Sick Hackers Of Asia

China’s cyberattacks should make it a trade pariah
New York Post


Four members of China’s People’s Liberation Army now stand charged in the 2017 Equifax hack, one of the largest cybercrimes ever — and they were plainly working Beijing’s will, since they’re all members of a PLA unit dedicated to hacking.
In other words: China is waging cyberwar on the West even as it insists on being treated like a normal country.
The hack of one of the biggest US consumer-credit reporting agencies grabbed personal info on half the country: birthdates and Social Security numbers of 145 million and driver’s license info of 10 million, plus 200,000 stolen credit-card numbers.
And the danger goes far beyond the monetary, Attorney General William Barr noted in announcing the charges: “These thefts can feed China’s development of artificial intelligence tools, as well as the creation of intelligence targeting packages” — meaning industrial as well as regular-old espionage.
This follows the feds’ 2014 indictment of PLA hackers for breaching the computer systems of a number of American manufacturers, among other crimes.
Since then, notes Barr, “We have witnessed China’s voracious appetite for the personal data of Americans, including the theft of personnel records from the Office of Personnel Management, the intrusion into Marriott Hotels and Anthem health-insurance companies and now the wholesale theft of credit and other information from Equifax.”
It’s unlikely the hackers will ever face trial — and even less likely Beijing will stop trying to steal American data and know-how.
The Trump administration’s efforts to block the Chinese firm Huawei from building 5G networks in the West is clearly the bare minimum needed now.

As lucrative as China’s market may be, the rest of the world needs to start asking how it can trade with a pack of unapologetic thieves.

Chinese Aggressions

Chinese Hackers Conduct Mass-Scale Espionage Attack On Global Cellular Networks
By Zak Doffman

An Israeli-U.S. cybersecurity firm released a new report on Monday evening, claiming that Chinese hackers had compromised the systems of at least ten cellular carriers around the world to steal metadata related to specific users. 

None of the affected carriers or targeted individuals have been named.
Cybereason claimed that the sophistication and scale of the attack, which they have dubbed Operation Softcell, bear the hallmarks of a nation-state action and that the individual targets—military officials and dissidents—tie to China. 

All of which points to the Chinese government as the culprit. 

The affected carriers were in Europe, Africa, the Middle East and Asia. 

None were thought to be in the United States.
"The advanced, persistent attack targeting telecommunications providers," the company said, "has been active since at least 2017... The Chinese were attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more."
The attack was described in the report as a "game of cat and mouse between the Chinese and the defenders." 

As soon as the compromise [of] critical assets, such as database servers, billing servers, and the active directory" was detected, "the Chinese stopped the attack" only to resume later.
The implications of China "infiltrating into the deepest segments of providers’ network, including some isolated from the internet," enabling hackers to "compromise critical assets and steal communications data of specific individuals in various countries" are extremely significant. 

It suggests almost open access for intelligence harvesting.
Cybereason also pointed out that "even though the attacks targeted specific individuals, any entity that possesses the power to take over the networks of telecommunications providers can potentially leverage its unlawful access and control of the network to shut down or disrupt an entire cellular network as part of a larger cyber warfare operation."
According to the Wall Street Journal, "Cybereason Chief Executive Lior Div gave a weekend, in-person briefing about the hack to more than two dozen other global carriers. For the firms already affected, the response has been disbelief and anger, Mr. Div said. 'We never heard of this kind of mass-scale espionage ability to track any person across different countries'."

The nature of the data harvested in the attack is of real value to intelligence agencies, which analyze the metadata for patterns. 

Even if the call or messaging content is not retrieved, analysis of who talks to who and when and how often and for how long and from where is a rich seam to be mined. 

In essence, every piece of metadata collected by the networks from registered smartphones was potentially vulnerable. 

And once the network's core security was compromised, the threat became almost internal in nature.
In the U.S. and U.K., when national intelligence agencies "hoover up" such data or campaign for additional collection legislation to enable them to do so, there is inevitably a privacy backlash. 

And this collection campaign has gone beyond anything a national agency would campaign for. 

The WSJ reported that "Operation Soft Cell gave Chinese hackers access to the carriers’ entire active directory, an exposure of hundreds of millions of users... [with] the hackers creating high-privileged accounts that allowed them to roam through the telecoms’ systems, appearing as if they were legitimate employees."
Cybereason pointed towards China's APT10—Advanced Persistent Threat 10—as the likely hackers behind this attack. 

The group is known for long-term, persistent threat campaigns, harvesting information as might an actual agency. 

And this campaign is thought to have been running for as long as seven years. 

Coincidentally, NASA, one of the previous targets of APT10, confirmed in recent days that it had also been hacked, a compromise which again bears nation-state hallmarks.
"Cybereason said it couldn't be ruled out that a non-Chinese actor mirrored the attacks to appear as if it were APT 10," reported the WSJ, "as part of a misdirection. But the servers, domains and internet-protocol addresses came from China, Hong Kong or Taiwan... All the indications are directed to China."

FireEye and Crowdstrike, the cybersecurity firms that have painted the most complete profile of APT10, told Wired that "they couldn't confirm Cybereason's findings, but that they have seen broad targeting of cellular providers, both for tracking individuals and for bypassing two-factor authentication, intercepting the SMS messages sent to phones as a one-time passcode."
Two hackers allegedly linked to APT10 were indicted on federal charges in the U.S. last year.
The fact that a Chinese state hacking outfit has targeted cellphone metadata will clearly be tied to the ongoing U.S. campaign against Chinese telecoms equipment manufacturers in general, and Huawei in particular. 

The argument will now run that this is exactly the kind of vulnerability that becomes exposed if the Chinese government uses its influence over domestic companies to pull intelligence from overseas.
"We’ve concluded with a high level of certainty," Cybereason claimed on issuing its report, "that the threat actor is affiliated with China and is state-sponsored. The tools and techniques used throughout these attacks are consistent with several Chinese threat actors, specifically with APT10, a threat actor operating on behalf of the Chinese Ministry of State Security."

China's Cyberattacks

Chinese hacker who obtained details of 78 million people is charged in US with one of the worst data breaches in history
by Robert Delaney

This photo provided by the FBI shows a wanted poster of Wang Fujie (left). The US Justice Department says a grand jury has indicted Wang and another man identified only as John Doe for hacking into the computers of health insurer Anthem Inc and three other, unnamed companies, in an indictment unsealed May 9, 2019, in Indianapolis. 

A US federal grand jury on May 9 charged a Chinese national in a hacking campaign described by the Justice Department as “one of the worst data breaches in history”, an effort that yielded the personal data of 78 million people.
Wang Fujie, also known as Dennis Wang, and another individual in the indictment, have infiltrated the US-based computer systems of US health insurer Anthem and three other companies, the Justice Department said in a statement on May 9.
“The allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history,” Assistant Attorney General Brian Benczkowski, said in the announcement.
“These defendants attacked US businesses operating in four distinct industry sectors, and violated the privacy of over 78 million people by stealing their [personally identifiable information].”
The indictment was the latest in a series of efforts by the US Federal Bureau of Investigations to tackle hacking operations and cybertheft emanating from China.

