US authorities have charged 12 Chinese nationals, including public security officials, for orchestrating global cybercrime operations targeting American government agencies. According to the US Justice Department, the suspects ran a decade-long hacking campaign at the direction of Chinese intelligence and law enforcement agencies.
The incident is just one example of what US officials characterize as an expanding “hacker-for-hire” market in China, where government agencies hire upstart companies to conduct cyberattacks on high-priority targets. News accounts suggest that the defendants not only broke into networks but also sold stolen information to Chinese authorities, including the Ministry of Public Security (MPS).
“Today we expose the agents of the Chinese government who directed such reckless cyberintrusions internationally,” said Sue Bai, a US Justice Department division leader. The intrusions, she said, were enabled by individual hackers working at private hacker-for-hire businesses and freelancing on Beijing’s behalf.
The suspects, according to the Justice Department, were associated with i-Soon, a Chinese cybersecurity firm reportedly making billions in profits from cyber espionage. The company allegedly hacked and sold access to breached email accounts for $10,000–$75,000 each. FBI cyber division assistant director Bryan Vorndran asserted that MPS actively sponsored hackers to target American critics of the Chinese Communist Party.
Whereas previous accounts indicated i-Soon was mostly focused on Indian, Taiwanese, and Mongolian governments, charges recently filed in New York and Washington indicate US-based Chinese dissidents, religious groups, and news outlets were also targeted.
China has labeled the charges as “smears,” and a Washington embassy spokesman called on the US to come forward with “concrete evidence” rather than make unfounded accusations.
After last year’s leak of i-Soon’s internal files, the company has managed to survive but is now operating with reduced activities and a new address. Cybersecurity specialist Mei Danowski added that to Chinese state agencies, companies like i-Soon are ultimately “disposable.
