Pages

Monday, May 19, 2014

Criminal charges brought against Chinese Army officials who hacked U.S. firms

Meet 'UglyGorilla,' 'KandyGoo' and 'WinXYHappy' - America's newest most wanted: Criminal charges brought against Chinese Army officials who hacked U.S. firms - but is there any real hope of prosecuting them?

 

  • The U.S. attorney general announced criminal charges Monday afternoon against five Chinese army officials who work in a top-secret Shanghai building that houses People's Liberation Army Unit 61398
  • An indictment from a Pennsylvania grand jury accuses them committing specific acts of cyber-espionage on behalf of their government
  • They allegedly used 'spearphishing' techniques to trick employees at five American companies and one labor union into giving them access to computer systems so they could steal trade secrets
  • The men named in the first-of-its-kind case, all now considered international fugitives, have never been to the United States where federal authorities could arrest them
  • US Steel Corp., Westinghouse, Alcoa, Allegheny Technologies, SolarWorld and the United Steelworkers Union were all targeted
  • The U.S. has asked for assistance in capturing the defendants but China quickly called the charges 'made up'
  • The White House said Monday that U.S. government agencies 'do not gather intelligence for the benefit of US companies'

The United States has brought first-of-its kind cyber-espionage charges against five Chinese military officials accused of hacking into U.S. companies to gain trade secrets.
According to the indictment announced Monday, the hackers targeted the U.S. nuclear power, metals and solar products industries and are accused of stealing trade secrets and economic espionage.
Their base of operations is People's Liberation Army Unit 61398, an elite cyber-crimes team that operates from a fortified building on the outskirts of Shanghai.
That military group, known there as the 'Comment Crew,' was the subject of a groundbreaking 2013 report from a U.S. security firm that tracked their activities online to Internet addresses assigned to a specific city block in China's financial capital.
The alleged victims identified Monday are Alcoa World Alumina, Westinghouse Electric Co., Allegheny Technologies, U.S. Steel Corp., United Steelworkers Union, and SolarWorld, Attorney General Eric Holder said Monday.
SCROLL DOWN FOR VIDEOS
'UglyGorilla,' an alias of Chinese army official Wang Dong, allegedly controlled the computers of U.S. victims after a gang of cyber-hackers gained access by sending users fake 'spearphishing' emails that contained links to malware
'UglyGorilla,' an alias of Chinese army official Wang Dong, allegedly controlled the computers of U.S. victims after a gang of cyber-hackers gained access by sending users fake 'spearphishing' emails that contained links to malware
epa04214253 An undated handout photograph made available by the US Federal Bureau of Investiigation (FBI) shows Sun Kailiang. Reports state on 19 May 2014 that  Sun Kailiang along with four other Chinese Army Officers are being sought by the FBI after they have been charged with hacking into US companies in the first cyber-espionage case of its kind.  EPA/FBI / HANDOUT BEST QUALITY AVAILABLE HANDOUT EDITORIAL USE ONLY
'KandyGoo' (R) tested malicious email messages and managed domain accounts used by the Chinese
'Jack Sun' (L), a Chinese Army captain, 'was observed both sending malicious emails and controlling victim computers,'  while 'KandyGoo' (R) tested malicious email messages and managed domain accounts used by the Chinese
epa04214251 An undated handout photograph made available by the US Federal Bureau of Investiigation (FBI) shows Wen Xinyu. Reports state on 19 May 2014 that  Wen Xinyu along with four other Chinese Army Officers are being sought by the FBI after they have been charged with hacking into US companies in the first cyber-espionage case of its kind.  EPA/FBI / HANDOUT BEST QUALITY AVAILABLE HANDOUT EDITORIAL USE ONLY
epa04214250 An undated handout photograph made available by the US Federal Bureau of Investiigation (FBI) shows Huang Zhenyu. Reports state on 19 May 2014 that Huang Zhenyu along with four other Chinese Army Officers are being sought by the FBI after they have been charged with hacking into US companies in the first cyber-espionage case of its kind.  EPA/FBI / HANDOUT BEST QUALITY AVAILABLE HANDOUT EDITORIAL USE ONLY
'WinXYHappy' may sound like an unoriginal Twitter handle, but it was the alias of an alleged Chinese army hacker (L) who controlled Americans' computer accounts while computer programmer 'hzy_lhx' (R) and others managed online domains after the People's Liberation Army got control of them
The defendants, identified in an indictment as Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, used online aliases including 'UglyGorilla,' 'WinXYHappy' and 'KandyGoo' to gain access to the American companies' computer systems, where they could collect business intelligence to tip negotiations and contract bidding in their Chinese rivals' favor. 
The men, according to the indictment, 'worked together and with others known and unknown to the Grand Jury for the PLA's [People's Lilberation Army's] General Staff, Third Department ... a signals intelligence component of the PLA.'
The charges have been described as unprecedented and dramatize a long-time Obama administration goal to prosecute state-sponsored cyber threats.
Assistant Attorney General for National Security John Carlin said during a news conference at the Justice Department that 'unit 61398 of the Chinese military' is the outfit behind the cyber attacks.
That unit was the subject of a damning February 2013 report from the U.S. security firm Mandiant, which found it was the most likely driving force behind hundreds, if not thousands of similar digital intrusions. 
The firm said last year that the office block where unit 61398 is housed has been linked to stolen technology blueprints, manufacturing processes, clinical trial results, pricing documents, negotiation strategies and other secret data from more than 100 companies.
The unit, known in China as the 'Comment Crew,' has also made incursions into the computer networks that control oil pipelines, power grids, water plants and other key pieces of infrastructure, Mandiant determined.
Unit 61398 is located in Shanghai's Pudong district – China's financial and banking hub – and is staffed by perhaps thousands of people proficient in English, computer programming and network operations, Mandiant said in its report.
Source of the attacks: People's Liberation Army unit 61398 is located in Shanghai's Pudong district and staffed by perhaps thousands of people proficient in English, computer programming and network operations, according to a bombshell 2013 report