The bureau has become increasingly vocal about the country.
The second suspect, who was identified in court documents as John Doe and through aliases including Zhou Zhihong, conducted the hacking activities in China.
The other three companies affected by the hacks, conducted between February 2018 and January 2019, operated in the technology, basic materials and communication services sectors, according to the department.
Information taken from the companies included health identification numbers, birth dates, social security numbers, addresses, telephone numbers, email addresses, and employment information.
Wang and Doe obtained personal information by installing malware on the victim companies’ computers systems through “spearfishing” emails sent to the companies’ employees, according to the indictment, which was filed with the Indianapolis division of the federal court’s Southern District of Indiana, where Anthem is based.

The information obtained by the defendants was encrypted and sent through multiple computers to destinations in China. 

The files installed in the victim companies’ computers systems were then deleted.
Anthem and the other US companies involved notified the FBI when they became aware of the operation, allowing the federal investigators to monitor the activity and trace it to the defendants, according to the Justice Department.
The FBI has worked closely with companies in recent years to respond to attempts by Chinese to steal information from US companies. 

GE Aviation, for example, had worked with the bureau for more than a year to lure Xu Yanjun, a spy working for China’s Ministry of State Security, into a law enforcement trap in Belgium last year. Xu was then extradited to the US and is now awaiting trial.
According to Xu’s indictment filed in the Southern District of Ohio, the MSS officer sought GE Aviation technology used in the development of fan blades and engine encasements.
FBI Director Christopher Wray has been an outspoken critic of China since he assumed his post in 2017.
Last year, Wray accused Beijing of increasing its use of “non-traditional collectors” – such as professors, scientists and students – for its intelligence gathering.
“One of the things we’re trying to do is view the China threat as not just a whole-of-government threat but a whole-of-society threat on their end, and I think it’s going to take a whole-of-society response by us,” Mr Wray testified at a Senate hearing in February 2018.
Eight months later at another hearing, Mr Wray declared China “the broadest, most complicated, most long-term” counter-intelligence threat confronting the US – surpassing even Russia, whose interference in the 2016 election dominated headlines for more than two years and continues to roil the country.
Speaking at a separate Senate hearing in December, Bill Priestap, the FBI’s assistant director of counter-intelligence, also called for more coordinated action to counter espionage and cybertheft originating in China.
“There are pockets of great understanding of the threat we’re facing and effective responses, but in my opinion we’ve got to knit that together better,” he said.
Warning against what he called “ad hoc responses”, Priestap added: “We need more people in government, more people in business, more people in academia pulling in the same direction to combat this threat effectively.”

Chinese and Iranian Hackers Renew Their Attacks on U.S. Companies

By Nicole Perlroth

Geoffrey Berman, the United States attorney for the Southern District of New York, discussing the charges last year against nine Iranians accused of hacking into the systems of hundreds of companies and academic institutions.

SAN FRANCISCO — Businesses and government agencies in the United States have been targeted in aggressive attacks by Iranian and Chinese hackers who security experts believe have been energized by President Trump’s withdrawal from the Iran nuclear deal last year and his trade conflicts with China.
Recent Iranian attacks on American banks, businesses and government agencies have been more extensive than previously reported.

Dozens of corporations and multiple United States agencies have been hit, according to seven people briefed on the episodes who were not authorized to discuss them publicly.
The attacks, attributed to Iran by analysts at the National Security Agency and the private security firm FireEye, prompted an emergency order by the Department of Homeland Security during the government shutdown last month.
The Iranian attacks coincide with a renewed Chinese offensive geared toward stealing trade and military secrets from American military contractors and technology companies, according to nine intelligence officials, private security researchers and lawyers familiar with the attacks who discussed them on the condition of anonymity because of confidentiality agreements.
A summary of an intelligence briefing read to The New York Times said that Boeing, General Electric Aviation and T-Mobile were among the recent targets of Chinese industrial-espionage efforts. 

The companies all declined to discuss the threats, and it is not clear if any of the hacks were successful.

Chinese cyberespionage cooled four years ago after Barack Obama and Xi Jinping reached a deal to stop hacks meant to steal trade secrets.
But the 2015 agreement appears to have been unofficially canceled amid the continuing trade tension between the United States and China, the intelligence officials and private security researchers said. Chinese hacks have returned to earlier levels, although they are now stealthier and more sophisticated.
“Cyber is one of the ways adversaries can attack us and retaliate in effective and nasty ways that are well below the threshold of an armed attack or laws of war,” said Joel Brenner, a former leader of United States counterintelligence under the director of national intelligence.
Federal agencies and private companies are back to where they were five years ago: battling increasingly sophisticated, government-affiliated hackers from China and Iran — in addition to fighting constant efforts out of Russia — who hope to steal trade and military secrets and sow mayhem. 

And it appears the hackers substantially improved their skills during the lull.
Russia is still considered America’s foremost hacking adversary. 

In addition to meddling widely and spreading disinformation during United States elections, Russian hackers are believed to have launched attacks on nuclear plants, the electrical grid and other targets.
Threats from China and Iran never stopped entirely, but Iranian hackers became much less active after the nuclear deal was signed in 2015. 

And for about 18 months, intelligence officials concluded, Beijing backed off its 10-year online effort to steal trade secrets.
But Chinese hackers have resumed carrying out commercially motivated attacks, security researchers and data-protection lawyers said. 

A priority for the hackers, researchers said, is supporting Beijing’s five-year economic plan, which is meant to make China a leader in artificial intelligence and other cutting-edge technologies.
“Some of the recent intelligence collection has been for military purposes or preparing for some future cyber conflict, but a lot of the recent theft is driven by the demands of the five-year plan and other technology strategies,” said Adam Segal, the director of the cyberspace program at the Council on Foreign Relations. 

“They always intended on coming back.”
Officials at the Chinese embassy in Washington did not respond to a request for comment.
Mr. Segal and other Chinese security experts said attacks that once would have been conducted by hackers in China’s People’s Liberation Army are now being run by China’s Ministry of State Security.
These hackers are better at covering their tracks. 

Rather than going at targets directly, they have used a side door of sorts by breaking into the networks of the targets’ suppliers. 

They have also avoided using malware commonly attributed to China, relying instead on encrypting traffic, erasing server logs and other obfuscation tactics.

Two Chinese who are suspected of participating in an extensive hacking campaign to steal data from American companies.

“The fingerprint of Chinese operations today is much different,” said Priscilla Moriuchi, who once ran the National Security Agency’s East Asia and Pacific cyber threats division. 

Her duties there included determining whether Beijing was abiding by the 2015 agreement’s terms. “These groups care about attribution. They don’t want to get caught.”
It is difficult to quantify the number of industrial-espionage attacks, in part because they have been designed mostly to steal strategic trade secrets, not the kind of personal information about customers and employees that companies must disclose. 

Only Airbus has acknowledged in recent weeks that Chinese hackers had penetrated its databases.
Many of the attacks by the Chinese Ministry of State Security have been against strategic targets like internet service providers with access to hundreds of thousands, if not millions, of corporate and government networks.
Last week, Ms. Moriuchi, who is now a threat director at the cybersecurity firm Recorded Future, released a report on a yearlong, stealth campaign by the Chinese to hack internet service providers in Western Europe and the United States and their customers.
The lone hacking target to publicly confront the Chinese was Visma, a Norwegian internet service provider with 850,000 customers. 

The goal of the attack on Visma was to gain broad access to its customers’ intellectual property, strategic plans and emails, including those of an American law firm that handles intellectual property matters for clients in the automotive, biomedical, pharmaceutical and tech sectors, according to Recorded Future.
The Visma attack was harder to trace than earlier incidents, which typically started with so-called spearphishing emails meant to steal personal credentials. 

