US indicts three Chinese hackers for stealing trade secrets from Siemens and other companies

The U.S. Federal Prosecutor's Office in Pittsburgh indicted three "Chinese hackers" on the 27th, claiming that they had hacked into three well-known Western companies including Siemens and stole commercial secrets in the past six years. The indictment did not clearly mention whether the three defendants were related to the Chinese government, but the U.S. media accused them of being "outsourcers of China's national security department." In 2014, the Pittsburgh prosecutors also indicted five Chinese military officers for "using hacking methods to hack into the computer systems of American steel companies and a labor union to steal commercial secrets." Chinese Foreign Ministry spokesman Geng Shuang said at a regular press conference on the 28th that he "did not understand" the matter, saying that China firmly opposes and will severely crack down on any form of cyber attacks in accordance with the law.

Jiang Haijun, a lawyer at Nanjing Knowledge Law Firm and a visiting scholar at the University of Washington (Seattle), told reporters on the 28th that whether the U.S. court's verdict applies to the three citizens in China depends on whether Chinese law finds that the three are suspected of criminal behavior. "China and the United States have not signed a bilateral extradition agreement, so the guilty verdict made by the U.S. court is unlikely to take effect."

According to the indictment released by the federal court in Pittsburgh, Pennsylvania, the three defendants are Wu Yingzhuo, Dong Hao and Xia Lei. The Chinese website of the Wall Street Journal reported on the 28th that the indictment stated that they were the owners, employees and related personnel of Guangzhou Boyu Information Technology Co., Ltd., and the crime was "computer fraud." The indictment stated that from 2011 to May 2017, the three people carried out "coordinated and unauthorized" cyber attacks on Siemens, Trimble and Moody's Analytics, stealing business information and sensitive data, and deliberately damaging the above-mentioned computer systems.

According to the Financial Times, the three people charged were suspected of using spear-phishing emails with attachments and malware links to hack into company networks. When employees of these companies clicked on the links in the emails, hackers were able to access the company's computers and search for commercial confidential information.

Siemens is a German technology company with significant business in the United States, Trimble is an American company that manufactures navigation equipment, and Moody's Analytics is one of the three largest credit rating companies in the United States. Forbes quoted the indictment of the US Department of Justice, saying that Siemens suffered the most serious losses, with a large amount of data related to energy, technology and transportation being stolen. In 2016, the defendant hacked into Trimble and stole commercial information including high-precision satellite navigation technology.

The three hackers targeted "an influential economist" at Moody's Analytics, and began forwarding emails from the economist to their own email accounts in 2011. The indictment did not reveal the economist's name.

After the three hackers were prosecuted, the three companies involved in the case remained calm. Siemens said that information security is the "top priority" but did not comment on internal security issues. Trimble told Reuters that no customer information had been leaked and "the company's business has not been significantly impacted." A Moody's spokesman said the company was working closely with investigators and "as far as we know, no customer confidential data or other employee information has been leaked."