Federal prosecutors said the Chinese nationals had been charged with hacking more than 100 companies in the United States and abroad, including software development companies, computer manufacturers, telecommunications providers, social media companies, gaming firms, nonprofits, universities, think-tanks as well as foreign governments and politicians and civil society figures in Hong Kong.
U.S. officials stopped short of alleging the hackers were working on behalf of Beijing, but in a statement Deputy Attorney General Jeffrey Rosen expressed exasperation with Chinese authorities, saying they were – at the very least – turning a blind eye to cyber-espionage.
“We know the Chinese authorities to be at least as able as the law enforcement authorities here and in likeminded states to enforce laws against computer intrusions,” Rosen said. “But they choose not to.”
He further alleged that one of the Chinese defendants had boasted to a colleague that he was “very close” to China’s Ministry of State Security and would be protected “unless something very big happens.”
“No responsible government knowingly shelters cyber criminals that target victims worldwide in acts of rank theft,” Rosen said.
The Chinese Embassy in Washington did not immediately return an email seeking comment. Beijing has repeatedly denied responsibility for hacking in the face of a mounting pile of indictments from U.S. authorities.
Along with the alleged hackers, U.S. prosecutors also indicted two Malaysian businessmen, Wong Ong Hua, 46, and Ling Yang Ching, 32, who were charged with conspiring with two of the digital spies to profit from computer intrusions targeting videogame companies in the United States, France, Japan, Singapore and South Korea.
The Justice Department said the pair operated through a Malaysian firm called SEA Gamer Mall. Messages left with the company were not immediately returned. Messages sent to email addresses allegedly maintained by the hackers also received no immediate response.
U.S. Assistant Attorney General for National Security John Demers said on Wednesday that the Malaysian defendants were in custody but were likely to fight extradition.
The Justice Department said it has obtained search warrants this month resulting in the seizure of hundreds of accounts, servers, domain names and “dead drop” Web pages used by the alleged hackers to help siphon data from their victims.
The Department said Microsoft Corp had developed measures to block the hackers and that the company’s actions “were a significant part” of the overall U.S. effort to neutralize them. The company acknowledged this in a statement that applauded government officials for “taking action to protect our customers.”