This assault began with stolen credentials for a third-party software service, Citrix. 

And instead of using malware easily traced to China, the attackers used malware available on the so-called Dark Web that could have come from anywhere. 

They also used the online storage service Dropbox to move stolen emails and files.
Federal agencies are also trying to fend off new Iranian espionage campaigns.
After the Trump administration pulled out of the nuclear deal, Kirstjen Nielsen, the homeland security secretary, testified before Congress that her agency was “anticipating it’s a possibility” that Iran would resort to hacking attacks.

Stuart Davis, a director at a subsidiary of the security firm FireEye, which has attributed a recent wave of cyberattacks to Iranian hackers.

The Iranian attacks, which hit more than a half-dozen federal agencies last month, still caught the department off guard. 

Security researchers said the hacks, which exploited underlying weaknesses in the internet’s backbone, were continuing and were more damaging and widespread than agency officials had acknowledged.
Iranian hackers began their latest wave of attacks in Persian Gulf states last year. 

Since then, they have expanded to 80 targets — including internet service providers, telecommunications companies and government agencies — in 12 European countries and the United States, according to researchers at FireEye, which first reported the attacks last month.
The current hacks are harder to catch than previous Iranian attacks. 

Instead of hitting victims directly, FireEye researchers said, Iranian hackers have been going after the internet’s core routing system, intercepting traffic between so-called domain name registrars. 

Once they intercepted their target’s customer web traffic, they used stolen login credentials to gain access to their victims’ emails. (Domain name registrars hold the keys to hundreds, perhaps thousands, of companies’ websites.)
“They’re taking whole mailboxes of data,” said Benjamin Read, a senior manager of cyberespionage analysis at FireEye. 

Mr. Read said Iranian hackers had targeted police forces, intelligence agencies and foreign ministries, indicating a classic, state-backed espionage campaign rather than a criminal, profit-seeking motive.
There is a long history of Iranian attacks against the United States, and episodes from five years back or longer are just now being made public.
On Wednesday, the Justice Department announced an indictment against a former Air Force intelligence specialist, Monica Witt, on charges of helping Iran with an online espionage campaign. Four members of Iran’s Islamic Revolutionary Guard Corps were also charged with “computer intrusions and aggravated identity theft” directed at members of the United States intelligence community.
Also last week, the Treasury said it was putting sanctions on two Iranian companies, New Horizon Organization and Net Peygard Samavat Company, and several people linked to them. 

Treasury officials said New Horizon set up annual conferences where Iran could recruit and collect intelligence from foreign attendees.
Ms. Witt attended one of the conferences, the indictment says. 

Net Peygard used information she provided to begin a campaign in 2014 to track the online activities of United States government and military personnel, Treasury officials said.
Representatives for Iran’s Mission to the United Nations did not respond to requests for comment.
The recent Iranian attacks have unnerved American officials. 

But after issuing the emergency order about the ones last month, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has largely played them down.
An official with the cybersecurity agency said there was a belief that no information had been stolen and that the attacks had not “materially impacted” operations. 

But Mr. Read of FireEye and others said there had been a noticeable escalation in Iran’s digital espionage.
“If you tell the Iranians you’re going to walk out on the agreement and do everything you can to undermine their government,” said Mr. Brenner, the former counterintelligence official, “you can’t be surprised if they attack our government networks.”

China's global theft of commercial secrets

China hacked Norway's Visma to steal client secrets

By Jack Stubbs

LONDON -- Hackers working on behalf of Chinese intelligence breached the network of Norwegian software firm Visma to steal secrets from its clients, cybersecurity researchers said, in what a company executive described as a potentially catastrophic attack.
The attack was part of what Western countries said in December is a global hacking campaign by China's Ministry of State Security to steal intellectual property and corporate secrets, according to investigators at cybersecurity firm Recorded Future.
China's Ministry of State Security has no publicly available contacts. 

The foreign ministry did not respond to a request for comment.
Visma took the decision to talk publicly about the breach to raise industry awareness about the hacking campaign, which is known as Cloudhopper and targets technology service and software providers in order reach their clients.
Cybersecurity firms and Western governments have warned about Cloudhopper several times since 2017 but have not disclosed the identities of the companies affected.
Reuters reported in December that Hewlett Packard Enterprise Co and IBM were two of the campaign's victims, and Western officials caution in private that there are many more.
At the time IBM said it had no evidence sensitive corporate data had been compromised, and Hewlett Packard Enterprise said it could not comment on the Cloudhopper campaign.
Visma, which reported global revenues of $1.3 billion last year, provides business software products to more than 900,000 companies across Scandinavia and parts of Europe.
The company's operations and security manager, Espen Johansen, said the attack was detected shortly after the hackers accessed Visma's systems and he was confident no client networks were accessed.

"PARANOIA HAT"
"But if I put on my paranoia hat, this could have been catastrophic," he said. 

"If you are a big intelligence agency somewhere in the world and you want to harvest as much information as possible, you of course go for the convergence points, it's a given fact."
"I'm aware that we do have clients which are very interesting for nation states," he said, declining to name any specific customers.
Paul Chichester, director for operations at Britain's National Cyber Security Centre, said the Visma case highlighted the dangers organisations increasingly face from cyber attacks on their supply chains.
"Because organisations are focused on improving their own cyber security, we are seeing an increase in activity targeting supply chains as actors try to find other ways in," he said.
In a report https://www.recordedfuture.com/apt10-cyberespionage-campaign with investigators at cybersecurity firm Rapid7, Recorded Future said the attackers first accessed Visma's network by using a stolen set of login credentials and were operating as part of a hacking group known as APT 10, which Western officials say is behind the Cloudhopper campaign.
The U.S. Department of Justice in December charged two members of APT 10 with hacking U.S. government agencies and dozens of businesses around the world on behalf of China's Ministry of State Security.
Priscilla Moriuchi, director of strategic threat development at Recorded Future and a former intelligence officer at the U.S. National Security Agency, said the hackers' activity inside Visma's network suggested they intended to infiltrate client systems in search of commercially-sensitive information.
"We believe that APT 10 in this case exploited Visma networks to enable secondary operations against Visma's customers, not necessarily to steal Visma's own intellectual property," she said. "Because they caught it so early they were able to discourage and prevent those secondary attacks." 

China's Cyber-Aggressions

China hacked Hewlett Packard Enterprise, IBM and then attacked clients 

By  Christopher Bing, Jack Stubbs, Joseph Menn

Signs for Hewlett Packard Enterprise Co. cover the facade of the New York Stock Exchange November 2, 2015. 

WASHINGTON/LONDON/SAN FRANCISCO -- Hackers working on behalf of China’s Ministry of State Security breached the networks of Hewlett Packard Enterprise Co and IBM, then used the access to hack into their clients’ computers, according to five sources familiar with the attacks.

The attacks were part of a Chinese campaign known as Cloudhopper, which the United States and Britain on Thursday said infected technology service providers in order to steal secrets from their clients.
While cybersecurity firms and government agencies have issued multiple warnings about the Cloudhopper threat since 2017, they have not disclosed the identity of technology companies whose networks were compromised.
International Business Machines Corp said it had no evidence that sensitive corporate data had been compromised. 

