The Justice Department accused 2 Chinese hackers on Tuesday of targeting vaccine development on behalf of the country’s intelligence service as part of a broader yearslong campaign of cybertheft aimed at an array of industries around the world including defence contractors, high-end manufacturing and solar energy companies.
Justice Department officials labelled the suspects, Li Xiaoyu and Dong Jiazhi, as a blended threat who sometimes worked on behalf of China’s spy services and sometimes worked to enrich themselves. The officials said that an indictment secured against them earlier this month and unsealed on Tuesday was the first to target such a threat.
American government officials said that the suspects had previously stolen information about other Chinese intelligence targets like human rights activists and, at the behest of China’s spy service, shifted focus this year to trying to acquire COVID-19 vaccine research.
The indictment came as the Trump administration has stepped up its criticism of Beijing, both for its theft of secrets and its failure to contain the spread of the coronavirus pandemic, and is a significant escalation of that campaign to denounce Beijing. The Justice Department said that China’s covert activity could potentially set back research efforts.
The accusations also came days after the United States and allied countries accused Russia of trying to steal information on vaccine development.
The Chinese embassy did not immediately respond to a request for comment. The suspects are unlikely to be brought to trial because China does not have an extradition treaty with the United States.
The charges were the latest in a continuing campaign by the Justice Department to secure indictments against private groups and intelligence officials involved in hacking campaigns as a deterrent and to raise awareness of the threat that such groups pose.
The suspects targeted hundreds of computer networks around the world and caused unnamed companies to lose hundreds of millions of dollars of intellectual property, according to the indictment. For example, the hackers stole research on radio and laser technology from a California defence firm and engineering drawings for a gas turbine from a company working in the United States and Japan, court papers showed.
Justice Department and FBI officials said the hackers were pursuing information and research about the coronavirus vaccine from American biotech firms but described it as an attempt; the indictment did not say they successfully stole information or research on the coronavirus vaccine.
The pair did attempt to hack a Massachusetts biotech firm researching a COVID-19 vaccine as early as Jan. 27, according to the indictment.
A few days later on Feb. 1, the pair tried to find vulnerabilities on the networks of a California biotech firm that had announced it was researching COVID-19 antiviral drugs. Then in May, Li probed a California diagnostic firm developing COVID testing kits.
While indictment named only two suspects, unlike the larger group of Russian hackers accused of seeking vaccine data, the Justice Department portrayed their work as far-reaching and long-running, stretching back at least to 2009.
American officials first detected the suspects five years ago when they stole a gigabyte of information including personnel and administrator accounts from a Department of Energy facility in Hanford, Washington, according to the indictment, which was filed in the Eastern District of Washington.
In some cases, the suspects attempted to extort money from companies, according to the indictment. In 2017, Li threatened to publish the source code of a Massachusetts software company if it did not give him $15,000 in cryptocurrency.
Like the Russian group, the Chinese hackers operated with the assistance of their country’s intelligence agencies. Their interests were broad, covering manufacturing firms, defence contractors, government agencies, game developers and medical device makers and recently grew to include information about coronavirus vaccine development and other COVID-19-related data.
The suspects also attempted to steal other information on Chinese activists for the Ministry of State Security, Beijing’s civilian spy agency, said John Demers, the assistant attorney general for national security.
The suspects handed over account information and passwords belonging to a Hong Kong community organiser, a former Tiananmen Square protester and a pastor of a Christian church in China.
“You can see by the variety of the hacks that they did how they were being directed by the government,” Demers said at a news conference in Washington, D.C. “Extorting someone for cryptocurrency is not something that the government is usually interested in, nor are criminal hackers are not usually interested in human rights activists and clergymen.”
In at least some cases, the Chinese intelligence service provided the hackers with software tools to break into some accounts.
For example, according to the indictment, after Li initially failed to break into the email service of a Burmese human rights group, according to the indictment. Targeting vulnerabilities in software unknown to the companies that made it or to security researchers, the malware was the kind that governments count among their most valuable hacking tools.
Trump administration officials, both in public speeches and classified briefings to Congress, have stepped up warnings about Chinese intelligence services and their campaign to both steal information and influence American politics.
The charges showed that the United States needs to use more tools to deter hacking attacks, particularly from China said Sen. Ben Sasse, R-Neb. and a member of the Senate Intelligence Committee. He and Sen. Chris Van Hollen, D-Md., have pushed a bill that would impose sanctions on foreigners who attempt to steal American intellectual property.
“This indictment reveals yet again that Chairman Xi leads an army of hackers that steal and attempt to steal — every single day, in almost every country and industry,” Sasse said, referring to President Xi Jinping of China.
Demers said an attempted breach can slow down research because it must be secured, but researchers also must make sure their data has not been corrupted or altered by the intruders. The government officials did not say they had evidence that such manipulation had occurred, however.
“Once someone is in your system, they cannot only take the data, they can manipulate the data,” Demers said. “So what you have to focus on is making sure through back up or other systems that nothing has changed about your data.”
The New York Times