury Department, which disclosed a breach by Chinese actors late last year in what it called a "major cybersecurity incident." The Treasury Department announced sanctions Wednesday in connection with the hacking, and the State Department announced multimillion-dollar rewards for information about the defendants.
The Broader Picture
The indictment "proved the close ties and interaction among China's first generation patriotic hackers," said Mei Danowski, a cybersecurity analyst who wrote about I-Soon on her blog, Natto Thoughts. They "all turned to entrepreneurs now — doing businesses with the governments and making profits through other means."
China's hacking industry rose in the early days of the internet, when Wu and other Chinese hackers declared themselves "red hackers" — patriots who offered their services to the Chinese Communist Party, in contrast to the anti-establishment ethos popular among many coders.
Reaction from China
A spokesperson for the Chinese Foreign Ministry on Thursday denied the charges, calling the US "hypocritical" and pointing to US cyberattacks on China. "China firmly opposes the groundless accusation made by the US and urges the US to immediately stop abusing sanctions," Lin Jian said at a press conference in Beijing.
Phone numbers listed for I-Soon on a Chinese corporate registry rang unanswered, and I-Soon representatives did not immediately respond to an AP email requesting comment. The company has been suffering but is still in operation, according to Chinese corporate records, with downsized operations and a changed address.
Cybersecurity Experts React
"Apparently i-SOON companies have been struggling to survive," Danowski wrote on her blog. "To Chinese state agencies, a company like i-SOON is disposable."
The indictments highlight the growing threat from China's hacking-for-hire ecosystem and underscore the need for increased cooperation between governments to combat this threat.