Hewlett Packard Enterprise (HPE) said it could not comment on the Cloudhopper campaign.
Businesses and governments are increasingly looking to technology companies known as managed service providers (MSPs) to remotely manage their information technology operations, including servers, storage, networking and help-desk support.
Cloudhopper targeted MSPs to access client networks and steal corporate secrets from companies around the globe, according to a U.S. federal indictment of two Chinese unsealed on Thursday. 

Prosecutors did not identify any of the MSPs that were breached.
Both IBM and HPE declined to comment on the specific claims made by the sources.
“IBM has been aware of the reported attacks and already has taken extensive counter-measures worldwide as part of our continuous efforts to protect the company and our clients against constantly evolving threats,” the company said in a statement. 

“We take responsible stewardship of client data very seriously, and have no evidence that sensitive IBM or client data has been compromised by this threat.”
HPE said in a statement that it had spun out a large managed-services business in a 2017 merger with Computer Sciences Corp that formed a new company, DXC Technology.
“The security of HPE customer data is our top priority,” HPE said. 

“We are unable to comment on the specific details described in the indictment, but HPE’s managed services provider business moved to DXC Technology in connection with HPE’s divestiture of its Enterprise Services business in 2017.”
DXC Technology declined to comment, saying in a statement that it does not comment on reports about specific cyber events and hacking groups.
Reuters was unable to confirm the names of other breached technology firms or identify any affected clients.
The sources, who were not authorized to comment on confidential information gleaned from investigations into the hacks, said that HPE and IBM were not the only prominent technology companies whose networks had been compromised by Cloudhopper.
Cloudhopper, which has been targeting technology services providers for several years, infiltrated the networks of HPE and IBM multiple times in breaches that lasted for weeks and months, according to another of the sources with knowledge of the matter.
IBM investigated an attack as recently as this summer, and HPE conducted a large breach investigation in early 2017, the source said.
The attackers were persistent, making it difficult to ensure that networks were safe, said another source.

IBM has dealt with some infections by installing new hard drives and fresh operating systems on infected computers, said the person familiar with the effort.
Cloudhopper attacks date back to at least 2014, according the indictment.
The indictment cited one case in which Cloudhopper compromised data of an MSP in New York state and clients in 12 countries including Brazil, Germany, India, Japan, the United Arab Emirates, Britain and the United States. 

They were from industries including finance, electronics, medical equipment, biotechnology, automotive, mining, and oil and gas exploration.
One senior intelligence official, who declined to name any victims who were breached, said attacks on MSPs were a significant threat because they essentially turned technology companies into launchpads for hacks on clients.
“By gaining access to an MSP, you can in many cases gain access to any one of their customers,” said the official. 

“Call it the Walmart approach: If I needed to get 30 different items for my shopping list, I could go to 15 different stores or I could go to the one that has everything.”
Representatives with the FBI and Department of Homeland Security declined to comment. 

Officials with the U.S. Justice Department and the Chinese embassy in Washington could not be reached.
A British government spokeswoman declined to comment on the identities of companies affected by the Cloudhopper campaign or the impact of those breaches.
“A number of MSPs have been affected, and naming them would have potential commercial consequences for them, putting them at an unfair disadvantage to their competitors,” she said.

Nation of Thieves

U. S. charges Chinese hackers in theft of vast trove of confidential data in 12 countries

By Ellen Nakashima and David J. Lynch

Prosecutors unsealed an indictment charging two Chinese with computer hacking attacks on a wide range of U.S. government agencies and corporations. 

The United States and four of its closest allies on Thursday blamed China for a 12-year campaign of cyberattacks that vacuumed up technology and trade secrets from corporate computers in 12 countries, affecting almost every major global industry.
The coordinated announcements in five capitals marked the Trump administration’s broadest anti-China initiative to date, yet it fell short of even stronger measures that officials had planned.
During debate, Treasury Secretary Steven Mnuchin blocked a proposal to impose financial sanctions on those implicated in the hacking, according to five sources familiar with the matter. 

Two administration officials said Mnuchin acted out of fear that sanctions would interfere with U.S.-China trade talks.
The centerpiece of Thursday’s synchronized accusations came in Washington, where the Justice Department unveiled indictments against two Chinese hackers, who it said acted “in association with” the Chinese Ministry of State Security (MSS).
Zhu Hua and Zhang Shilong, members of a hacking squad known as “Advanced Persistent Threat 10” or “Stone Panda,” were accused of conspiracy to commit computer intrusions, wire fraud and aggravated identity theft while pilfering “hundreds of gigabytes” of confidential business data, the indictment said.
“China’s goal, simply put, is to replace the U.S. as the world’s leading superpower, and they’re using illegal methods to get there,” said FBI Director Christopher A. Wray.
U.S. allies echoed the Justice Department action, signaling a growing consensus that Beijing is flouting international norms in its bid to become the world’s predominant economic and technological power.

Xi Jinping's empty promises

In the capitals of the United Kingdom, Australia, Canada and New Zealand, ministers knocked China for violating a 2015 pledge — offered by Chinese dictator Xi Jinping in the White House’s Rose Garden and repeated at international gatherings such as the Group of 20 summit — to refrain from hacking for commercial gain.
“This campaign is one of the most significant and widespread cyber intrusions against the U.K. and allies uncovered to date, targeting trade secrets and economies around the world,” British Foreign Secretary Jeremy Hunt said in a statement.
Still, some administration allies were skeptical that Thursday’s announcement would alter China’s behavior.

Deputy Attorney General Rod J. Rosenstein announces on Thursday the indictments of two Chinese for hacking attacks. 

“Just as when the Obama administration did it, indicting a handful of Chinese agents out of the tens of thousands involved in economic espionage is necessary but not important,” said Derek Scissors, a China analyst at the American Enterprise Institute. 

“International denouncements may irritate Xi, but they place no real pressure on him.”
Scissors said it would be more effective for the United States to hit high-profile Chinese companies with financial sanctions, including potential bans on their ability to do business with American companies.
The five governments that joined in the statements about China are partners in the “Five Eyes” intelligence alliance, sharing some of their most closely guarded technical and human reporting.
The foreign ministries of Denmark, Sweden and Finland tweeted statements saying they shared the concerns over rampant cyberespionage against corporations.
The united front against Chinese hacking and economic espionage stands in contrast to the “America First” president’s preference for taking a unilateral course to many of his trade goals.
“This demonstrates there’s a strong well of international support the United States can tap... Countries are fed up,” said Ely Ratner, executive vice president of the Center for a New American Security.
The hackers named in the indictment presided over a state-backed campaign of cybertheft that targeted advanced technologies with commercial and military applications. 

They also hacked into companies called “managed service providers,” which act as gatekeepers to computer networks serving scores of corporate clients.
The Chinese targeted companies in the finance, telecommunications, consumer electronics and medical industries, along with U.S. government laboratories operated by the National Aeronautics and Space Administration and the military.
Along with the United States and the United Kingdom, countries targeted by China include Canada, France, Germany, Japan, Sweden and Switzerland.
“The list of victim companies reads like a who’s who of the global economy,” said Wray.
The Stone Panda team made off with personal information, including Social Security numbers belonging to more than 100,000 U.S. Navy personnel.
The hackers employed a technique known as “spear-phishing,” tricking computer users at the business and government offices into opening malware-infected emails giving them access to log-in and password details.
They worked out of an office in Tianjin, China, and engaged in hacking operations during working hours in China.
Geoffrey Berman, the U.S. attorney for the Southern District of New York, called the Chinese ­cyber-campaign “shocking and outrageous.”
Over the past seven years, more than 90 percent of cases alleging economic espionage involved China as did more than two-thirds of trade-secret theft prosecutions, according to Deputy Attorney General Rod J. Rosenstein.
The industries targeted in the Stone Panda hacks are featured in the Chinese government’s Made in China 2025 program, which aims to supplant the United States as the global leader in 10 advanced technologies including artificial intelligence, robotics and quantum computing, Rosenstein added.

