US accuses Chinese hackers in targeting of COVID-19 research

US accuses Chinese hackers in targeting of COVID-19 research

US accuses Chinese hackers in targeting of COVID-19 research

WASHINGTON — Hackers working with the Chinese government targeted firms developing vaccines for the coronavirus and stole hundreds of millions of dollars worth of intellectual property and trade secrets from companies across the world, the Justice Department said Tuesday as it announced criminal charges.

The indictment does not accuse the two Chinese defendants of actually obtaining the coronavirus research, but it does underscore the extent to which scientific innovation has been a top target for foreign governments and criminal hackers looking to know what American companies are developing during the pandemic. In this case, the hackers researched vulnerabilities in the computer networks of biotech firms and diagnostic companies that were developing vaccines and testing kits and researching antiviral drugs.

The charges are the latest in a series of aggressive Trump administration actions targeting China. They come as President Donald Trump, his reelection prospects damaged by the coronavirus outbreak, has blamed China for the pandemic and as administration officials have escalated their denunciations of Beijing, including over alleged efforts to steal intellectual property through hacking.

The indictment includes trade secret theft and wire fraud conspiracy against the hackers, former classmates at an electrical engineering college who prosecutors say worked together for more than a decade targeting high-tech companies in more than 10 countries.

The hackers, identified as Li Xiaoyu and Dong Jiazhi, stole information not only for their personal profit but also research and technology that they knew would be of value to the Chinese government, prosecutors say.

In some instances, the indictment says, they provided an officer for a Chinese intelligence service with whom they worked email accounts and passwords belonging to clergymen, dissidents and pro-democracy activists who could then be targeted. The officer gave help of his own, providing malicious software after one of the hackers struggled to compromise the mail server of a Burmese human rights group.

The two defendants are not in custody, and federal officials conceded Tuesday that they were not likely to step foot in an American courtroom. But the indictment carries important symbolic and deterrence value for the Justice Department, which decided that publicly calling out the behaviour was more worthwhile than waiting for the unlikely scenario in which the defendants would travel to the U.S. and risk arrest.

The hacking began more than 10 years ago, with targets including pharmaceutical, solar and medical device companies but also political dissidents, activists and clergy in the United States, China and Hong Kong, federal authorities said.

The charges were brought as Trump administration officials, including national security adviser Robert O’Brien and Attorney General William Barr, have delivered public warnings about what they say are Chinese government efforts to use hacking to steal trade secrets for Beijing’s financial benefit and to covertly influence American policy.

The hacking is part of what Assistant Attorney General John Demers, the Justice Department’s top national security official, described as a sweeping effort to “rob, replicate and replace” strategy for technological development.

In addition, he said, “China is providing a safe haven for criminal hackers who, as in this case, are hacking in part for their own personal gain but willing to help the state — and on call to do so.”

The criminal charges are the first from the Justice Department accusing foreign hackers of targeting innovation related to the coronavirus, though U.S. and Western intelligence agencies have warned for months about those efforts.

Last week, for instance, authorities in the U.S., Canada and the United Kingdom accused a hacking group with links to Russian intelligence of trying to target research on the disease, which has killed more than 140,000 people in the United States and more than 600,000 worldwide, according to figures compiled by Johns Hopkins University.

The indictment describes multiple efforts by the hackers to snoop on companies engaged in coronavirus-related research, though it does not accuse them of success in any theft.

Prosecutors say Li in January conducted reconnaissance on the computer network of a Massachusetts biotech firm known to be researching a potential vaccine, and searched for vulnerabilities on the network of a Maryland firm less than a week after the company said it was conducting similar scientific work.

Li also probed the networks of a California diagnostics company involved in developing testing kits, and a biotech firm from the same state that was researching antiviral drugs.

Hacking of vaccine information slows down research as the institution must scramble not only to fix the breach but also to ensure the data it has accumulated has not been altered, Demers said.

“Once someone is in your system, they can not only take the data, they can manipulate the data,” Demers said. “We do worry to that extent that there could be a slowdown in the research efforts of that particular institution.”

The indictment was returned earlier this month in federal court in the Eastern District of Washington, where the hacking outlined by prosecutors was first discovered at the Department of Energy’s Hanford site.

“If it can occur there, we all must know that it can occur anywhere,” U.S. Attorney William Hyslop said of his district.

The Chinese Embassy in Washington, D.C., did not directly respond to the indictment but pointed to remarks made last week by the Foreign Ministry spokesperson, who described China as the victim of “groundless speculations” but also a country whose scientific prowess means it does not need to “secure an edge by theft.”

