The Justice Department on Wednesday unsealed charges against a dozen Chinese citizens accused of being part of a sophisticated hacking ring that steals data from American businesses and people to sell to the Chinese government and others.
In twin indictments in New York and Washington, the U.S. government laid out detailed charges against a hacking operation whose targets included an American defense contractor, a law firm and a news organization.
The indictments described a “hackers for hire” black market in China devised to give its government plausible deniability that it conducted operations against U.S. entities. American officials, however, said the evidence showed that the private-sector actors often took orders from two members of China’s Ministry of Public Security.
The 12 indicted people are highly unlikely to appear in an American courtroom to face charges. But their cases are part of the U.S. government’s long-running “name and shame” policy to impose some costs on the Chinese government and its hackers for what it describes as an ambitious and unrelenting campaign against targets in the United States.
The charges come at a time of heightened tensions between the two countries after President Trump imposed tariffs on Chinese goods, which have led to a trade war not only between the two countries but also with Mexico and Canada.
The New York indictment is largely focused on hacking work that employees of a company called i-Soon are accused of doing for China.
“A core part of i-Soon’s business was conducting hacking to steal data on behalf of the P.R.C. government,” the indictment said, referring to the People’s Republic of China. The company charged the government “between approximately $10,000 and $75,000 for each email inbox it successfully hacked.”
Sue J. Bai, the head of the Justice Department’s national security division, said the charges revealed the extent to which Chinese government agents were “directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers that they have unleashed.”
The company sometimes accepted requests for specific hacking targets from Chinese government officials. At other times, the employees picked their targets and sold or tried to sell the results to the government. Some of the hackers also trained government employees how to hack.
Among the evidence cited was a set of instructions to employees that they would be more successful if they started an email conversation with a target before sending a link to malware that would compromise the person’s data.
“Strategy is very important,” the instructions said, according to the indictment. “The purpose should not be so obvious. Must chat with the target first before giving the link.”
The hacking targets also included a “large religious organization in the United States, critics and dissidents” of the Chinese government, “a state legislative body, United States government agencies, the ministries of foreign affairs of multiple governments in Asia and news organizations,” the indictment said.
The victims were targeted for a number of reasons, including that some of the them were critics of Chinese government policy or because that government “considered them threatening to the rule of the Chinese Communist Party.”
The indictment filed in Washington accuses two men, Yin Kecheng and Zhou Shuai, of years of hacking attacks targeting U.S. entities. They are charged with selling the results of their hacking to others. Sometimes they sold pilfered files; other times, they sold the access point so that others could penetrate the hacking victim’s emails or computer systems, according to the indictment.
Their American victims included a large county government that stored its data in Florida, a federal government contractor and an academic hospital system.
