U.S. charges Chinese hackers with targeting virus research

The Associated Press

Hackers working with the Chinese government targeted firms developing coronavirus vaccines and stole intellectual property and trade secrets worth hundreds of millions of dollars from companies all over the world, the U.S. Justice Department said in late July 2020 when it announced charges.

The indictment does not accuse the defendants of obtaining coronavirus research, but it underscores how foreign governments and criminal hackers are targeting scientific innovation during the pandemic. In this case, the hackers researched vulnerabilities in computer networks of biotech firms and diagnostic companies that were developing vaccines and testing kits and researching antiviral drugs.

The indictment includes trade secret theft and wire fraud conspiracy charges against the hackers, who are former classmates at an electrical engineering college. Prosecutors said they worked together for more than a decade targeting high-tech companies in more than 10 countries.

The alleged hackers, Li Xiaoyu and Dong Jiazhi, are charged with stealing information not only for their personal profit but also to help the government of the People’s Republic of China (PRC).

In some instances, they provided an officer for a PRC intelligence service the email accounts and passwords belonging to clergymen, dissidents and pro-democracy activists who could be targeted, the indictment said. The officer provided malicious software after one of the hackers struggled to compromise the mail server of a Burmese human rights group.

The defendants are not in custody, and federal officials conceded they are not likely to appear in a U.S. courtroom. The indictment carries important deterrence value, however, for the Justice Department, which decided that publicly calling out the behavior was more worthwhile than waiting for the unlikely scenario in which the defendants would travel to the U.S. and risk arrest.

The hacking began more than 10 years ago, with targets including pharmaceutical, solar energy and medical device companies but also political dissidents, activists and clergy in the United States, China and Hong Kong, federal authorities said.

The charges were brought after U.S. officials delivered public warnings about PRC government efforts to steal trade secrets for Beijing’s financial benefit and to covertly influence U.S. policy.

The hacking is part of what Assistant Attorney General John Demers, the Justice Department’s top national security official, described as a sweeping effort to “rob, replicate and replace” emerging technologies.

In addition, he said, “China is providing a safe haven for criminal hackers who, as in this case, are hacking in part for their own personal gain but willing to help the state — and on call to do so.”

The criminal charges are the first from the Justice Department accusing foreign hackers of targeting innovation related to the coronavirus, although U.S. and Western intelligence agencies have warned about those efforts for months.