The U.S. Department of Justice building is pictured in Washington, U.S., March 21, 2019.
Leah Millis | Reuters
WASHINGTON — The Department of Justice accused two Chinese nationals, who were working on behalf of the Chinese government, of stealing trade secrets and hacking into computer systems of firms working on the Covid-19 vaccine.
According to the 11-count indictment, Li Xiaoyu, 34, and Dong Jiazhi, 33, conducted a global hacking campaign for more than a decade. The indictment alleges that the defendants were able to successfully steal terabytes of data from the United States as well as Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom.
The Department of Justice said in a statement that high tech manufacturing processes, gaming software, solar energy engineering, pharmaceuticals and defense industries were among those targeted in the hack.
“In at least one instance, the hackers sought to extort cryptocurrency from a victim entity, by threatening to release the victim’s stolen source code on the Internet. More recently, the defendants probed for vulnerabilities in computer networks of companies developing Covid-19 vaccines, testing technology, and treatments,” according to a Department of Justice statement.
The news came amid a global race to create a vaccine for the coronavirus, which originated in China late last year before spreading across the globe, infecting millions. More than 140,000 people have died from the virus in the United States, according to a tally from Johns Hopkins University.
“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cybercriminals in exchange for those criminals being ‘on-call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including Covid-19 research,” John Demers, assistant attorney general for national security, said Tuesday.
In order to conceal their theft efforts, the Department of Justice alleges that the hackers packaged victim data in encrypted Roshal Archive Compressed files; changed the names of RAR files, victim documents and system timestamps; and concealed programs and documents. The defendants re-victimized companies, government entities, and organizations from which they had previously stolen data.
The defendants are each charged with:
- one count of conspiracy to commit computer fraud, which carries a maximum sentence of five years in prison
- one count of conspiracy to commit theft of trade secrets, which carries a maximum sentence of 10 years in prison
- one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison
- one count of unauthorized access of a computer, which carries a maximum sentence of five years in prison
- seven counts of aggravated identity theft, which each carries a mandatory sentence of two non-consecutive years in prison