U.S. Readies Charges Against Chinese Hackers

0

The U.S. Department of Justice has been acting against China for its cyber-enabled economic espionage.

The U.S. Department of Justice has been acting against China for its cyber-enabled economic espionage.


Photo:

jim bourg/Reuters

Federal prosecutors are expected to unseal criminal charges as soon as next week against hackers linked to the Chinese government who have allegedly engaged in a sophisticated multiyear scheme to break into U.S. technology service providers in order to compromise the networks of their clients, according to people familiar with the matter.

U.S. officials have described the hacking campaign as one of the most audacious and damaging orchestrated by China to date, intended to steal intellectual property and support Beijing’s espionage goals. The hacks have allowed intruders potential access to scores of American companies and government agencies that rely on the service providers for a wide range of digital tasks, such as the remote management of technology infrastructure or cloud storage.

The charges have been expected for several weeks and are intended as the latest in a flurry of recent actions taken by the Justice Department to publicly admonish China for its cyber-enabled economic espionage on American companies. Private-sector cybersecurity researchers previously have identified those attacks as the work of a hacking enterprise known as “APT 10” or “cloudhopper,” which they link to Beijing. APT stands for “advanced persistent threat.”

The charges are likely to further inflame relations between Washington and Beijing, which were strained again this week following the arrest in Canada of a top executive of the Chinese telecommunications giant Huawei Technologies Co. at the behest of American authorities. The Huawei case is unrelated to the looming hacking charges.

The Justice Department declined to comment.

The timing of the release of the charges was held up due to concerns among some U.S. officials and allied countries that they could disrupt proceedings at last week’s Group of 20 summit in Argentina, according to a U.S. official. At the G20 gathering, President Trump and Chinese President Xi Jinping agreed to a trade truce that would include negotiations on “cyber intrusions and cyber theft,” according to a statement from the White House.

Prosecutors in October unsealed charges against 10 Chinese intelligence officers and other individuals that described in elaborate detail a methodical, persistent campaign to hack into several American aviation companies. The Justice Department followed up just two days later with more charges against a  Chinese state-owned firm and its Taiwan partner for allegedly stealing trade secrets from the U.S.’s largest memory-chip maker,

Micron Technology
Inc.

Taken collectively, the charges represent the most significant effort yet by law-enforcement officials to publicize and condemn Beijing’s intrusions of American businesses. The effort relies on a mix of cyberattacks and on-the-ground recruiting to siphon technological secrets in what some U.S. officials have labeled the greatest transfer of wealth in history. The total cost to the U.S. economy of China’s alleged thefts costs the U.S. economy hundreds of billions of dollars annually, according to some government estimates.

In public and private, senior U.S. officials have described the hacking campaign targeting technology service providers as perhaps the most serious of any of Beijing’s cyber theft operations, potentially impacting hundreds or thousands of companies in total. In October, the Department of Homeland Security warned of an active hacking campaign targeting technology service providers in the energy, health-care, communications and manufacturing industries for the purposes of espionage and intellectual property theft.

The service providers often are not the initial victim; instead, hackers sometimes breach a client company in order to jump into the provider’s systems, from where they can then leapfrog into other client networks.

“We view it as the platform the Chinese are using for whatever they need,” Rob Joyce, a senior official at the National Security Agency, said in an interview in October. That could include additional espionage, theft of intellectual property and, potentially, groundwork for disruptive operations, Mr. Joyce said.

“If they get into a managed service provider, then they can go to any of the customers of those providers,” Mr. Joyce said. “So we are really concerned. And that’s why you are seeing the government saying, we’ve got to deal with it, push them out, make sure they don’t have that toehold.”

Speaking at a conference in San Francisco last month, Mr. Joyce also flatly accused China of violating an accord it signed with the U.S. three years ago pledging not to engage in hacking for the purposes of economic espionage. Though the 2015 pact between then-President Barack Obama and President Xi led to a significant decline in Chinese cyber theft of corporate secrets from American companies, Beijing’s commitment to that deal has eroded, Mr. Joyce said.

Many U.S.-based cybersecurity researchers have echoed that conclusion. Adrian Nish, head of threat intelligence at BAE Systems, said China’s hacks on technology service providers declined following the April 2017 publication of a report by his company and PricewaterhouseCoopers, but that activity picked up again early this year.

“For Western business environments, I think APT 10 is probably the most significant Chinese threat group that’s out there,” Mr. Nish said.

Write to Dustin Volz at dustin.volz@wsj.com