College Pals From China Became Among Most Prolific Hackers Ever, U.S. Says

They were former classmates who studied computer technologies at an electrical engineering college in southwestern China's Sichuan province. But instead of a conventional post-college career path, Li Xiaoyu and Dong Jiazhi embarked on a global hacking spree that became one of the most prolific ever tracked by the FBI, according to Justice Department officials and an indictment unsealed Tuesday.

The duo engaged in criminal hacking for their own personal profit, stealing trade secrets worth hundreds of millions of dollars, the indictment alleges. But they also worked to further the goals of China’s Ministry of State Security, stealing foreign military secrets and targeting opponents of the Chinese state, according to the U.S.

Over the course of more than ten years, Li and Dong allegedly stole secrets related to military satellite programs, wireless networks, and counter-chemical weapons system. They also targeted computer games companies, a cancer research organization, a solar energy company and the private emails of Chinese dissidents, according to the indictment.

Senior Justice Department officials stressed that the case showed how China was using criminal hackers to do some of its dirtiest work – including stealing research on possible vaccines and treatments for Covid-19, which was among the duo’s most recent alleged targets.

"China has now taken its place alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cybercriminals in exchange for those criminals being on call for the benefit of the state,” John C. Demers, assistant attorney general for national security, said at a press conference on Tuesday.

Asked for comment, officials at China’s embassy in Washington pointed to remarks made by Hua Chunying, a spokesperson for the country’s foreign ministry, on July 17. ``China is a staunch defender of cybersecurity,’’ Hua said at the time. “China has long been a major victim of cyberthefts and attacks.’’

``Some U.S. politicians seem to be alleging that China is waging cyber-attacks to steal U.S. research on Covid-19 vaccines,” Hua added. “It’s just absurd.”

The 27-page indictment lays out in surprising detail much of the hackers’ career -- and it demonstrates how carefully U.S. intelligence and law enforcement agencies are tracking some of China’s most prolific cyberspies.

Li, 34, and Dong, 33, had studied computer application technologies at the University of Electronic Science and Technology of China, in Chengdu. They formed an efficient partnership. Dong would research victims and find potential methods of remotely breaking into computer systems. Li would then compromise the networks and steal the information, according to the indictment.

At one point, Li was having difficulty penetrating the email server of a Burmese human rights group, the indictment alleges, so his MSS handler helped out by providing specially developed software that would allow him to slip into the group’s computers unnoticed.

That detail appears to provide a smoking-gun link between the hackers and China’s Ministry of State Security, one likely made possible because U.S. spy agencies had access to the hackers’ communications.

Such access is now likely to be cut off, according to Laura Galante, founder of the cybersecurity firm Galante Strategies, as the hackers review their own security to find out how they were monitored.