This week in Tripwire’s countdown of the FBI’s Cyber’s Most Wanted, we name three hackers bound together in cybercrime: Wen Xinyu, Huang Zhenyu and Sun Kailiang.
Our suspects made headlines earlier this year when the United States Department of Justice indicted five Chinese hackers for committing economic and cyber espionage against several American companies. Wen, Huang and Sun were among the five named.
The other two Chinese hackers, Wang Dong and Gu Chunhui, are also currently wanted by the FBI.
All five defendants are charged with one count of conspiracy to commit computer fraud, eight counts of unlawfully trying to access information for commercial advantage, 14 counts of trying to secretly damage protected computers, six counts of identity theft, one count of economic espionage, and one count of trade secret theft.
They each face a maximum sentence of 217 years in federal prison.
Since 2006, Wen, Huang and Sun have been targeting American corporations, stealing sensitive documents and in some cases, infecting company computers with malware.
For instance, in 2010, Sun infiltrated Westinghouse while the company was negotiating the construction of a power plant with a Chinese state-owned enterprise (SOE). Ultimately, he made off with more than 700,000 pages of emails, as well as crucial insight in regards to Westinghouse’s negotiation strategy.
Other corporations, including SolarWorld, U.S. Steel and ATI, were also compromised.
The indictment earlier this year dealt exclusively with the “Comment Crew,” officially known as Unit 61398 of the People’s Liberation Army (PLA), while neglecting to mention the other 20 hacking groups operating under the PLA.
Prior to the indictment, the United States had never leveled criminal charges against China for its cyber espionage campaign; therefore, many consider it an unprecedented declaration of cyber war by the United States.
Significantly, Wen, Huang, Sun, and the charges leveled against them demonstrate that individual hackers are not the only ones who can run afoul of the law.
“State actors engaged in cyber espionage for economic advantage are not immune from the law just because they hack under the shadow of their country’s flag,” said Assistant Attorney General for National Security John Carlin.
“Cyber theft is real theft, and we will hold state-sponsored cyber thieves accountable as we would any other transnational criminal organization that steals our goods and breaks our laws.”
This is strong rhetoric. However, as China has no extradition treaty with the United States, it is unlikely these hackers will be arrested and put on trial anytime soon.
In case you missed it, you can check out the rest of the countdown here:
- The Ten Most Wanted Hackers By The FBI – No. 7 and No. 6
- The Ten Most Wanted Hackers By The FBI – No. 9 and No. 8
- The Ten Most Wanted Hackers by The FBI – No. 10
- Hacker Myths Debunked
- Top Five Hacker Tools Every CISO Should Know
- Infosec’s Rising Stars and Hidden Gems: The Hackers
- Average Cyber Crime Incident Costs Companies $12.7 Million
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].