A US federal grand jury on May 9 charged a Chinese national in a hacking campaign described by the Justice Department as “one of the worst data breaches in history”, an effort that yielded the personal data of 78 million people.
Wang Fujie, also known as Dennis Wang, and another individual in the indictment, are alleged to have infiltrated the US-based computer systems of US health insurer Anthem and three other companies, the Justice Department said in a statement on May 9.
“The allegations in the indictment unsealed today outline the activities of a brazen China-based computer hacking group that committed one of the worst data breaches in history,” Assistant Attorney General Brian Benczkowski, said in the announcement.
“These defendants allegedly attacked US businesses operating in four distinct industry sectors, and violated the privacy of over 78 million people by stealing their [personally identifiable information].”
The indictment was the latest in a series of efforts by the US Federal Bureau of Investigations to tackle alleged hacking operations and cybertheft emanating from China. The bureau has become increasingly vocal about the country.
The second suspect, who was identified in court documents as John Doe and through aliases including Zhou Zhihong, conducted the alleged hacking activities in China.
The other three companies affected by the hacks, conducted between February 2018 and January 2019, operated in the technology, basic materials and communication services sectors, according to the department.
Information taken from the companies included health identification numbers, birth dates, social security numbers, addresses, telephone numbers, email addresses, and employment information.
Wang and Doe obtained personal information by installing malware on the victim companies’ computers systems through “spearfishing” emails sent to the companies’ employees, according to the indictment, which was filed with the Indianapolis division of the federal court’s Southern District of Indiana, where Anthem is based.
The information obtained by the defendants was encrypted and sent through multiple computers to destinations in China. The files installed in the victim companies’ computers systems were then deleted.
Anthem and the other US companies involved notified the FBI when they became aware of the operation, allowing the federal investigators to monitor the activity and trace it to the defendants, according to the Justice Department.
The FBI has worked closely with companies in recent years to respond to alleged attempts by Chinese entities to steal information from US companies. GE Aviation, for example, had worked with the bureau for more than a year to lure Xu Yanjun, an alleged spy working for China’s Ministry of State Security, into a law enforcement trap in Belgium last year. Xu was then extradited to the US and is now awaiting trial.
According to Xu’s indictment filed in the Southern District of Ohio, the MSS officer sought GE Aviation technology used in the development of fan blades and engine encasements.
FBI Director Christopher Wray has been an outspoken critic of China since he assumed his post in 2017.
Last year, Wray accused Beijing of increasing its use of “non-traditional collectors” – such as professors, scientists and students – for its intelligence gathering.
Watch: Two previous China hackers indicted in December
“One of the things we’re trying to do is view the China threat as not just a whole-of-government threat but a whole-of-society threat on their end, and I think it’s going to take a whole-of-society response by us,” Wray testified at a Senate hearing in February 2018.
Eight months later at another hearing, Wray escalated his rhetoric by declaring China “the broadest, most complicated, most long-term” counter-intelligence threat confronting the US – surpassing even Russia, whose interference in the 2016 election dominated headlines for more than two years and continues to roil the country.
Speaking at a separate Senate hearing in December, Bill Priestap, the FBI’s assistant director of counter-intelligence, also called for more coordinated action to counter espionage and cybertheft originating in China.
“There are pockets of great understanding of the threat we’re facing and effective responses, but in my opinion we’ve got to knit that together better,” he said.
Warning against what he called “ad hoc responses”, Priestap added: “We need more people in government, more people in business, more people in academia pulling in the same direction to combat this threat effectively.” – South China Morning Post