US Prosecutors Unseal Cyber Espionage Charges Against Chinese Nationals

On November 27, 2017, US prosecutors indicted three Chinese nationals for allegedly committing identity theft, computer fraud, and abuse, and stealing trade secrets from multinational companies Moody’s Analytics, Siemens and Trimble from 2011 to 2017. These individuals were identified by US officials as Wu Yingzhou, Dong Hao, and Xia Lei, employees of Guangzhou Bo Yu Information Technology Company Limited, or Boyusec.

Boyusec is reportedly a Chinese cybersecurity firm based in Guangzhou, China. In November 2013, Boyusec was registered with the Guangzhou Administration for Industry and Commerce.

Lei is listed as an employee of Boyusec, but both Wu and Dong are listed as founding members and equity shareholders of the company. Furthermore, Dong was also Boyusec’s Executive Director and Manager.

According to the indictment, Wu, Dong and Xia conspired to launch “targeted cyber attacks against US and foreign businesses.” None of these businesses hired Boyusec, nor gave the company permission to access their computer networks.

Wu, Dong, and Xia have been charged a total of eight counts: one count each for conspiring to commit computer fraud and abuse, conspiring to commit trade secret theft and wire fraud, as well as four counts of aggravated identity theft.

These charges were announced by Acting Assistant Attorney General for National Security Dana J. Boente, Acting U.S. Attorney Soo C. Song for the Western District of Pennsylvania and Special Agent in Charge Robert Johnson of the FBI’s Pittsburgh Division.

“Once again, the Justice Department and the FBI have demonstrated that hackers around the world who are seeking to steal our companies’ most sensitive and valuable information can and will be exposed and held accountable. The Justice Department is committed to pursuing the arrest and prosecution of these hackers, no matter how long it takes, and we have a long memory,” said Acting Assistant Attorney General Boente.

Yingzhuo, Hao, and Lei allegedly used phishing scams and malware to steal intellectual property and sensitive information from Moody’s Analytics, Siemens AG, and Trimble. Moody’s Analytics, a unit of Moody’s Corporation in New York, furnishes financial analysis and risk management services, while Siemens is a large German technology company. Trimble, which operates from Sunnyvale, California, develops and manufactures GPS systems. The three hackers allegedly read the emails of one of Moody’s Analytics top economists from 2013 to 2014.

The emails from Moody’s Analytics had detailed confidential and proprietary economic information. In 2014, Dong Hao reportedly gained access to the computer networks of Siemens AG. Wu, Dong, and Xia then took around 407 gigabytes of the company’s commercial data concerning their transportation, technology and energy initiatives. And in 2015 and 2016, the alleged co-conspirators accessed Trimble’s systems networks and stole more than 275 megabytes of data, which included trade secrets of the company, as Trimble made advances in global navigation satellite systems, according to the indictment.

Acting U.S. Attorney Song explained how the cyber attacks were carried out. Song gave the details of how the alleged cyber hackers penetrated networks of the different businesses. “Defendants Wu, Dong, and Xia launched coordinated and targeted cyber intrusions against businesses operating in the United States, including here in the Western District of Pennsylvania, in order to steal confidential business information. These conspirators masked their criminal conspiracy by exploiting unwitting computers, called ‘hop points,’ conducting ‘spearphish’ email campaigns to gain unauthorized access to corporate computers, and deploying malicious code to infiltrate the victim computer networks.”

Warrants of arrest have been issued against Yingzhuo, Hao, and Lei, to the effect that the three men cannot travel in countries with whom the US has extradition treaties.

Special Agent in Charge Johnson admitted that cyber attacks are a growing problem. He also reiterated the need for agencies in different countries to work together to address these attacks.

“In order to effectively address the cyber threat, a threat that respects no boundaries and continues to grow in both its scope and complexity, law enforcement must come together and transcend borders to target criminal actors no matter where they are in the world,” said Special Agent in Charge Johnson.

For more details on the cyber attacks, please see:

https://www.justice.gov/opa/pr/us-charges-three-chinese-hackers-who-work-internet-security-firm-hacking-three-corporations

https://www.justice.gov/opa/press-release/file/1013866/download.