The U.S. government has long complained about Chinese hackers, including Chinese military personnel, targeting U.S. companies and government agencies in order to steal valuable information on military weapons systems and other valuable intellectual property.
The Chinese government has been adamant that they do not engage in hacking. After years of negotiations, the U.S. and Chinese governments signed an agreement last September pledging that neither government would conduct or knowingly support cyberespionage for commercial gain.
Perhaps reflecting this agreement, activity from Chinese hackers has slowed down, according to a recent report by cybersecurity firm FireEye.
FireEye iSIGHT Intelligence team wrote in a recent blog post that “we have observed an overall decrease in successful network compromises by China-based groups against organizations in the U.S. and 25 other countries. These shifts have coincided with ongoing political and military reforms in China, widespread exposure of Chinese cyber activity, and unprecedented action by the U.S. government.”
At the same time, the report found that the Chinese military’s cyberespionage operations have become “more focused, calculated, and still successful in compromising corporate networks. Rather than viewing the Xi-Obama agreement as a watershed moment, we conclude that the agreement was one point amongst dramatic changes that had been taking place for years.”
Chinese national who stole fighter jet plans sentenced
While the number of Chinese hacking incidents may be declining, the U.S. government is still taking action against those suspected of engaging in cyberespionage for the Chinese government.
The latest example was the July 13 sentencing of Su Bin, a Chinese businessman turned hacker, to 46 months in jail and a fine of $10,000 for hacking into U.S. defense companies and stealing sensitive information between 2008 and 2014.
Su Bin admitted to working with the Chinese military to abscond with technical data and intellectual property on the C-17 strategic transport aircraft and cutting-edge U.S. fighter jets, like the F-22 and F-35.
“Su assisted the Chinese military hackers in their efforts to illegally access and steal designs for cutting-edge military aircraft that are indispensable to our national defense,” said John Carlin, U.S. assistant attorney general for national security, in announcing the sentence.
Su admitted to telling Chinese military officers whom to target, which files to steal, and why the information they stole was significant, the Department of Justice explained in a release.
Here is the background on the case as related by the DoJ. On March 23 of this year, Su pleaded guilty to one count of conspiring to gain unauthorized access to a protected computer and to violating the Arms Export Control Act by exporting defense articles on the restricted U.S. Munitions List.
Su admitted that he conspired with two Chinese military personnel from October 2008 to March 2014 to gain unauthorized access to protected U.S. computer networks, including computers belonging to Boeing, to steal sensitive military information and send it illegally from the U.S. to China.
Su sent e-mails to his accomplices about what persons, companies, and technologies to target during their computer breaches. One of Su’s co-conspirators gained access to information located on U.S. defense companies’ computers, and he emailed Su directory file listings and folders showing the data that he had been able to access. Su then told the accomplice which files and folders his co-conspirator should steal. Once the accomplice stole the data, Su translated the contents of certain stolen data from English into Chinese.
According to Su’s admissions and the sentencing documents, the co-conspirators emailed reports to the Chinese People’s Liberation Army headquarters about the information and technology they had stolen, including its value. Su also admitted that he conducted cyberespionage for financial gain and specifically sought to profit from selling the data he and his conspirators had stolen.
Did FDIC cover up Chinese hack?
In addition, a recent congressional report found that the Chinese government was likely responsible for hacking into computers of the Federal Deposit Insurance Corporation, which insures U.S. bank deposits against bank failure, in 2010 and 2011. FDIC staff apparently knew of the breach and covered it up, according to an interim staff report released on July 12 by the House Science, Space, and Technology Committee.
The report cited a 2013 memo from then-FDIC Inspector General Jon Rymer to Chairman Martin Gruenberg citing an advanced persistent threat attack believed to have been carried out by the Chinese government that compromised FDIC computers in 2010, 2011, and 2013. In total, 12 workstations were compromised, including those of high-level FDIC officials, and 10 servers were infected with malware.
“In essence, a foreign government penetrated FDIC’s computers and the workstations of high-level agency officials, including the former Chairman, the former Chief of Staff, and the former General Counsel of the agency,” the report concluded.
Some FDIC staff knew about the breach and covered it up, concerned that the information would jeopardize Senate confirmation of Gruenberg as FDIC chairman, according to an interview that an FDIC employee cited during a July 14 committee hearing.
“We can’t do anything to jeopardize the [then-unconfirmed] chairman getting [a Senate-approved position],” the unidentified employee was quoted as saying. Gruenberg, who was confirmed in November 2012, denied any knowledge of the alleged cover-up.
During questioning of Gruenberg, Rep. Gary Palmer (R-Ala.) said that “some at the FDIC thought your appointment was more important than taking immediate action to protect almost 31,000 banks and 161,000 individuals…It’s as though these banks and their depositors and customers were acceptable losses – collateral damage – to ensure that there would be no obstacles to your confirmation. That concerns me.”
In releasing the report, committee Chairman Lamar Smith (R-Tex.) warned: “The committee’s interim report sheds light on the FDIC’s lax cybersecurity efforts. The FDIC’s intent to evade congressional oversight is a serious offense.”
Based on the committee’s report and the admissions of Su and others, it appears that the Chinese government had been actively engaged in breaching networks of U.S. agencies and companies earlier in this decade. The damage in terms of military secrets and other intellectual property has been significant.
However, the study by FireEye indicates that the Chinese government cyberattacks are on the decline, at least in terms of volume. Whether that downward trend will continue remains to be seen.