Justice Secures Indictments in Massive Hack Attack

In what appears to be a massive and decade-long data heist, the Justice Department has successfully indicted two hackers allegedly working both with China's Ministry of State Security and for their own profit, who DOJ said stole terabytes (and hundreds of millions of dollars worth) of intellectual property, confidential business information and personal information over 10 years and in over 10 different countries, including the U.S. 

The ll-count indictment, which was returned by a grand jury in Spokane, Wash., charges Li Xiaoyu (李啸宇), 34, and Dong Jiazhi (董家志), 33, with conducting the hacking campaign, targeting industries as divergent as high tech manufacturing, gaming software and solar energy, as well as COVID-19 research. 

The hacks involved hundreds of companies, governments, non-governmental organizations (NGOs), dissidents, clergy, and human rights activists, often targeting companies in countries with strong tech industries. 

DOJ said they conducted the hacks from a safe haven provided by the Chinese government, and with help from the government.

Related: Justice Charges Chinese Hackers

One hack involved a California software gaming company (not identified other than as a subsidiary of a Japanese company). They allegedly stole the source code for two games, one of which had not yet been released. Another was of a U.S. educational software company and included the personally identifiable information (PII) of millions of teachers and students.*

There were also gaming software hacks of companies in Sweden and Lithuania. 

“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” said Assistant Attorney General for National Security John Demers in announcing the indictments. 

Related: FCC Seeks Input on Excluding Foreign Tech 

The hack was first identified on Department of Energy computers in Eastern Washington state.  

The hackers allegedly placed malicious shell programs and credential-stealing software on the computers they hacked--often hiding them in the recycle bin--allowing them to hijack those computers. 

The indictment charges the hackers with "conspiring to steal trade secrets from at least eight known victims, which consisted of technology designs, manufacturing processes, test mechanisms and results, source code, and pharmaceutical chemical structures." 

The defendants could face up to 50 years in prison. They are each charged with one count of conspiracy to commit computer fraud (a maximum of five years in prison); one count of conspiracy to commit theft of trade secrets (a maximum of ten years); one count of conspiracy to commit wire fraud, (20 years maximum; one count of unauthorized access of a computer (five years maximum) and seven counts of aggravated identity theft (a mandatory sentence of two non-consecutive years).  

Related: House GOP Leaders Tell President to Get Tougher on Chinese Hackers

House Energy & Commerce Committee Republicans, who just this week called on the Trump Administration to come down harder on China's hacking regime (see link, above), praised the move but want more. 

"Earlier this week, Energy and Commerce Committee Republican Leader Greg Walden (R-Ore), Foreign Affairs Committee Republican Leader Michael McCaul (R-Tex.), and Financial Services Republican Leader Patrick McHenry (R-N.C.) wrote a letter to President Trump urging action from the administration, including imposing sanctions, to hold China-linked hackers accountable," they said in response to the DOJ action. "Today, the Department of Justice indicted two Chinese hackers – working on behalf of the Chinese government – on 11 counts of hacking in an effort to access critical information, including sensitive data about potential COVID-19 vaccines. This is a strong step in the right direction, but more must be done."

Among the more they are looking for it more transparency. They have asked for a briefing from the Department of Treasure (and State) as well as whichever other agency the President deems relevant, so they can get a sense of the scope both of the attacks and the U.S. response.

* A spokesperson for major distance learning player Discovery Education said it was not the unnamed ed tech company cited in the DOJ indictment.

John Eggerton

Contributing editor John Eggerton has been an editor and/or writer on media regulation, legislation and policy for over four decades, including covering the FCC, FTC, Congress, the major media trade associations, and the federal courts. In addition to Multichannel News and Broadcasting + Cable, his work has appeared in Radio World, TV Technology, TV Fax, This Week in Consumer Electronics, Variety and the Encyclopedia Britannica.