Read more: http://www.dailymail.co.uk/news/article-2280914/Chinese-army-unit-responsible-thousands-hacks-U-S-government-companies-tracked-single-building-Shanghai.html#ixzz32BhvvB21
Follow us: @MailOnline on Twitter | DailyMail on Facebook
Source of the attacks: People's Liberation Army unit 61398 is located in Shanghai's Pudong district and staffed by perhaps thousands of people proficient in English, computer programming and network operations, according to a bombshell 2013 report Read more: http://www.dailymail.co.uk/news/article-2280914/Chinese-army-unit-responsible-thousands-hacks-U-S-government-companies-tracked-single-building-Shanghai.html#ixzz32BhvvB21 Follow us: @MailOnline on Twitter | DailyMail on Facebook
UglyGorilla and KandyGoo work here: The home base for China's notorious 'Comment Crew' is located on the outskirts of the Shanghai metro area
UglyGorilla and KandyGoo work here: The home base for China's notorious 'Comment Crew' is located on the outskirts of the Shanghai metro area

The unit has stolen 'hundreds of terabytes of data from at least 141 organisations across a diverse set of industries beginning as early as 2006', it said. Some 115 of the victims were located in the United States, with smaller numbers in Canada and Britain.
The information stolen ranged from details on mergers and acquisitions to the emails of senior employees.
The Chinese Foreign Ministry immediately dismissed the Mandiant report as 'groundless' when it was released, and said China's government firmly opposed hacking.
'Hacking attacks are transnational and anonymous,' government spokesman Hong Lei said during a February 19, 2013 news conference.
'Determining their origins are extremely difficult. We don't know how the evidence in this so-called report can be tenable. Arbitrary criticism based on rudimentary data is irresponsible, unprofessional and not helpful in resolving the issue.'
Carlin seemed to be recalling those criticisms on Monday.
'In the past, when we brought concerns such as these to Chinese government officials, they responded by publicly challenging us to provide hard evidence of their hacking that could stand up in court,' he said.
'Well, today we are.'
 
