Photo: Castaneda Luis/AGF/UIG via Getty Images
The Department of Justice on Tuesday unsealed an indictment charging two individuals with working as hackers for the Ministry of State Security, China’s main civilian intelligence agency.
What we know: The campaign dates back to 2009 and targeted defense contractors, tech companies, dissidents —and, more recently, institutions involved in COVID-19 research.
- The hackers stole terabytes of data and “hundreds of millions of dollars’ worth” of intellectual property and trade secrets, says the indictment.
- Prosecutors say the hackers worked for the MSS as contractors, both freelancing for their own economic gain — in one case trying to extract a ransom payment from a victim company whose intellectual property the hackers had pilfered — as well as responding to specific tasking from MSS officials.
In one case, MSS officials provided the two contractors with a “zero day” exploit — that is, a previously unknown vulnerability — to hack into the network of Burmese human rights groups.
- The campaign was truly global in scope, with victim companies in “the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, South Korea, Spain, Sweden, and the United Kingdom,” among other countries, say prosecutors.
- According to the indictment, the hackers breached a breathtaking number of targets across many sectors, including a Department of Energy facility in Washington State; gaming companies in Europe; a Japanese medical device maker; an Australian defense firm; a U.S. educational company, where the hackers stole personally identifiable data from “millions” of students and teachers; and many other private companies.
Our thought bubble: Though the indictment provides a fascinating glimpse into the tactics, techniques and procedures of hackers affiliated with Chinese intelligence, it is unlikely to have much of a deterrent effect.
- The hackers’ targets fall squarely within the established parameters of nation-state spying — especially China’s focus on economic espionage. China’s spies won’t simply stop spying because a few contractors got busted.
But the indictment could potentially throw a wrench into China’s activities by revealing just how much the U.S. knows about them.
- The indictment discloses, for instance, the name of an MSS facility in China that operated under a false name — and includes actual pictures of the building.
- How did the U.S. learn about the facility? Who took the pictures? How long have U.S. intelligence personnel been sitting on this information? What other MSS facilities may the U.S. know about?
- These are the types of questions China’s spies may be asking themselves, in various degrees of frenzy.
Between the lines: This type of disruptive, offensive counterintelligence campaign may be precisely what U.S. officials had planned by disclosing these facts in an indictment that will likely never go to trial.
Go deeper: Inside hackers' pivot to medical espionage