Ben Buchanan, a Georgetown University professor and author of “The Hacker and the State,” said that though the U.S. has made clear its views on what kinds of economic espionage are permitted and not permitted, it is unclear where it draws the line on espionage related to the coronavirus or what kind of espionage the U.S. might conduct.

He said he was not sure that this indictment, without other meaningful consequences, would get China to cease its activities.

“The upside of spying in this way is simply too high for many governments to pass up,” Buchanan said in an email.

_____

Associated Press writer Frank Bajak in Boston contributed to this report.

Eric Tucker, The Associated Press

Coronavirus

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Alberta Premier Jason Kenney said the Canadian government should consider sanctions on the U.S. if they refuse to reconsider the decision to cancel the Keystone XL Pipeline. (THE CANADIAN PRESS/Sean Kilpatrick
Keystone XL officially cancelled, Kenney vows to fight on

U.S. President Joe Biden cancelled the presidential permit for the pipeline on first day of office

Alberta’s chief medical officer of health Dr. Deena Hinshaw said province’s test positivity rate for COVID-19 is steadily declining. (Photo by Chris Schwarz/Government of Alberta)
669 new COVID-19 cases in Alberta, 21 additional deaths

COVID-19 test positivity rate down to 4.5 per cent

It was a special treat day at Points West Living in Stettler as the local Dairy Queen donated mini blizzard treats for residents and staff to enjoy. It was a way to celebrate the end of a recent COVID-19 outbreak at the facility. (Photos submitted)
It was a special treat day at Stettler’s Points West Living recently

Dairy Queen provided 150 mini-blizzards for staff and residents

book
Stettler Learning Centre staff broaden services in challenging times

“We are creative, we are innovative and we are resilient. We are flexible and we want to adapt.”

Alberta Chief Medical Officer of Health Dr. Deena Hinshaw reported an additional 456 COVID-19 cases over the past 24 hours. (photography by Chris Schwarz/Government of Alberta)
Five new COVID-19 deaths in Central zone, two in Red Deer

Province reports 456 new cases of COVID-19

A scene from “Canada and the Gulf War: In their own words,” a video by The Memory Project, a program of Historica Canada, is shown in this undated illustration. THE CANADIAN PRESS/HO - Historica Canada
New video marks Canada’s contributions to first Gulf War on 30th anniversary

Veterans Affairs Canada says around 4,500 Canadian military personnel served during the war

Kyla Gibson with her boyfriend Gavin Hardy. (Photo used with permission)
Sylvan Lake couple lose ‘fur babies’ to house fire

‘They were our world and nothing will ever replace them,’ Kyla Gibson said of her three pets

(Thesendboys/Instagram)
Video of man doing backflip off Vancouver bridge draws police condemnation

Group says in Instagram story that they ‘don’t do it for the clout’

Toronto’s Mass Vaccination Clinic is shown on Sunday January 17, 2021. THE CANADIAN PRESS/Frank Gunn
Canadian malls, conference centres, hotels offer up space for COVID vaccination centres

Commercial real estate association REALPAC said that a similar initiative was seeing success in the U.K.

Kamala Harris and Joe Biden are sworn into office on Wednesday, Jan. 20, 2021, at the U.S. Capitol in Washington, D.C. (Saul Loeb/Pool Photo via AP)
Joe Biden has been sworn in as the 46th president of the United States

About 25,000 National Guard members have been dispatched to Washington

A memorial for the fatal bus crash involving the Humboldt Broncos hockey team at the intersection of Highways 35 and 335 near Tisdale, Tuesday, October 27, 2020. THE CANADIAN PRESS/Liam Richards
‘End of the road:’ Truck driver in Humboldt Broncos crash awaits deportation decision

Sidhu was sentenced almost two years ago to eight years after pleading guilty to dangerous driving

In this March 28, 2017, file photo, a dump truck hauls coal at Contura Energy’s Eagle Butte Mine near Gillette, Wyo. Public opposition to the Alberta government’s plans to expand coal mining in the Rocky Mountains appears to be growing. THE CANADIAN PRESS/AP/Mead Gruver, File
Alberta cancels coal leases, pauses future sales, as opposition increases

New Democrat environment critic Marlin Schmidt welcomed the suspension

File photo
Wetaskiwin Crime Reduction Unit recovers valuable stolen property

Property valued at over $50,000 recovered by Wetaskiwin Crime Reduction Unit.

In this March 28, 2017, file photo, a dump truck hauls coal at Contura Energy’s Eagle Butte Mine near Gillette, Wyo. (THE CANADIAN PRESS/AP/Mead Gruver, File)
First Nations seek to intervene in court challenge of coal policy removal

Bearspaw, Ermineskin and Whitefish First Nations are among those looking to intervene

Most Read