The U.S. Department of Justice building is pictured in Washington, U.S., March 21, 2019.
Leah Millis | Reuters
WASHINGTON — The Department of Justice on Tuesday accused two Chinese nationals, who it said were working on behalf of the Chinese government, of stealing trade secrets and hacking into computer systems of firms working on the Covid-19 vaccine.
According to the 11-count indictment, Li Xiaoyu, 34, and Dong Jiazhi, 33, conducted a global hacking campaign for more than a decade. The indictment alleges that the defendants were able to successfully steal terabytes of data from the United States as well as Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden and the United Kingdom.
The DOJ said in a statement that high-tech manufacturing processes, gaming software, solar energy engineering, pharmaceuticals and defense industries were among those targeted in the hack.
A California technology and defense company, a Maryland technology and manufacturing company, the Department of Energy’s Hanford site in Washington, a Texas engineering firm, a Virginia defense contractor, a Massachusetts software firm, a California gaming software company and several U.S. drugmakers were among the 13 U.S. businesses that were targeted, the DOJ said.
“In at least one instance, the hackers sought to extort cryptocurrency from a victim entity, by threatening to release the victim’s stolen source code on the Internet. More recently, the defendants probed for vulnerabilities in computer networks of companies developing Covid-19 vaccines, testing technology, and treatments,” the DOJ statement said.
The news comes amid a global race to create a vaccine for the coronavirus, which originated in China late last year before spreading across the globe, infecting millions. More than 140,000 people have died from the virus in the United States, according to a tally from Johns Hopkins University.
“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cybercriminals in exchange for those criminals being ‘on-call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including Covid-19 research,” John Demers, assistant attorney general for national security, said Tuesday.
In order to conceal their efforts, the DOJ alleges, the hackers packaged victim data in encrypted Roshal Archive compressed files; changed the names of the files, victim documents and system time stamps; and concealed programs and documents. The defendants revictimized companies, government entities, and organizations from which they had previously stolen data.
The defendants are each charged with:
- one count of conspiracy to commit computer fraud, which carries a maximum sentence of five years in prison,
- one count of conspiracy to commit theft of trade secrets, which carries a maximum sentence of 10 years in prison,
- one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison,
- one count of unauthorized access of a computer, which carries a maximum sentence of five years in prison, and
- seven counts of aggravated identity theft, which each carries a mandatory sentence of two non-consecutive years in prison.
The Chinese Embassy in Washington did not immediately respond to CNBC’s request for comment.
The latest revelation comes on the heels of a string of speeches made by Trump administration officials blasting China’s use of espionage and cyberattacks to steal intellectual property from American businesses. In blistering remarks earlier this month, FBI Director Chris Wray said Chinese tactics have created “one of the largest transfers of wealth in human history.”
U.S. officials have long complained that Chinese intellectual property theft has cost the economy billions of dollars in revenue and thousands of jobs and that it threatens national security. Beijing maintains that it does not engage in intellectual property theft.