Chinese IT security bods accused of siphoning US GPS, biz blueprints

Tech consultants waged six-year hacking campaign, American prosecutors claim

china hacker

Three Chinese nationals went on a six-year hacking spree against American targets, siphoning financial reports and tech blueprints, US prosecutors allege.

Wu Yingzhuo, Dong Hao and Xia Lei, all thought to be residing in the city of Guangzhou, China, stand accused of eight counts of conspiracy to commit computer fraud and conspiracy to commit trade secret theft, conspiracy and identity theft in an indictment before a district court in western Pennsylvania. The court paperwork, filed in September, was unsealed on Monday.

"Defendants Wu, Dong and Xia launched coordinated and targeted cyber intrusions against businesses operating in the United States, including here in the Western District of Pennsylvania, in order to steal confidential business information," said acting US Attorney Soo Song.

The indictment states that Wu and Dong set up a security consultancy known as the Guangzhou Bo Yu Information Technology Company, or Boyusec, and they employed Xia as a consultant. But behind their legitimate exterior, the US government claimed, the trio, and unnamed coconspirators, were running a sophisticated hacking ring.

From 2011, the trio sent out a series of highly targeted emails containing malware dubbed exeproxy, according to court documents. The software nasty, thought to exploit a zero-day flaw in Internet Explorer to infect Windows PCs, proved very successful: it opens a backdoor to the machine, encrypting its communications between itself and the command-and-control server used by miscreants to orchestrate it.

Bad mood

The gang is accused of compromising several corporate email accounts belonging to staff at the ratings and financial services agency Moody's. One victim was a high-profile member of the company, and the attackers managed to set up a redirect on his inbox so that they got copies of all messages, including financial analysis and buying recommendations, for at least three years.

Another target was the industrial conglomerate Siemens, and the phishing campaign netted at least two major staffers in the US in 2014. Using stolen login credentials Dong is accused of stealing 407GB of proprietary information from its energy, technology and transport departments.

The following year the trio is accused of accessing the servers of engineering firm Trimble, which is working on the GPS satellite network's hardware. The firm had spent millions and three years developing a new kind of antenna for commercial global positioning satellites, and it appears this technology was the target.

Last January, Wu got into the Trimble servers, it is claimed, and prepared a 252MB .zip archive containing trade secrets. The file contained 773 pages of technical specifications, business documents and design blueprints, as well as plans to bring the new hardware to market, we're told.

The firm suffered two more intrusions that month, with smaller amounts of data being stolen, including subscriber information, it is claimed. In all around 275MB of material was removed.

"The fruits of these cyber intrusions and exfiltration of data represent a staggering amount of dollars and hours lost to the companies in terms of research, development, testing, trade secrets and the cost to remediate these cyber intrusions," said Soo Song.

Now prosecutors will have to wait. As we said, the trio of accused consultants are all thought to be living in China – good luck extraditing them. ?


Biting the hand that feeds IT ? 1998–2017

                                    1. 3239961348 2018-02-21
                                    2. 8189611347 2018-02-21
                                    3. 1166571346 2018-02-21
                                    4. 905911345 2018-02-21
                                    5. 238301344 2018-02-21
                                    6. 9856121343 2018-02-21
                                    7. 7107891342 2018-02-21
                                    8. 616201341 2018-02-21
                                    9. 97671340 2018-02-21
                                    10. 7844621339 2018-02-21
                                    11. 9607131338 2018-02-21
                                    12. 3095441337 2018-02-21
                                    13. 9602111336 2018-02-21
                                    14. 5723751335 2018-02-21
                                    15. 1275371334 2018-02-21
                                    16. 8517591333 2018-02-21
                                    17. 230661332 2018-02-21
                                    18. 3311101331 2018-02-21
                                    19. 6181321330 2018-02-20
                                    20. 6139401329 2018-02-20