Twelve Chinese nationals — including mercenary hackers, law enforcement officers and employees of a private hacking company — have been charged in connection with global cybercrime campaigns targeting dissidents, news organizations, U.S. Agencies and universities, the Justice Department announced Wednesday.
A set of criminal cases filed in New York and Washington add new detail to what U.S. Officials say is a booming hacking-for-hire ecosystem in China, in which private companies and contractors are paid by the Chinese government to target victims of particular interest to Beijing in an arrangement meant to provide Chinese state security forces cover and deniability.
The indictments come as the U.S. Government has warned of an increasingly sophisticated cyber threat from China, such as a hack last year of telecom firms called Salt Typhoon that gave Beijing access to private texts and phone conversations of an unknown number of Americans, including U.S. Government officials and prominent public figures.
One indictment charges eight leaders and employees of a private hacking company known as I-Soon with conducting a sweeping array of computer breaches around the world meant to suppress speech, locate dissidents and steal data from victims. Among those charged is Wu Haibo, who founded I-Soon in Shanghai in 2010 and was a member of China’s first hacktivist group, Green Army, and who is accused in the indictment of overseeing and directing hacking operations.
Earlier reporting by The Associated Press on leaked documents from I-Soon mainly showed I-Soon was targeting a wide range of governments such as India, Taiwan or Mongolia, but little on the United States.
But the indictment contains new revelations about I-Soon’s activities targeting a wide range of Chinese dissidents, religious organizations and media outlets based in the U.S., including a newspaper identified as publishing news related to China and opposed to the Chinese Communist Party. Other targets included individual critics of China living in the U.S., the Defense Intelligence Agency and a research university.
The intended targets were in some cases directed by China’s Ministry of Public Security — two law enforcement officers were charged with tasking certain assignments — but in other instances the hackers acted at their own initiative and tried to sell the stolen information to the government afterward, the indictment says.
The company charged the Chinese government the equivalent of between approximately $10,000 and $75,000 for each email inbox it successfully hacked, officials said.
Phone numbers listed for I-Soon on a Chinese corporate registry rang unanswered, and I-Soon representatives did not immediately respond to an AP email requesting comment.
A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, suggested Wednesday that the allegations were a “smear” and said, “We hope that relevant parties will adopt a professional and responsible attitude and base their characterization of cyber incidents on sufficient evidence rather than groundless speculation and accusations.”
A separate indictment charges two other Chinese hackers, identified as Yin Kecheng and Zhou Shuai, in a for-profit hacking campaign that targeted victims including U.S. Technology companies, think tanks, defense contractors and health care systems. Among the targets was the U.S. Treasury Department, which disclosed a breach by Chinese actors late last year in what it called a “major cybersecurity incident.”
The Treasury Department announced sanctions Wednesday in connection with the hacking, and the State Department announced multimillion-dollar rewards for information about the defendants.
I-Soon is part of a sprawling industry in China, documented in an AP investigation last year, of private hacking contractors that steal data from other countries to sell to the Chinese authorities.
Over the past two decades, Chinese state security’s demand for overseas intelligence has soared, giving rise to a vast network of these private hackers-for-hire companies that have infiltrated hundreds of systems outside China.
China’s hacking industry rose in the early days of the internet, when Wu and other Chinese hackers declared themselves “red hackers” — patriots who offered their services to the Chinese Communist Party, in contrast to the anti-establishment ethos popular among many coders.
The indictment “proved the close ties and interaction among China’s first generation patriotic hackers,” said Mei Danowski, a cybersecurity analyst who wrote about I-Soon on her blog, Natto Thoughts. They “all turned to entrepreneurs now — doing businesses with the governments and making profits through other means.”
Since I-Soon documents were leaked online last year, the company has been suffering but is still in operation, according to Chinese corporate records. They’ve downsized and moved offices.
“Apparently i-SOON companies have been struggling to survive,” Danowski wrote on her blog. “To Chinese state agencies, a company like i-SOON is disposable.”