In November, in one of his last official actions, then-Attorney General Jeff Sessions announced a major initiative to combat Chinese commercial spying, building on four years of prosecutorial effort. The department vowed to aggressively pursue trade-secret theft cases and identify researchers and defense industry employees who have been “co-opted” by Chinese agents seeking to transfer technology to China.
While the show of anti-China unity was notable, the administration pulled back from plans for tougher action after warnings from the treasury secretary.
Mnuchin’s 11th-hour intervention left administration officials fearing Beijing would view the limited actions as a sign that Trump lacks the stomach for an all-out confrontation.
“We don’t comment on sanctions actions or deliberations, but it’s important to note that these issues are completely separate from trade,” said a Treasury Department spokesman asked to comment on the reports.
The administration’s action entailed statements from four Cabinet agencies — Justice, State, Energy and Homeland Security — while Treasury remained on the sidelines.
The condemnations also pose a complication as Trump and Xi seek to negotiate a trade deal. 

Over dinner in Buenos Aires earlier this month, the two leaders agreed to a truce in their months-long tariff war.
Talks between U.S. and Chinese diplomats are expected to begin early next month.
The Trump administration is seeking a deal that would involve structural changes to China’s state-led economic model, greater Chinese purchases of American farm and industrial products and a halt to what the United States says are coercive joint-venture licensing terms.
The indictments were followed by a joint statement from Secretary of State Mike Pompeo and Homeland Security Secretary Kirstjen Nielsen that assailed China for violating Xi’s landmark 2015 pledge to refrain from hacking U.S. trade secrets and intellectual property to benefit Chinese companies.
“These actions by Chinese actors to target intellectual property and sensitive business information present a very real threat to the economic competitiveness of companies in the United States and around the globe,” they said.
Thursday’s push to confront China over its cyber-aggression comes at a fraught time, as Canada has arrested a Chinese telecommunications executive at the United States’ request on a charge related to violating sanctions against Iran.

US and UK accuse Chinese of sustained hacking campaign

‘The tentacles of the campaign are vast,’ UK official says, as two Chinese charged in US
By Patrick Wintour

 

'Godkiller' and 'Atreexp': the Chinese hackers accused of global attacks. Zhu Hua and Zhang Shilong, two members of a hacking group wanted by the FBI.

The US and UK have taken the unprecedented step of accusing hackers linked to the Chinese government of waging a sustained cyber-campaign focused on large-scale theft of commercial intellectual property.
Two Chinese nationals were charged in the US in relation to a campaign across Europe, Asia and the US that breached Chinese bilateral and international commitments, American prosecutors said.
A US indictment unsealed on Thursday in unison with a series of British statements accused Chinese hackers of obtaining unauthorised access to the computers of at least 45 entities, including commercial and defence technology companies and US government agencies such as Nasa and the US navy.
The UK Foreign Office and the US indictment allege that a group of Chinese was operating under the direction and protection of China’s main intelligence agency, the ministry of state security. 

The group was organised more like a corporation than a gang, a UK government official said.
“China’s goal, simply put, is to replace the US as the world’s leading superpower and they’re using illegal methods to get there,” the FBI director, Christopher Wray, said at a news conference. 

The companies targeted by China were a “who’s who” of American businesses, he added.

The US justice department accused China of breaking a 2015 pact to curb cyber-espionage for corporate purposes. 

One UK official said it was the most serious, persistent and widespread intrusion ever seen of globally significant companies. 

“The tentacles of the campaign are vast,” the official said.
The issue has been raised privately at the highest levels with China for the best part of two years, including by Theresa May, British officials said. 

But the hacking had not stopped, which was why the Chinese were being challenged in public, they added.
In the unsealed US indictment, prosecutors accuse Zhu Hua and Zhang Shilong of acting on behalf of China’s ministry of state security to spy on some of the world’s largest companies by hacking into technology firms to which they outsource email, storage and other computing tasks.

FBI wanted poster. Photograph: FBI

Court papers filed in Manhattan federal court say the victims were in a variety of industries from aviation and space to pharmaceutical technology. 

Prosecutors claim the hackers were able to steal “hundreds of gigabytes” of data.

The UK foreign secretary, Jeremy Hunt, said: “This campaign is one of the most significant and widespread cyber-intrusions against UK and allies uncovered to date, targeting trade secrets and economies around the world... These activities must stop.”
Britain said it was taking no immediate punitive action but would lead a government-guided review of major companies’ security in the new year to better protect them.
New Zealand’s spy agency confirmed on Friday that it had established links between the Chinese ministry of state security and a global campaign of cyber-enabled commercial intellectual property theft, first becoming aware of the activity in early 2017.
“This long-running campaign targeted the intellectual property and commercial data of a number of global managed service providers, some operating in New Zealand,” director-general of the GCSB Andrew Hampton said.
Hampton said the National Cyber Security Centre issued advice to New Zealand organisations on how to protect their networks. 

Around a third of the serious incidents recorded by the NCSC could be linked to state-sponsored actors, Hampton said.
Over the past few years, as companies around the globe have sought to cut down information technology spending, they have increasingly relied on outside contractors to store and transfer their data.
When a managed service provider is hacked, it can unintentionally provide attackers access to secondary victims who are customers of that company and have their computer systems connected to them, according to experts.
The timing of the action coincides with the arrest of Meng Wanzhou, the chief financial officer of Chinese telecommunications giant Huawei Technologies, in Canada at the request of the US.

Senate Bill Targets Chinese Economic Espionage

New measure would give U.S. prosecutors power to indict hackers working abroad.
BY ELIAS GROLL

Sen. Dianne Feinstein (D-Calif.) walks with Sens. Kamala Harris (D-Calif.) and Mark Warner (D-Va.) to a Senate Select Committee on Intelligence closed-door meeting at the U.S. Capitol in Washington on April 27, 2017. 

A new Senate bill would expand the ability of American prosecutors to go after hackers abroad who attempt to steal trade secrets from U.S. firms, in the latest effort in Washington to crack down on Chinese economic espionage.
Under current law, the U.S. Justice Department is limited in its ability to bring charges of economic espionage against offenders abroad, and may only do so if the suspects are American citizens or permanent residents—or if an act to further the theft was committed in the United States.
A bill authored by Sen. Kamala Harris, a California Democrat, and set to be introduced Wednesday would loosen those requirements by amending the Economic Espionage Act. 

Harris’s bill would allow American prosecutors to bring charges of economic espionage against individuals operating abroad if the act of theft has a “substantial economic effect” in the United States.
That reform would expand the jurisdiction of American prosecutors to bring economic espionage charges against hackers and operatives who operate with scant respect for national borders.
“It is absolutely vital that our approach to combating economic espionage is grounded in a modern-day understanding of the tactics employed by foreign actors and that our laws provide a strong deterrent to committing these acts in the first place,” Harris said in a statement to Foreign Policy.
The bill would also increase the damages companies are able to seek from individuals or groups that break into their computer systems to carry out economic espionage. 

