DoJ Indictment Accuses China of Hacking COVID-19 Data

July 21, 2020

DoJ Indictment Accuses China of Hacking COVID-19 Data

As some congressional Republicans urge the Trump administration to get tougher on hackers sponsored by the Chinese government, the Department of Justice today announced indictments against two Chinese individuals who allegedly stole trade secrets for China.

The indictments announced today were filed under seal on July 7 at U.S. District Court for the Eastern District of Washington. They charge Li Xiaoyu and Dong Jiazhi with 11 criminal counts related to a global hacking operation that targeted, among other things, COVID-19 research.

"The defendants in some instances acted for their own personal financial gain," DoJ said, and they also worked for the Chinese government's Ministry of State Security (MSS).

The defendants "conducted a hacking campaign lasting more than 10 years to the present, targeting companies in countries with high technology industries, including the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom," DoJ said. "More recently, the defendants probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments."

The indictment also alleges that the defendants helped the Chinese government conduct cyber attacks and surveillance on human-rights advocates and Chinese dissidents.

"The activities outlined in the indictment are concrete examples of two concerning trends: First, and one we've seen for some time, China is using cyber-enabled theft as part of a global campaign to `rob, replicate, and replace' non-Chinese companies in the global marketplace, and second, and one that is perhaps less appreciated by the public and international partners, China is providing a safe haven for criminals who, as in this case, are hacking in part for their own personal profit but willing to help the state," said John Demers, assistant attorney general-national security.

"These intrusions are yet another example of China's brazen willingness to engage in theft through computer intrusions contrary to their international commitments," Mr. Demers added.

The case originated in eastern Washington because one of the early victims identified by authorities was the Department of Energy's Hanford Site. The indictments were sealed because U.S. authorities wanted time to obtain arrest warrants and make arrangements with their international law enforcement partners, court documents indicate.

"To gain initial access to victim networks, the defendants primarily exploited publicly known software vulnerabilities in popular web server software, web application development suites, and software collaboration programs. In some cases, those vulnerabilities were newly announced, meaning that many users would not have installed patches to correct the vulnerability. The defendants also targeted insecure default configurations in common applications," DoJ said.

Charges against the defendants include conspiracy to commit computer fraud, conspiracy to commit theft of trade secrets, conspiracy to commit wire fraud, unauthorized access of a computer, and aggravated identity theft. The Chinese Foreign Ministry had no immediate comment on the case but has generally denied that the Chinese government conducts cyber-enabled trade secret theft.

The indictments follow a pattern of DoJ using the courts to call out state-sponsored hackers, even when those defendants are unlikely to be arrested. "These charges reflect the department's continued determination and ability to hold individuals and nations accountable for cyber-enabled crimes. In addition to disrupting the activities of a group that was not being tracked as an organized threat by the private sector, we hope the indictment will raise broader awareness of China's malicious cyber activities," Mr. Demers said.

In Congress, meanwhile, some Republicans are hoping the Trump administration will rely more heavily on sanctions to deter state-sponsored cyber theft. Reps. Greg Walden (R., Ore.), Michael McCaul (R., Texas), and Patrick McHenry (R., N.C.) wrote to President Trump yesterday to urge the use of sanctions against the People's Republic of China (PRC).

"We applaud your administration's work to ramp up the investigation and prosecution of these cyber criminals. To send a clear message to the PRC, however, we also encourage you to consider utilizing your ability under existing authorities to sanction PRC-linked hackers, as your administration has repeatedly against other foreign persons. To date, Treasury has not sufficiently imposed such sanctions on PRC actors for cyber attacks on Americans or those entities in the PRC that benefit from cyberenabled theft of intellectual property, but we believe the time may be ripe for considering such action," they said.

Rep. Walden is ranking member of the House Energy and Commerce Committee, Rep. McCaul is ranking member of the Foreign Affairs Committee, and Rep. McHenry is ranking member of the Financial Services Committee.

Sanctions were also advocated by Rep. Kevin McCarthy (R., Calif.), the House Republican leader, who introduced legislation today that would provide more authority to impose sanctions on governments that sponsor hackers seeking COVID-19 data. The Defend COVID Research from Hackers Act "would help protect American advancements toward the development of a COVID-19 vaccine from hackers and hold those that attempt to commit these cyber crimes accountable," he said. -- Tom Leithauser, tom.leithauser@

Copyright ? 2020 CCH Incorporated, All Rights Reserved

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download