Chinese Fugitives Charged with Hacking 100 Firms Including Telcos

The US Department of Justice (DoJ) is seeking the arrest of five Chinese fugitives indicted for multiple hacking crimes against more than 100 victims worldwide. Per their announcement:

…a federal grand jury in Washington, D.C., returned two separate indictments charging five computer hackers, all of whom were residents and nationals of the People’s Republic of China (PRC), with computer intrusions affecting over 100 victim companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

The intrusions, which security researchers have tracked using the threat labels “APT41,” “Barium,” “Winnti,” “Wicked Panda,” and “Wicked Spider,” facilitated the theft of source code, software code signing certificates, customer account data, and valuable business information. These intrusions also facilitated the defendants’ other criminal schemes, including ransomware and “crypto-jacking” schemes, the latter of which refers to the group’s unauthorized use of victim computers to “mine” cryptocurrency.

The DoJ was scathing about the attitude of the Chinese government. Deputy Attorney General Jeffrey Rosen (pictured) remarked:

Ideally, I would be thanking Chinese law enforcement authorities for their cooperation in this matter and the five Chinese hackers would now be in custody awaiting trial. Unfortunately, the record of recent years tells us that the Chinese Communist Party has a demonstrated history of choosing a different path, that of making China safe for their own cyber criminals, so long as they help with its goals of stealing intellectual property and stifling freedom.

Less than two months ago, Assistant Attorney General Demers was at this podium to announce an indictment in another hacking case in which the Chinese government tolerated the defendants’ criminal activity because those defendants were willing to work on behalf of the Chinese intelligence services. And here we are again. In this case, one of the Chinese defendants is accused of boasting to a colleague that he was “very close” to the Ministry of State Security and would be protected “unless something very big happens.” The hacker and his associate agreed not to “touch domestic stuff anymore.”

We know the Chinese authorities to be at least as able as the law enforcement authorities here and in like-minded states to enforce laws against computer intrusions. But they choose not to.

Jiang Lizhi (蒋立志), Qian Chuan (钱川) and Fu Qiang (付强) are accused of…

…computer intrusion offenses affecting over 100 victim companies, organizations, and individuals in the United States and around the world, including in Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam. The defendants also compromised foreign government computer networks in India and Vietnam, and targeted, but did not compromise, government computer networks in the United Kingdom. In one notable instance, the defendants conducted a ransomware attack on the network of a non-profit organization dedicated to combating global poverty.

Zhang Haoran (张浩然) and Tan Dailin (谭戴林) were accused of participating in a hacking conspiracy that targeted high-technology and similar organizations. They also hacked video game companies in the United States, France, Japan, Singapore, and South Korea with the help of two Malaysian nationals, Wong Ong Hua and Ling Yang Ching. The video game scam involved obtaining or generating video game currency and other valuable items, which were then sold for a profit. Both Malaysians have already been arrested by the Malaysian authorities.

The DoJ thanked Microsoft, Google, Facebook and Verizon Media for helping their investigations. They also observed how big tech firms had used technical measures to proactively limit the hackers’ activities even though they remain at large.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.