This week in Tripwire’s countdown of the FBI’s 10 most-wanted black-hat hackers
, we name three hackers bound together in digital crime: Wen Xinyu
, Huang Zhenyu
and Sun Kailiang
The suspects made headlines in May 2014 when the United States Department of Justice indicted
five suspected Chinese nationals for allegedly committing economic and cyber espionage against American companies. Wen, Huang and Sun were among the five named.
The FBI is also currently pursuing Wang Dong
and Gu Chunhui
, the other two Chinese hackers named in the Department of Justice indictment.
Together, the five suspects face one count of conspiracy to commit computer fraud, eight counts of unlawfully trying to access information for commercial advantage, 14 counts of trying to secretly damage protected computers, six counts of identity theft, one count of economic espionage and one count of trade secret theft. Those counts amount to a maximum sentence of 217 years in federal prison for each suspect.
Since as early as 2006, Wen, Huang and Sun have been targeting American corporations, stealing sensitive documents and in some cases infecting company computers with malware.
For instance, Sun infiltrated Westinghouse in 2010 while the company was negotiating the construction of a power plant with a Chinese state-owned enterprise (SOE). Ultimately, he made off with more than 700,000 pages of emails
as well as crucial insight into Westinghouse’s negotiation strategy.
Sun and his fellow criminals compromised other corporations including SolarWorld, U.S. Steel and ATI as part of their attack campaigns.
The Justice Department's indictment dealt exclusively with the “Comment Crew,” officially known as Unit 61398 of the People’s Liberation Army (PLA). It didn't mention dozens of other hacking groups operating under the PLA's supervision.
Prior to the indictment, the United States had never leveled criminal charges against China for its digital espionage activity. The 2014 indictment was therefore significant in that it affirmed nation-states like China can violate the law just as the black-hat hackers whom they sponsor.
"State actors engaged in cyber espionage for economic advantage are not immune from the law just because they hack under the shadow of their country’s flag," said Assistant Attorney General for National Security John Carlin
. "Cyber theft is real theft, and we will hold state-sponsored cyber thieves accountable as we would any other transnational criminal organization that steals our goods and breaks our laws."
This was strong rhetoric at the time. However, as China has no extradition treaty with the United States, it is unlikely these hackers will be arrested and put on trial anytime soon.
In case you missed it, you can check out the rest of Tripwire's black-hat hacker countdown here:
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities
, which is available for download [registration form required].