U.S. indicts three Chinese nationals for committing large-scale identity theft

U.S. indicts three Chinese nationals for committing large-scale identity theft

EU Parliament calls for action against cyber threats posed by China

A U.S. court has indicted three Chinese nationals for sending phishing emails to and conducting malware attacks on U.S.-based private companies in order to steal sensitive and valuable information.

The three Chinese nationals were found guilty of committing trade secret theft, wire fraud, and conspiring to commit computer fraud and abuse.

Yesterday, the U.S. Department of Justice announced that the said Chinese nationals were residents of Guangzhou in China and were running a cyber security firm named Boyusec. It added that between 2011 and May of this year, the hackers ‘conspired to hack into private corporate entities in order to maintain unauthorized access to, and steal sensitive internal documents and communications from such private companies.

‘Defendants Wu, Dong and Xia launched coordinated and targeted cyber intrusions against businesses operating in the United States, including here in the Western District of Pennsylvania, in order to steal confidential business information,’ said Acting U.S. Attorney Song.

‘These conspirators masked their criminal conspiracy by exploiting unwitting computers, called ‘hop points,’ conducting ‘spearphish’ email campaigns to gain unauthorized access to corporate computers, and deploying malicious code to infiltrate the victim computer networks,’ he added.

Through their phishing campaigns and malware attacks, the said hackers were not only able to breach networks at several U.S. based private companies like Moody’s Analytics, Siemens AG and Trimble Inc., but were also able to get their hands on confidential trade secrets and sensitive employee information.

According to the DoJ, the hackers conducted their operations with the primary goal of copying or stealing confidential data from affected computers, as well as sensitive victim employee information such as usernames and passwords. They probably managed to gain access to ‘hundreds of gigabytes of data regarding the housing finance, energy, technology, transportation, construction, land survey, and agricultural sectors’.

The three Chinese nationals have been charged with one count for conspiring to commit computer fraud and abuse, one for conspiring to commit trade secret theft, one for wire fraud, and four counts for aggravated identity theft. The combined penalty of such crimes adds up to 42 years in prison.

The said hackers stole trade secrets and sensitive corporate information from GPS maker Trimble Inc. so that they could use such knowledge on developing a Global Navigation Satellite Systems technology designed to improve the accuracy of location data on mobile devices. They also stole 407 GB worth proprietary commercial data about Siemens’s energy, technology and transportation businesses in 2015.

Between 2013 and 2014, the hackers also ‘accessed the internal email server of Moody’s Analytics and placed a forwarding rule in the email account of a prominent employee’. As such, they were able to access all e-mails received by such employee and these e-mails contained proprietary and confidential economic analyses, findings and opinions.

The DoJ announcement, however, did not comment on whether the Chinese government was aware of the hack or whether the hacking operation conducted by the three indicted Chinese nationals were state-sponsored.

Copyright Lyonsdown Limited 2021

Top Articles

Amazon fined a staggering £636 million in Europe for GDPR violations

Luxembourg’s National Commission for Data Protection (CNPD) has imposed an unprecedented fine of €746 million (£636 million) on Amazon for GDPR violations.

SysAdmin Day 2021: Paying thanks to the unsung IT heroes

Today is SysAdmin Day when we should pay tribute to the system administrators working around the clock to keep business running smoothly

Former First Sea Lord says Royal Navy ships are vulnerable to hackers

A former First Sea Lord has warned that Royal Navy ships and Britain's merchant fleet could become sitting ducks for hackers if adversaries find ways to knock out satellite communications.

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]