FBI Director James Comey told ABC News on Monday that 'the amount of theft that's going on is simply staggering.'
'There's only two types of corporations – big corporations – in America,' he said. 'Those who have been hacked by the Chinese, and those who don't yet know they've been hacked by the Chinese.'
'It is sapping the lifeblood of a lot of these companies, and it's about our ability to compete and about the ability of our people to get and keep good jobs.'
Holder said the Chinese military's alleged efforts were made in order to give companies in the communist nation an edge over their U.S. rivals.
'In sum, the alleged hacking appears to have been conducted for no other reason than to advantage state-owned companies and other interests in China at the expense of businesses here in the United States,' he said Monday. 'This is a tactic that the United States government categorically denounces.'
Said Bob Anderson Jr., executive assistant director of the FBI's criminal, cyber response and services division: 'This is the new normal. This is what you're going to see on a recurring basis.'
A Pennsylvania grand jury indicted five Chinese individuals on cyber espionage charges for allegedly targeting six American companies and stealing trade secrets, the U.S. Justice Department said on Monday, publicly accusing China of cyber spying for the first time.
FBI Director James Comey said 'there's only two types of corporations -- big corporations -- in America. Those who have been hacked by the Chinese, and those who don't yet know they've been hacked by the Chinese'
FBI Director James Comey said 'there's only two types of corporations -- big corporations -- in America. Those who have been hacked by the Chinese, and those who don't yet know they've been hacked by the Chinese'
The PLA unit is alleged to have stolen hundreds of terabytes of data from at least 141 organizations across a diverse set of industries, beginning as early as 2006 -- and a U.S. intelligence firm traced them back using IP addresses assigned to a specific city block
The PLA unit is alleged to have stolen hundreds of terabytes of data from at least 141 organizations across a diverse set of industries, beginning as early as 2006 -- and a U.S. intelligence firm traced them back using IP addresses assigned to a specific city block
China's Foreign Ministry quickly fired off a statement on Monday that contained echoes of its pronouncements from 15 months ago, insisting that the grand jury indictment was 'made up' and would 'damage Sino-American cooperation and mutual trust.
'The Chinese government's stance on the issue of Internet security is consistent and clear," said the statement from Foreign Ministry spokesman Qin Gang, demanding 'immediate rectification.'
'China is a staunch defender of network security, and the Chinese government, military and associated personnel have never engaged in online theft of trade secrets,' Qin's statement insisted.
The charges against the Chinese military officials come on the heels of a separate worldwide operation over the weekend that resulted in the arrest of 97 people in 16 countries who are suspected of developing, distributing or using malicious software called BlackShades, Holder said. 
The software allows criminals to gain surreptitious control of personal computers. An announcement on those arrests was expected for later Monday in New York.
'These two cases show that we are stepping up our cyber enforcement efforts really around the globe,' Holder said, adding that the U.S. will not tolerate these activities.
U.S. officials have previously asserted that China's army and China-based hackers had launched attacks on American industrial and military targets, often to steal secrets or intellectual property. China has said that it faces a major threat from hackers, and the country's military is believed to be among the biggest targets of the NSA and U.S. Cyber Command.
'It is our hope that the Chinese government will respect our criminal justice system,' Holder said.
Attorney General Eric Holder, accompanied by U.S. Attorney for Western District of Pennsylvania David Hickton (L), Assistant Attorney General for National Security John Carlin (2nd R) and FBI Executive Associate Director Robert Anderson (R), spoke at a DOJ news conference to level the first-of-its-kind indictment
Attorney General Eric Holder, accompanied by U.S. Attorney for Western District of Pennsylvania David Hickton (L), Assistant Attorney General for National Security John Carlin (2nd R) and FBI Executive Associate Director Robert Anderson (R), spoke at a DOJ news conference to level the first-of-its-kind indictment
White House Press Secretary Jay Carney told reporters Monday that the United States 'won't tolerate government-enabled cyber-espionage or threats against our government or private cyber systems.'
And he insisted that America doesn't and won't respond in kind.
'We do not gather intelligence for the benefit of US companies,' he said.

WILL THEY FACE JUSTICE?

Holder said Monday that none of the five Chinese criminal defendants has been on U.S. soil since the investigation began.
That means they have been outside the reach of U.S. law enforcement and can't presently be arrested.
If they were to travel to a country that shares an extradition treaty with the United States, that could change. But for now the prosecution remains largely symbolic.
A Justice Department official speaking on background told MailOnline on Monday that the legal action would proceed forward anyway, however, in order to help the government collect additional information and pressure the Chinese government.
FBI Director James Comey told ABC News that 'the practical impact' of Monday's indictments 'is if these fellas want to travel out of China on vacation, they should be looking over their shoulder.'
'The world is a lot smaller now than it used to be,' he said.
In recent months, Washington has been increasingly critical of what it describes as provocative Chinese actions in pursuit of territorial claims in disputed seas in East Asia. For its part, Beijing complains that the Obama administration's attempt to redirect its foreign policy toward Asia after a decade of war in the Middle East is emboldening China's neighbors and causing tension.
The hackers allegedly stole emails and other communications that could have helped Chinese firms learn the strategies and weaknesses of American companies involved in litigation with the Chinese government or Chinese firms.
Despite the ominous-sounding allegations, at least one of the firms downplayed the hacking.
'To our knowledge, no material information was compromised during this incident, which occurred several years ago,' said Monica Orbe, Alcoa's director of corporate affairs. 'Safeguarding our data is a top priority for Alcoa, and we continue to invest resources to protect our systems.'
Last September, President Barack Obama discussed cybersecurity issues on the sidelines of a summit in St. Petersburg, Russia, with Chinese President Xi Jinping.
'China not only does not support hacking but also opposes it,' Premier Li Keqiang said last year in a news conference when asked if China would stop hacking U.S. websites. 'Let's not point fingers at each other without evidence but do more to safeguard cyber security.'

No comments:

Post a Comment

Comments always welcome!