And it would extend the statute of limitations for such crimes and allow victims to bring civil suit against operatives working abroad.
Peter Harrell, a former State Department official and a fellow at the Center for a New American Security think tank, described the measure as a “useful step” in responding to Chinese economic espionage against the United States.
Deterring such espionage usually falls to the government, “but the U.S. also needs to make it easier for individual American companies that are victims of Chinese economic espionage to fight back,” Harrell said. 

“The threat of expanded damages could make the act more of a deterrent to Chinese hacking.”
American prosecutors have brought a series of indictments in recent months against Chinese operatives and intelligence officials alleged to have stolen U.S. intellectual property. 

But in those cases, authorities have typically relied on anti-hacking laws—as opposed to economic espionage statutes—to bring charges.
The bill comes amid escalating tensions between the United States and China over a wide-ranging campaign by Beijing’s operatives to steal U.S. trade secrets.
Speaking at an event in New York on Tuesday, Rob Joyce, a senior National Security Agency official, said Chinese hacking operations have grown more audacious in recent years. 

Xi Jinping's empty promises

In 2015, Barack Obama and Chinese dictator Xi Jinping pledged to halt hacking operations in support of economic espionage, but Beijing reneged on that agreement during the first two years of Donald Trump’s presidency.

U.S. prosecutors are expected to unveil a wide-ranging indictment this week targeting a well-known Chinese hacking group said to have targeted U.S. firms. 

American officials are also expected to levy sanctions against Chinese operatives involved in the scheme.
Multiple media outlets reported this week that Chinese intelligence was responsible for a breach of hotel giant Marriott International that affected some 500 million guests.
While American officials describe China as the most prolific user of economic espionage, other U.S. adversaries, including Russia and Iran, are thought to employ the tactic as well. 

“China is a player, but it’s not the only player in the game,” said a Senate aide familiar with the matter.
The bill could also have political benefits for Harris as Democratic politicians begin to position themselves for the 2020 presidential election. 

A former California attorney general, Harris is likely to seek her party’s nomination but would enter the race with relatively little foreign-policy experience.
By positioning herself as a champion of U.S. companies contending with Chinese economic espionage, Harris joins Sen. Elizabeth Warren, a Massachusetts Democrat, in signaling a hawkish approach toward Beijing. 

Warren, in a speech last month, argued that China is “using its economic might to bludgeon its way onto the world stage and offering a model in which economic gains legitimize oppression.”

Nation of Thieves

Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing
By David E. Sanger, Nicole Perlroth, Glenn Thrush and Alan Rappeport

A Chinese ship near Los Angeles. On Tuesday, President Trump said the United States and China were having “very productive conversations” on trade.

WASHINGTON — The cyberattack on the Marriott hotel chain that collected personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation.
The hackers, they said, are working on behalf of the Ministry of State Security, the country’s Communist-controlled civilian spy agency. 

The discovery comes as the Trump administration is planning actions targeting China’s trade, cyber and economic policies, perhaps within days.
Those moves include indictments against Chinese hackers working for the intelligence services and the military, according to four government officials who spoke on the condition of anonymity. 

The Trump administration also plans to declassify intelligence reports to reveal Chinese efforts dating to at least 2014 to build a database containing names of executives and American government officials with security clearances.
Other options include an executive order intended to make it harder for Chinese companies to obtain critical components for telecommunications equipment, a senior American official with knowledge of the plans said.
The moves stem from a growing concern within the administration that the 90-day trade truce negotiated two weeks ago by President Trump and Xi Jinping in Buenos Aires might do little to change China’s behavior — including the coercion of American companies to hand over valuable technology if they seek to enter the Chinese market, as well as the theft of industrial secrets on behalf of state-owned companies.
The hacking of Marriott’s Starwood chain, which was discovered only in September and revealed late last month, is not expected to be part of the coming indictments. 

But two of the government officials said that it has added urgency to the administration’s crackdown, given that Marriott is the top hotel provider for American government and military personnel.
It also is a prime example of what has vexed the Trump administration as China has reverted over the past 18 months to the kind of intrusions into American companies and government agencies that Barack Obama thought he had ended in 2015 in an agreement with Chinese Xi.
Trade negotiators on both sides of the Pacific have been working on an agreement under which China would commit to purchasing $1.2 trillion more of American goods and services over the next several years, and would address intellectual property concerns.
Trump said Tuesday that the United States and China were having “very productive conversations” as top American and Chinese officials held their first talks via telephone since the two countries agreed to a truce on Dec. 1.
But while top administration officials insist that the trade talks are proceeding on a separate track, the broader crackdown on China could undermine Mr. Trump’s ability to reach an agreement with Xi.

Another obstacle is the targeting of high-profile technology executives, like Meng Wanzhou, the chief financial officer of the communications giant Huawei and daughter of its founder.
The arrest of Meng, who has been detained in Canada on suspicion of fraud involving violations of United States sanctions against Iran, has angered China. 

She was granted bail of 10 million Canadian dollars, or $7.5 million, while awaiting extradition to the United States, a Canadian judge ruled on Tuesday.
Trump, in an interview on Tuesday with Reuters, said that he would consider intervening in the Huawei case if it would help serve national security and help get a trade deal done with China. 

Such a move would essentially pit Trump against his own Justice Department, which coordinated with Canada to arrest Meng as she changed planes in Vancouver, British Columbia.
“If I think it’s good for what will be certainly the largest trade deal ever made — which is a very important thing — what’s good for national security — I would certainly intervene if I thought it was necessary,” Trump said.
American business leaders have been bracing for retaliation from China, which has demanded the immediate release of Meng and accused both the United States and Canada of violating her rights.
On Tuesday, the International Crisis Group said that one of its employees, a former Canadian diplomat, had been detained in China. 

The disappearance of the former diplomat, Michael Kovrig, could further inflame tensions between China and Canada.
“We are doing everything possible to secure additional information on Michael’s whereabouts, as well as his prompt and safe release,” the group said in a statement on its website.
From the first revelation that the Marriott chain’s computer systems had been breached, there was widespread suspicion in both Washington and among cybersecurity firms that the hacking was not a matter of commercial espionage, but part of a much broader spy campaign to amass Americans’ personal data.
While American intelligence agencies have not reached a final assessment of who performed the hacking, a range of firms brought in to assess the damage quickly saw computer code and patterns familiar to operations by Chinese actors.
The Marriott database contains not only credit card information but passport data. 

Lisa Monaco, a former homeland security adviser under Obama, noted last week at a conference that passport information would be particularly valuable in tracking who is crossing borders and what they look like, among other key data.
But officials on Tuesday said it was only part of an aggressive operation whose centerpiece was the 2014 hacking into the Office of Personnel Management. 

At the time, the government bureau loosely guarded the detailed forms that Americans fill out to get security clearances — forms that contain financial data; information about spouses, children and past romantic relationships; and any meetings with foreigners.
Such information is exactly what the Chinese use to root out spies, recruit intelligence agents and build a rich repository of Americans’ personal data for future targeting. 

