U.S. attorney in Pittsburgh says Chinese hackers attacked U.S. companies
A trio of Chinese hackers used phishing scams and malware to attack Moody's Analytics, Siemens AG and GPS manufacturer Trimble Inc., according to a federal indictment filed in Pittsburgh and unsealed Monday.
Acting U.S. Attorney for Western Pennsylvania Soo C. Song charged Wu Yingzhuo, Dong Hao and Xia Lei with conspiracy to commit computer fraud and abuse, conspiracy to steal trade secrets, wire fraud and identity theft.
The most serious charge, wire fraud, carries a sentence of up 20 years in federal prison. Each conspiracy charge has a possible sentence of up to 10 years and the identity theft carries a sentence of up to two years.
"Any company should be able to succeed based upon its ability to innovate and to compete without being sabotaged by cyber hacking," Song said Monday.
The network of a Siemens office in Plum was allegedly breached in the attacks, giving Song's office jurisdiction to take the case.
Song took over the top federal prosecutor job in Pittsburgh a year ago when David Hickton, appointed by President Barack Obama, stepped down. He now heads the University of Pittsburgh's Institute for Cyber Law, Policy and Security.
President Donald Trump has nominated Scott W. Brady to take over the office. The U.S. Senate Judiciary Committee approved Brady's nomination Nov. 16. Brady's nomination awaits a vote by the full Senate.
Song was Hickton's second-in-command in an office that distinguished itself nationally and internationally with aggressive investigations into cyber crimes. The office in 2014 brought charges against five members of China's military for stealing trade secrets and other confidential information from Alcoa, Allegheny Technologies Inc., Westinghouse Electric Co., U.S. Steel Corp., the United Steelworkers union and a German-owned solar manufacturer in Oregon.
"Prosecutions and indictments are powerful tools in our arsenal to stop conduct," Song said. "Whether a defendant is in China, Russia, Nigeria, we follow the evidence. We identify the actor behind the computer screen, and we bring the criminal charge."
Song said there does not appear to be a link between the cyber attacks alleged in the most recent indictment and the Chinese government or military.
Song dismissed criticism that indictments such as the ones against Wu, Dong, Xia and the Chinese military members would never result in the accused standing trial in the federal courthouse in Downtown Pittsburgh. Investigators maintain hope that the accused will be arrested and brought to Pittsburgh.
The defendants could be arrested while traveling, Song said.
Between September, when the indictment was filed, and Monday, federal prosecutors informed the Chinese government of the indictment and sought its cooperation, Song said.
"That process is ongoing at higher levels within the Executive (Branch) and the Justice Department," Song said.
What prosecutors allege
The indictment alleges that Wu, Dong and Xia worked with Guangzhou Bo Yu Information Technology Co. Ltd., a Chinese cybersecurity firm in Guangzhou, but used their skills to launch attacks on corporations in the U.S.
Between 2011 and May 2017, the trio stole files containing documents and data pertaining to a new technology under development by Trimble, along with employee usernames and passwords and 407 gigabytes of proprietary data concerning Siemens' energy, technology and transportation efforts, according to the indictment.
The trio gained access to the internal email server at Moody's Analytics and forwarded all emails sent to an "influential economist" working for the firm, the indictment stated. Those emails contained proprietary and confidential economic analyses, findings and opinions. The economist was not named in the indictment.
A Siemens spokesperson said that the company "rigorously" monitors and protects its infrastructure and continually detects and hunts for breaches. The company did not comment on the alleged breach by the Chinese hackers and declined to comment on internal security measures.
Michael Adler, a spokesman for Moody's Analytics, said that to the company's knowledge no confidential consumer data or other personal employee information was exposed in the alleged hack.
"We take information security very seriously and continuously review and enhance our cybersecurity defenses to safeguard the integrity of our data and systems," Adler wrote in an email to the Tribune-Review.
Trimble, in a statement sent to the Trib, wrote that no client data was breached. The company concluded that the attack had no meaningful impact on its business.
Feds claim losses to companies 'considerable'
Song, however, said the loss to the companies targeted was considerable.
"The fruit of these cyber intrusions and exfiltration of data represent a staggering amount of dollars and hours lost to the companies," Song said.
Wu, Dong and Xia used "spearphish" emails to gain access to computers, spread malware to infect networks and covered their tracks by exploiting other computers known as "hop points."
Hop points allow users to hide their identities and locations by routing themselves through third-party computer networks.
"But there were missteps that led our investigators right to them," said FBI Special Agent in Charge Bob Johnson, of the Pittsburgh office.
Johnson would not elaborate on the missteps, claiming doing so could jeopardize future investigations.
The U.S. Attorney's Office led the investigation and was assisted by the FBI's Pittsburgh Division, the Navy Criminal Investigative Service Cyber Operations Field Office and the Air Force Office of Special Investigations.
Aaron Aupperlee is a Tribune-Review staff writer. Reach him at firstname.lastname@example.org, 412-336-8448 or via Twitter @tinynotebook.