Chinese IT security bods accused of siphoning US GPS, biz blueprints

Tech consultants waged six-year hacking campaign, American prosecutors claim

Three Chinese nationals went on a six-year hacking spree against American targets, siphoning financial reports and tech blueprints, US prosecutors allege.

Wu Yingzhuo, Dong Hao and Xia Lei, all thought to be residing in the city of Guangzhou, China, stand accused of eight counts of conspiracy to commit computer fraud and conspiracy to commit trade secret theft, conspiracy and identity theft in an indictment before a district court in western Pennsylvania. The court paperwork, filed in September, was unsealed on Monday.

"Defendants Wu, Dong and Xia launched coordinated and targeted cyber intrusions against businesses operating in the United States, including here in the Western District of Pennsylvania, in order to steal confidential business information," said acting US Attorney Soo Song.

The indictment states that Wu and Dong set up a security consultancy known as the Guangzhou Bo Yu Information Technology Company, or Boyusec, and they employed Xia as a consultant. But behind their legitimate exterior, the US government claimed, the trio, and unnamed coconspirators, were running a sophisticated hacking ring.

From 2011, the trio sent out a series of highly targeted emails containing malware dubbed exeproxy, according to court documents. The software nasty, thought to exploit a zero-day flaw in Internet Explorer to infect Windows PCs, proved very successful: it opens a backdoor to the machine, encrypting its communications between itself and the command-and-control server used by miscreants to orchestrate it.

Bad mood

The gang is accused of compromising several corporate email accounts belonging to staff at the ratings and financial services agency Moody's. One victim was a high-profile member of the company, and the attackers managed to set up a redirect on his inbox so that they got copies of all messages, including financial analysis and buying recommendations, for at least three years.

Another target was the industrial conglomerate Siemens, and the phishing campaign netted at least two major staffers in the US in 2014. Using stolen login credentials Dong is accused of stealing 407GB of proprietary information from its energy, technology and transport departments.

The following year the trio is accused of accessing the servers of engineering firm Trimble, which is working on the GPS satellite network's hardware. The firm had spent millions and three years developing a new kind of antenna for commercial global positioning satellites, and it appears this technology was the target.

Last January, Wu got into the Trimble servers, it is claimed, and prepared a 252MB .zip archive containing trade secrets. The file contained 773 pages of technical specifications, business documents and design blueprints, as well as plans to bring the new hardware to market, we're told.

The firm suffered two more intrusions that month, with smaller amounts of data being stolen, including subscriber information, it is claimed. In all around 275MB of material was removed.

"The fruits of these cyber intrusions and exfiltration of data represent a staggering amount of dollars and hours lost to the companies in terms of research, development, testing, trade secrets and the cost to remediate these cyber intrusions," said Soo Song.

Now prosecutors will have to wait. As we said, the trio of accused consultants are all thought to be living in China – good luck extraditing them. ®

Similar topics

Broader topics

Other stories you might like

  • Intel delivers first discrete Arc desktop GPUs ... in China
    Why not just ship it in Narnia and call it a win?

    Updated Intel has said its first discrete Arc desktop GPUs will, as planned, go on sale this month. But only in China.

    The x86 giant's foray into discrete graphics processors has been difficult. Intel has baked 2D and 3D acceleration into its chipsets for years but watched as AMD and Nvidia swept the market with more powerful discrete GPU cards.

    Intel announced it would offer discrete GPUs of its own in 2018 and promised shipments would start in 2020. But it was not until 2021 that Intel launched the Arc brand for its GPU efforts and promised discrete graphics silicon for desktops and laptops would appear in Q1 2022.

    Continue reading
  • Former chip research professor jailed for not disclosing Chinese patents
    This is how Beijing illegally accesses US tech, say Feds

    The former director of the University of Arkansas’ High Density Electronics Center, a research facility that specialises in electronic packaging and multichip technology, has been jailed for a year for failing to disclose Chinese patents for his inventions.

    Professor Simon Saw-Teong Ang was in 2020 indicted for wire fraud and passport fraud, with the charges arising from what the US Department of Justice described as a failure to disclose “ties to companies and institutions in China” to the University of Arkansas or to the US government agencies for which the High Density Electronics Center conducted research under contract.

    At the time of the indictment, then assistant attorney general for national security John C. Demers described Ang’s actions as “a hallmark of the China’s targeting of research and academic collaborations within the United States in order to obtain U.S. technology illegally.” The DoJ statement about the indictment said Ang’s actions had negatively impacted NASA and the US Air Force.

    Continue reading
  • TikTok US traffic defaults to Oracle Cloud, Beijing can (allegedly) still have a look
    Alibaba hinted the gig was worth millions each year

    The US arm of Chinese social video app TikTok has revealed that it has changed the default location used to store users' creations to Oracle Cloud's stateside operations – a day after being accused of allowing its Chinese parent company to access American users' personal data.

    "Today, 100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," the company stated in a post dated June 18.

    "For more than a year, we've been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data," the post continues. "We still use our US and Singapore datacenters for backup, but as we continue our work we expect to delete US users' private data from our own datacenters and fully pivot to Oracle cloud servers located in the US."

    Continue reading

Biting the hand that feeds IT © 1998–2022