With those details and more that were stolen from insurers like Anthem, the Marriott data adds another critical element to the intelligence profile: travel habits.
James A. Lewis, a cybersecurity expert at the Center for Strategic Studies in Washington, said the Chinese have collected “huge pots of data” to feed a Ministry of State Security database seeking to identify American spies — and the Chinese people talking to them.
“Big data is the new wave for counterintelligence,” Mr. Lewis said.
“It’s big-data hoovering,” said Dmitri Alperovitch, the chief technology officer at CrowdStrike, who first highlighted Chinese hacking as a threat researcher in 2011. 

“This data is all going back to a data lake that can be used for counterintelligence, recruiting new assets, anticorruption campaigns or future targeting of individuals or organizations.”
In the Marriott case, Chinese spies stole passport numbers for up to 327 million people — many of whom stayed at Sheraton, Westin and W hotels and at other Starwood-branded properties. 

But Marriott has not said if it would pay to replace those passports, an undertaking that would cost tens of billions of dollars.
Instead, Connie Kim, a Marriott spokeswoman, said the hotel chain would cover the cost of replacement if “fraud has taken place.” 

That means the company would not cover the cost of having exposed private data to the Chinese intelligence agencies if they did not use it to conduct commercial transactions — even though that is a breach of privacy and, perhaps, security.
And even for those guests who did not have passport information on file with the hotels, their phone numbers, birth dates and itineraries remain vulnerable.
That data, Mr. Lewis and others said, can be used to track which Chinese citizens visited the same city, or hotel, as an American intelligence agent who was identified in data taken from the Office of Personnel Management or from American health insurers that document patients’ medical histories and Social Security numbers.
The effort to amass Americans’ personal information so alarmed government officials that in 2016, the Obama administration threatened to block a $14 billion bid by China’s Anbang Insurance Group Co. to acquire Starwood Hotel & Resorts Worldwide, according to one former official familiar with the work of the Committee on Foreign Investments in the United States, a secretive government body that reviews foreign acquisitions.
Ultimately, the failed bid cleared the way later that year for Marriott Hotels to acquire Starwood for $13.6 billion, becoming the world’s largest hotel chain.
As it turned out, it was too late: Starwood’s data had already been stolen by Chinese, though the breach was not discovered until this past summer, and was disclosed by Marriott on Nov. 30.
It is unclear that any kind of trade agreement reached with China by the Trump administration can address this kind of theft.
The Chinese regard intrusions into hotel chain databases as a standard kind of espionage. 

And the Office of Personnel Management hacking was viewed by American intelligence officials with admiration. 

“One thing is very clear to me, and it is that they are not going to stop this,” Mr. Alperovitch said.
Since 2012, analysts at the National Security Agency and its British counterpart, the GCHQ, have watched with growing alarm as sophisticated Chinese hackers, based in Tianjin, began switching targets from companies and government agencies in the defense, energy and aerospace sectors to organizations that housed troves of Americans’ personal information.

Chinese Theft of Trade Secrets

America’s overt payback for China’s covert espionage
By David Ignatius

Chinese dictator Xi Jinping in Beijing on Nov. 2. 

While the U.S.-China trade war has been getting the headlines, U.S. intelligence and law enforcement agencies have been waging a quieter battle to combat Chinese theft of trade secrets from American companies — a practice so widespread that even boosters of trade with China regard it as egregious.
The Trump administration’s campaign of tariffs will eventually produce some version of a truce.
But the battle against Beijing’s economic espionage is still accelerating, and it may prove more important over time in leveling the playing field between the two countries.
To combat Chinese spying and hacking, U.S. intelligence agencies are increasingly sharing with the Justice Department revelatory information about Chinese operations.
That has led to a string of recent indictments and, in one case, the arrest abroad of a Chinese spy and his extradition to the United States to face trial.
The indictments don’t just charge violations of law; they also expose details of Chinese spycraft.
And there’s a hidden threat: The Chinese must consider whether the United States has blown the covers of not just the people and organizations named in the criminal charges but also others with whom they came in contact.
This law enforcement approach to counterespionage requires public disclosure of sensitive information, something that intelligence agencies often resist.
But it seems to be an emerging U.S. strategy.
The Justice Department has pursued a similar open assault on Russian cyberespionage, with three recent indictments naming a score of Russian operatives and disclosing their hacking techniques, malware tools and planned targets.
China, like Russia, is displaying an increasingly freewheeling and entrepreneurial approach to espionage. 
Several indictments unsealed since September reveal how the Ministry of State Security, the Chinese spy service, has operated through its regional bureaus — in this case the Jiangsu provincial office of the MSS — to obtain precious U.S. technology.
The indictments allege that from 2010 to 2015, the Jiangsu branch ran a team of nine hackers who tried to steal U.S. techniques for making jet engines. 
This is a subtle and highly valuable aspect of aerospace technology, one of the few that China hasn’t yet mastered or stolen, and the Chinese evidently wanted to obtain by stealth what they couldn’t produce on their own.
“The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy and shareholder money into the development of products,” said Adam Braverman, the U.S. attorney in San Diego who helped prosecute the cases.
The San Diego indictment lists the hacker names used by the conspirators, handles such as “Cobain,” “sxpdlcl” and “mer4en7y.”

Yanjun Xu, who also uses the names Qu Hui and Zhang Hui, was extradited to the US with help from Belgian authorities for seeking to steal trade secrets and other sensitive information from GE Aviation, an American company that leads the way in aerospace.

A separate indictment charged an MSS officer named Yanjun Xu, a deputy division director in the Jiangsu bureau, with trying to steal jet engine secrets from GE Aviation; Xu was arrested in April in Belgium after he began trying to penetrate the company’s operations, and he was extradited to the United States last month.

Ji Chaoqun: US army reservist accused of trying to recruit Chinese spies

The United States in September arrested a U.S. Army reservist named Ji Chaoqun and charged that he had helped the Chinese gain information about aerospace industry targets.
This month, the Justice Department also unsealed a September indictment that accused a Chinese company and its Taiwanese partner, both funded by the Chinese government, of trying to steal eight trade secrets for a memory-chip technology known as DRAM from Micron Technology Inc., based in Silicon Valley.
The indictment notes that the Chinese government had identified DRAM as “a national economic priority” that Beijing was determined to obtain.
The indictment, brought by the U.S. attorney in San Jose, uses blunt language to describe the plot: “In order to develop DRAM technology and production capabilities without investing years of research and development and the expenditure of many millions of dollars,” the defendants “conspired to circumvent Micron’s restrictions on its proprietary technology.”
What gives these indictments extra bite is that Xi Jinping had promised back in 2015 that China wouldn’t conduct economic cyberespionage anymore.
That pledge followed an indictment the previous year that revealed an elaborate plot by Chinese military hackers to steal U.S. commercial secrets.
But in the espionage world, promises not to spy are dubious at best. 

Jerry Chun Shing Lee: ex-CIA officer at the centre of one of the largest US intelligence breaches in decades.

Over the past three years, the Justice Department has charged former CIA officer Jerry Chun Shing Lee and five other Americans with stealing secrets on behalf of Beijing.
As a rising power, China is also a rising threat in the intelligence sphere.
The U.S. counterattack, in part, seems to be a public revelation of just how and why Beijing is stealing America’s secrets — overt payback for covert espionage.

Cyber War

While everyone obsesses over Russia, China is stealing our data blind

By Ned Ryun

With all the focus on Russian hacking, Russian ambition, and Russian threats to U.S. national economic security, another Red Threat continues seemingly unabated: China’s ongoing effort to compete as a global economic power equal to, if not exceeding, the United States. 

