The Department of Justice indicted two hackers associated with the Chinese based ATP-10 group on December 20, 2018 for conspiracy to commit computer intrusions against at least 45 organizations in the U.S. and worldwide, sparking calls for the U.S. to be more aggressive in cyberspace.
The focus of the hacking spree was an apparent attempt to steal American trade secrets for the benefit of Chinese firms, with the NASA Jet Propulsion Laboratory, the Goddard Space Center and seven companies involved in the aviation, space and satellite industry among the targets. More than 100,000 Navy personnel were also victims, with names, social security numbers, and other personal details stolen, according to the indictment against the two alleged Chinese hackers, Zhu Hua and Zhang Shilong.
“China’s goal simply put is to replace the U.S. as the world’s leading superpower and they are using illegal methods to get there,” said FBI director Christopher Wray. “They are using an expanding set of non-traditional and illegal methods.”
The Chinese embassy in Washington did not return an email seeking comment.
How the Chinese hacked
The Chinese hackers relied on phishing messages sent over email to gain access to victims computers, according to the indictment.
“C17 antenna problems,” read the subject line of one apparent phishing email, which had an attachment containing a malicious Microsoft Word document.
Managed service providers, who remotely store clients’ information, were an apparent target for the Chinese hackers.
“By targeting managed service providers, or firms that store commercial data and intellectual property, the Chinese hackers could steal sensitive business information that gives Beijing based firms an unfair advantage,” said Ron Rosenstein, the deputy attorney general.
The Chinese tactics could put more attention on machine learning programs that can spot the intrusion method. More than 80 percent of cyber-attacks and over 70 percent of those from nation states are initiated by exploiting humans rather than computer or network security flaws, according to a fact sheet from the Defense Advanced Research Projects Agency.
A DARPA project, the Active Social Engineering Defense, experiments with using automated learning to warn users of phishing attempts.
Breakdown of Obama-Xi accord
The indictment marks the second time the U.S. has accused China of breaking a 2015 agreement between the two countries which prohibited the use of hacked data for commercial benefit.
“The activity alleged in this indictment violates the commitment that China made to members of the international community,” Rosenstein said.
“We strongly urge China to abide by its commitment to act responsibly in cyberspace and reiterate that the United States will take appropriate measures to defend our interests,” said a joint statement by Secretary of State Michael Pompeo and Secretary of Homeland Security Kirstjen Nielsen.
Experts told Fifth Domiain that the breakdown of the accord, known as the Obama-Xi agreement, would not have a significant impact.
“The accusation from the U.S. government today that China has violated the 2015 Cybersecurity Agreement means little without a case study or data to support,” Priscilla Moriuchi, director of strategic threat development at Recorded Future, a threat intelligence firm, told Fifth Domain.
“Demonstrating a violation would require compiling data into an end-to-end narrative; compiling evidence that Chinese intelligence or military officials not only conducted the theft of intellectual property, but then passed that information to a Chinese company, which then used it in a product in a competitive situation with a U.S. business.”
Lawmakers want more cyberattacks and better defense
On Capitol Hill, lawmakers hailed the indictment and called for a strong response from the Trump administration.
Sen. Mark Warner, D-Va., reiterated his call for the Trump administration to take more aggressive action in cyberspace.
“While legal action is important, a truly effective response will require a coordinated approach with our allies and a comprehensive strategy to protect our national security and enhance U.S. competitiveness and resiliency,” Warner said.
But others used the indictment to trumpet legislation.
Rep. Jim Langevin, D-R.I., pushed for the passage of the Cyber Deterrence and Response Act, which he said would “codify important authorities and allow the government to take swift action in response to violations of international norms.”