Profile picture
Eric Geller @ericgeller
, 34 tweets, 9 min read Read on Twitter
The Justice Department is about to announce charges against Chinese government (APT10) hackers for a long-running economic espionage campaign against U.S. and other Western businesses.

Watch live: justice.gov/live
Deputy AG Rod Rosenstein: "Today, the Department of Justice is announcing a criminal indictment of two hackers associated with the Chinese government" for attacks on "dozens of companies in the United States and around the world."
Rosenstein: The charges are for attacks on "managed service providers" that provide IT services to other companies.
Hackers targeted telecom, finance, ONG, mining, and consumer products companies, among others.
Rosenstein: "The activity alleged in this indictment violates the commitment that China made" in 2015.

"The evidence suggests that China may not intend to abide by its promises."
Rosenstein: “Today’s charges mark an important step in revealing to the world China’s continued practice of stealing commercial data.”
More than 90% of DOJ's economic espionage cases over the past seven years involve China, as do more than two thirds of its trade-secrets-theft cases, according to Rosenstein.
Rosenstein: "China stands accused of engaging in criminal activity that victimizes individuals and companies in the United States, violates our laws, and departments from international norms of responsible state behavior."
Rosenstein says that in the face of overwhelming evidence, “China will find it difficult to pretend that it is not responsible for these actions.”
Rosenstein warns hackers to be careful.

“In some cases, we know exactly who is sitting at the keyboard perpetrating these crimes in association with the Chinese government.”
FBI Director Christopher Wray: “The threats we face have never been more severe or more pervasive, or more potentially damaging to our national security. And no country poses a broader, more severe, long-term threat to our nation’s economy than China.”
DOJ press release
last part
Wray: “The scope of this investigation was broad, as you might imagine,” with field offices in New Orleans, NY, Sacramento, San Antonio, and Houston, as well as DOJ computer forensics labs, NCIS, and international partners.
Wray: “We are deeply concerned about American innovation ending up in the wrong hands.”
Wray says that as part of this case, the FBI and NCIS investigated China's theft of more than 100,000 U.S. service members' personal information.
Geoffrey Berman, the U.S. attorney for SDNY, says the hackers also targeted government agencies, including NASA, DOE, and the Navy.
Here is the indictment: sc.cnbcfm.com/applications/c…
During Q&A, Rosenstein says charging decisions like this are "not affected" by "political considerations," in response to Q about whether the trade war affected the timing of this announcement.
Press conference is over. I'm gonna go read through the indictment and will have a full story soon.
Okay, a few highlights from the indictment.

justice.gov/opa/press-rele…

APT10 hackers allegedly engaged in two parallel IP theft campaigns.

One, beginning in 2006, targeted companies directly.

The other, beginning in 2014, targeted companies through their MSPs.
2006 campaign breached >45 companies in at least 12 states in a wide variety of sectors and resulted in theft of hundreds of GBs of data.

2014 campaign led to theft of data from MSP clients in 12 countries.
The Chinese hackers also breached more than 40 computers and stole confidential Navy data including PII on >100K personnel.
APT10's routine was the standard-issue hacker approach:

1. Spearphish targets
2. They unwittingly download malware, including Remote Access Trojans and keyloggers
3. Malware gives the hackers access to their victims' machines
4. They install more malware
5. They exfiltrate data
In addition to aviation, comms, maritime, ONG, and other firms, this 2006 campaign compromised NASA's Goddard and JPL facilities and the Lawrence Berkeley National Laboratory.
When hacking managed service providers (2014 campaign), APT10 added some steps to its routine, installing custom malware that helped hackers steal passwords from MSP administrators.

They used those passwords to remotely access MSP clients' systems and exfiltrate their data.
Victims of the 2014 MSP campaign included MSP clients in finance, telecomms, consulting, healthcare, biotech, mining, and other industries.
The charges are conspiracy to commit wire fraud, conspiracy to commit computer intrusions, and aggravated identity theft.
Treasury, State, and DHS are expected to issue a statement today formally declaring that China violated the 2015 agreement.

Other possibilities today: Declassified intelligence showing the links to China, and sanctions on the Chinese companies that benefited.

Stay tuned.
Here's my story on today's indictments, with lots of context and more to come: politico.com/story/2018/12/…
Consensus among experts I talk to is disappointment at lack of sanctions on Chinese businesses that benefit from the IP theft.

Folks are impressed by the charges and the international condemnation, but describe this as — so far — a missed opportunity.
Breaking: In joint statement, Secretaries Pompeo and Nielsen say, "The United States is concerned that this activity violates the 2015 U.S.-China cyber commitments," which China also made with the G-20 and APEC.
DHS has a new portal with information about Chinese cyberattacks on managed service providers
We've updated our story with reactions from @JimLangevin, @pstAsiatech, @C_Painter, and @adschina. politico.com/story/2018/12/…
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Eric Geller
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!