China has the population and the economic ability to compete, and has made its ambitions crystal clear with its Made in China 2025 plans.
Part of the strategy is being played out now in the battle over tariffs and trade policy, but far more important to the U.S. innovation economy is the ongoing battle over forced technology transfers and Chinese efforts to steal U.S. intellectual property and control as much data online as possible.
Over the past decade, Chinese hackers have launched cyber-attacks, stealing data from the U.S. Congress, the U.S Department of Defense, and the federal Office of Personnel Management, one of the largest data breaches and thefts of American worker identities in history. 

The Chinese have run sustained cyber operations against our oil industry, critical infrastructure and utility industries, and the entertainment industry. 

 With trade tensions running higher, China’s interest in hacking U.S. private businesses for data, trade secrets and intellectual property has only increased.
As noted by Wired magazine, Chinese government-backed hackers are also interested in so-called “command and control” opportunities in the U.S., everything from satellites and main frame computers to in-home laptops and security cameras. 

 Yes, the Chinese are even interested in that nanny cam you may have in your nursery.
For some hackers, dealing with personal, in-home technology is a game to show what they can accomplish. 

But for other hackers, it’s an effort to find new ways to access personal information and find security holes that might allow them to launch far greater cyber-attacks from home networks.
American consumers, while alarmed by such data breaches as the Yahoo email hack in which almost 3 billion consumers had personally identifiable information stolen, or the various retail chain hacks such as Target and Neiman Marcus, still tend to be lax about the security measures they use and fewer than 15 percent utilize security measures like password keepers to secure access to their important web sites and data like bank and investment accounts, health care information and access to their cloud storage, where they upload everything from legal documents, financial information and tax returns, to family photos, music and movies.
The cloud and the access the cloud can enable to home networks is increasingly where consumers should be concerned. 

Most probably aren’t asking where the data from their smart devices is going, or who has access to that data. 

Nor are they asking what the rules and regulations governing 3rd party access to that data are and where is it actually stored.
But they should be.
Most consumers are completely unaware that the smart devices, on which they’ve come to rely for everyday home convenience, transmit data back to a platform that is then stored on “the cloud.” When you go to Walmart or Target and buy a camera-enabled smart TV or a baby cam monitor, you don’t consider that the digital video feed might be transmitted to and stored in a cloud outside the United States and viewed by a hostile, foreign government like the Chinese.
But that is exactly what is happening.
Those smart, internet of things (IoT) devices, which numbered just over 8 billion in 2017, require platforms to “plug into” and a significant amount of those devices have agreements with platforms controlled by Chinese nationals with obvious ties to the Chinese government. 

 That’s right, not kidding: the communist Chinese government has access to your home via those smart devices.
This entire trend of the internet of things and smart devices is only going to accelerate: there are estimates that by 2020 there will be over 20 billion IoT devices, all plugged in to some platform somewhere. 

What retailers are not telling you is that those technological wonders rely on platforms and cloud storage controlled by Chinese – sure it’s in the fine print on page 36 of the disclosures, but when was the last time you actually read all of the fine print? 

 But if you did, would you still buy those phones and cameras that plug into certain platforms?
If consumers start demanding up-front, full disclosure from retailers prior to purchase, they’d likely find consumers drawn to the devices that use the American based platforms, even if those devices cost a dollar or two more. 

We can be assured that the Chinese are going to wage this cyber war. 

 That doesn’t mean American consumers have to help them win.

Chinese hackers secured a trove of highly sensitive data on submarine warfare

Chinese Hackers Steal Unclassified Data From Navy Contractor

By Helene Cooper

Defense Secretary Jim Mattis recently disinvited the Chinese military from a large, multinational naval exercise this summer.

WASHINGTON — China has stolen sensitive data related to naval warfare from the computers of a Navy contractor, American officials said on Friday, in another step in the long-running cyberwar between two global adversaries.
The breach occurred this year, the officials said, when Chinese government hackers infiltrated the computers of a company working on a Navy submarine and underwater programs contract. 

The company, which was not identified, was doing work for the Naval Undersea Warfare Center, which is based in Newport, R.I.
Officials said that the data gleaned by China was unclassified.
Navy officials declined to speak publicly about the hack, which was first reported by The Washington Post.
But in a statement, Lt. Marycate Walsh, a Navy spokeswoman, cited “measures in place that require companies to notify the government when a cyberincident has occurred that has actual or potential adverse effects on their networks that contain controlled unclassified information.”
She said it would be “inappropriate to discuss further details at this time.”
China and the United States have been locked in an escalating fight over cyber and military technology, with Beijing making rapid gains in recent years. 

American officials — from both the Trump administration and the Obama administration before it — concede that Washington has struggled to deter Chinese hacking, and have predicted the cyberattacks will increase until the United States finds a way to curb them.
The theft of the Navy system is hardly the largest, or the most sensitive, of the designs and systems stolen by Chinese hackers over the years. 

But it underscores a lesson the American government keeps learning: No matter how fast the government moves to shore up it cyberdefenses, and those of the defense industrial base, the cyberattackers move faster.
The plans for the F-35, the nation’s most expensive fighter jet in history, were taken more than a decade ago, and the Chinese model looks like an almost exact replica of its American inspiration.
A People’s Liberation Army unit, known as Unit 61398, was filled with skilled hackers who purloined corporate trade secrets to benefit Chinese state-owned industry. 

But many of its targets were defense related as well. 

Members of the unit were indicted in the last two years of the Obama administration, but none are likely to come back to the United States to stand trial.
The most sophisticated hack of American data took place at the Office of Personnel Management. 

It lost the files of about 21.5 million Americans who had filed extensive questionnaires for their security clearances. 

The forms listed far more than Social Security numbers and birth dates. 

They detailed medical and financial histories; past relationships; and details about children, parents and friends, particularly non-United States citizens.

The office stored much of the data at the Interior Department and encrypted nearly none of it. 

So when the Chinese copied it in a highly sophisticated operation, they were prepared to use big data techniques to draw a map of the American elite, who worked on which projects and who knew whom. 

The loss was so severe that American intelligence agencies canceled the deployment of new officers to China.

Lieutenant Walsh said that the Navy treated “the broader intrusion against our contractors very seriously.”
“If such an intrusion were to occur, the appropriate parties would be looking at the specific incident, taking measures to protect current info, and mitigating the impacts that might result from any information that might have been compromised,” she said.
The United States and China are wrangling over trade issues but also jointly looking to rein in North Korea’s nuclear ambitions. 

Donald Trump is headed to Singapore this weekend for a June 12 summit meeting with North Korea’s leader, Kim Jong-un.
The United States and China are also tangling over Beijing’s militarization of disputed islands in the South China Sea.
Last week, Defense Secretary Jim Mattis harshly criticized the Chinese government for continuing to militarize a string of islands in the South China Sea, calling the presence of advanced military equipment and missiles there a flagrant show of military power.
To add muscle to American complaints, Mr. Mattis recently disinvited the Chinese military from a large, multinational naval exercise this summer — in part because of the anti-ship and surface-to-air missiles, and other weapons, that China has positioned on the Spratly Islands.
A United States official, speaking on the condition of anonymity because he was not allowed to be identified in discussing the issue, said the Navy was investigating the breach with the help of the F.B.I.