United States Justice Department officials have criticised Beijing for tolerating Chinese hackers and providing them with a safe haven instead of bringing them to justice, as they unsealed indictments against five Chinese citizens and two Malaysians in a wide-ranging hacking campaign.
“The Chinese government has the power to help stop crimes like these,” Deputy Attorney-General Jeffrey Rosen said at a media conference on Wednesday. “The Chinese government has made a deliberate choice to allow its citizens to commit computer intrusions and attacks around the world because these actors will also help the PRC (People’s Republic of China).”
Prosecutors said the five Chinese nationals hacked 100 firms in the US and other countries, including Singapore. Their targets included software development companies, social media firms, non-profit organisations, universities, think-tanks, and pro-democracy politicians and activists in Hong Kong.
Prominent electronic communications services and telecommunications providers in the US, Singapore and elsewhere were also compromised, they said. The victim firms were not named in court documents unsealed on Wednesday.
The hackers, whom the prosecutors said are currently fugitives in China, also compromised government computer networks in India and Vietnam, and targeted but failed to breach government computer networks in Britain.
In response to the allegations, Chinese Foreign Ministry spokesman Wang Wenbin said yesterday at a regular media briefing in Beijing: “The Chinese government is a staunch defender of cyber security and has always resolutely opposed and cracked down on all forms of cyber attacks and cybercrimes in accordance with the law.
“Regrettably, the US has long used cyber security issues as a tool for stigmatisation, political manipulation and spreading falsehoods and information.”
Mr Wang added: “We urge the United States to treat cyber security issues in an objective and rational manner, and jointly respond to the challenges of hacker attacks through dialogue and cooperation on the basis of mutual respect.”
Separately, the two Malaysians were charged with conspiring with two of the Chinese hackers to profit from hacks targeting the video game industry in the US and abroad by illegally obtaining or generating in-game resources and selling them in the black market through their website. The pair were arrested in Perak on Monday.
“The scope and sophistication of the crimes in these unsealed indictments is unprecedented. The alleged criminal scheme used actors in China and Malaysia to illegally hack, intrude and steal information from victims worldwide,” said Mr Michael Sherwin, the acting US attorney for the District of Columbia, where the charges were filed.
While the Justice Department did not say Beijing was behind the hackers, it noted that one of the Chinese defendants said he was “very close” to China’s Ministry of State Security and would be protected “unless something very big happens”.
WHAT THE U.S. SAYS
The Chinese government has the power to help stop crimes like these.
U.S. DEPUTY ATTORNEY-GENERAL JEFFREY ROSEN, at a media conference.
WHAT CHINA SAYS
The Chinese government is a staunch defender of cyber security and has always resolutely opposed and cracked down on all forms of cyber attacks and cybercrimes in accordance with the law.
CHINESE FOREIGN MINISTRY SPOKESMAN WANG WENBIN, responding at a regular media briefing in Beijing.
The Trump administration has brought several cases against Chinese hackers in recent months, accusing Beijing of sponsoring espionage and hacking attempts to steal US intellectual property and undermine its national security.
Pointing to the Chinese government’s lack of action in previous US hacking cases, Mr Rosen said Beijing showed a pattern of tolerating criminal activity by hackers who were willing to work on behalf of the Chinese intelligence services.
“Unfortunately, the record of recent years tells us that the Chinese Communist Party has a demonstrated history of… making China safe for their own cyber criminals, so long as they help with its goals of stealing intellectual property and stifling freedom,” said Mr Rosen.
Some defendants felt they could hack with impunity as long as they did not target domestic Chinese companies, prosecutors noted.
Mr Rosen said: “Some of these criminal actors believed their association with the PRC provided them free licence to hack and steal across the globe.”
The hacking campaign was the work of a group called Advanced Persistent Threat (APT)-41, which carries out both espionage and for-profit hacking, said the Justice Department. In a report, cyber security firm FireEye called APT-41 “a prolific cyber threat group” with two focuses: Chinese state-sponsored espionage, and cybercrime activities targeting the video game industry for personal financial gain.
The first indictment, handed down in August last year, charged Chinese nationals Zhang Haoran, 35, and Tan Dailin, 35, with 25 counts of conspiracy, wire fraud, aggravated identity theft, money laundering and other computer fraud.
They would illegally access video game company computer networks to fraudulently generate digital items of value, including in-game currency and other goodies, and sell them for a profit. They would also take action against other unrelated groups that fraudulently generate gaming items as well, attempting to eliminate their competitors.
Another indictment last month charged three more Chinese nationals – Jiang Lizhi, 35, Qian Chuan, 39, and Fu Qiang, 37 – with nine counts of racketeering, fraud, identity theft and money laundering.
They held top positions at Chengdu404, a Chinese firm headquartered in China’s Sichuan province, where they would attack supply chains, which involved gaining access to software firms and modifying their software code to further hack customers of the software providers, said prosecutors.
All five were not known to have ever resided in the US, according to court documents.
The last indictment charged Malaysian businessmen Wong Ong Hua, 46, and Ling Yang Ching, 32, with 23 counts of racketeering, conspiracy and other fraud.
Wong was the founder and chief executive of Sea Gamer Mall, a Malaysian firm selling video game goods and services, including currency and other digital items, while Ling was its chief product officer.
• Additional reporting by Tan Dawn Wei