Thursday, December 27, 2018

FBI accuses hackers of stealing U.S. identities, trade secrets for China



A MASSIVE hacking operation allegedly by China was revealed in indictments against two men for hacking attacks on the U.S. Navy and on NASA, and who also stole information from private companies in 12 different countries

The unsealing of an indictment in the Manhattan federal court charged Zhu Hua and Zhang Shilong, both nationals of the People’s Republic of China, with conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and aggravated identity theft was announced 
Dec. 20.

DOJ officials say Zhu and Zhang were members of a hacking group operating out of China known in the cyber security community as Advanced Persistent Threat 10 (the APT10 Group). The defendants worked for a company in China called Huaying Haitai Science and Technology Development Company (Huaying Haitai) and acted in association with the Chinese Ministry of State Security’s Tianjin State Security Bureau. 

Zhu Hua and Zhang Shilong
“The indictment alleges that the defendants were part of a group that hacked computers in at least a dozen countries and gave China’s intelligence service access to sensitive business information,” said Deputy Attorney General Rosenstein. “This is outright cheating and theft, and it gives China an unfair advantage at the expense of law-abiding businesses and countries that follow the international rules in return for the privilege of participating in the global economic system.”

Through their involvement with the APT10 Group, from at least in or about 2006 up to and including in or about 2018, Zhu and Zhang conducted global campaigns of computer intrusions targeting, among other data, intellectual property and confidential business and technological information at managed service providers (MSPs), which are companies that remotely manage the information technology infrastructure of businesses and governments around the world, more than 45 technology companies in at least a dozen U.S. states, and U.S. government agencies. 

According to court documents, the APT10 Group targeted a diverse array of commercial activity, industries and technologies, including aviation, satellite and maritime technology, industrial factory automation, automotive supplies, laboratory instruments, banking and finance, telecommunications and consumer electronics, computer processor technology, information technology services, packaging, consulting, medical equipment, healthcare, biotechnology, pharmaceutical manufacturing, mining, and oil and gas exploration and production. 

According to a statement by Hua Chunying, spokeswoman for the Ministry of Foreign Affairs, called the charges a defamation and false, then turned around and accused U.S. agencies of the same crimes.

'It has long been an open secret that U.S. federal agencies hacked and monitored foreign governments, companies and individuals', Hua said.

In or about 2006, members of the APT10 Group, including Zhu and Zhang, accessed the computers and computer networks of more than 45 technology companies and U.S. government agencies, in order to steal information and data concerning a number of technologies (the Technology Theft Campaign). 

Through the Technology Theft Campaign, the APT10 Group stole hundreds of gigabytes of sensitive data and targeted the computers of victim companies involved in aviation, space and satellite technology, manufacturing technology, pharmaceutical technology, oil and gas exploration and production technology, communications technology, computer processor technology, and maritime technology.

The victimized companies included: a global financial institution, three telecommunications and/or consumer electronics companies; three companies involved in commercial or industrial manufacturing; two consulting companies; a healthcare company; a biotechnology company; a mining company; an automotive supplier company; and a drilling company.

Finally, the APT10 Group compromised more than 40 computers in order to steal sensitive data belonging to the Navy, including the names, Social Security numbers, dates of birth, salary information, personal phone numbers, and email addresses of more than 100,000 Navy personnel.

If found guilty, Zhu and Zhang could face up to 27 years in prison. However, because there is no extradition agreement between the U.S. and China, the two men would likely never serve their sentences.
_______________________________________________________________________________

No comments:

Post a Comment