(中央社記者鄭崇生華盛頓20日專電)美國司法部今天抨擊,中國政府支持的駭客持續竊取華府及盟邦的商業與政府機密。美國副司法部長羅森斯坦說,這實在「不可接受」,並起訴和通緝2名與中國官方合作的駭客。
羅森斯坦(Rod Rosenstein)和聯邦調查局(FBI)局長瑞伊(Chris Wray)及相關官員召開記者會,現場擺出2名中國駭客的資料及照片,他們分別是朱華、張士龍。美國司法部門已起訴兩人,並針對兩人發出通緝令。
羅森斯坦和瑞伊今天的談話,展現美國對中國駭客長期以來竊密及間諜行為「雖遠必誅」的態勢。
羅森斯坦說,中國國家資助的駭客已非首次攻擊美國,自2014年美國起訴具解放軍背景的5名駭客以來,中國由國家支持、針對美國企業與政府部門的犯罪活動一直沒停過,中國「說一套、做一套」,違反自身承諾,不只美國,許多國家都深受其害,這是「不可接受的」。
他指出,美國和其他盟邦清楚中國在做什麼,也了解中國為什麼這麼做,在一些案例中,美國甚至知道那些電腦螢幕前的鍵盤俠是誰,違反美國法律者,不會因他們受外國政府保護,就不受追究。
羅森斯坦提出數據指出,過去7年,美國起訴涉及經濟的間諜案,逾9成與中國有關;涉竊取商業機密的案件,則有2/3與中國有關。
羅伊則說,美國的行動不是針對中國人民,而是針對中國政府資助的駭客與間諜,「美國歡迎公平競爭,但美國不能容忍違法的駭客入侵及間諜行為」;他還說,中國的網路攻擊是美國的長期威脅,中國想取代美國成為引領世界的超級大國,卻使用非法手段達成這一目標。
他表示,不論是穿制服的中國軍方人員,還是看似民營、卻受官方支持的中資機構,中國這些「非法、不道德且不公平的做法」,美國司法體系都會追究。
根據起訴書,朱華與張士龍是中國駭客組織APT 10的重要成員,兩人與中國國家安全部天津國安局合作,大規模竊取各類資料,包括數十萬筆的美國海軍人員資訊及機密,還竊取美國太空總署(NASA)的實驗室資訊。
另外,APT 10還入侵數個託管服務供應商(MSP),這些託管服務供應商處理多國政府或商業公司的資料數據,中國駭客不只藉此侵入美國地方司法機關的網路,包括巴西、加拿大、芬蘭、法國、德國、印度、日本、瑞典、瑞士、英國及阿拉伯聯合大公國也受害。
Companies in Canada were among the targets of two Chinese citizens charged with waging an extensive hacking campaign to steal valuable data over many years, U.S. authorities say.
In an indictment unsealed Thursday, prosecutors say Zhu Hua and Zhang Shilong were acting on behalf of China’s main intelligence agency to pilfer information from several countries.
Beginning about four years ago, Zhu and Zhang waged an intrusion campaign to gain access to computers and networks of “managed service providers” for businesses and governments around the world, the indictment says.
Such providers are private firms that manage clients’ information by furnishing servers, storage, networking, consulting and information-technology support. Breaking into one such computer system can provide a route into multiple customers’ data; the hackers breached the computers of enterprises involved in activities ranging from banking and telecommunications to mining and health care, say the papers filed in U.S. District Court.
The indictment says Zhu and Zhang are members of a group operating in China known as Advanced Persistent Threat 10. They purportedly broke into computers belonging to — or providing services to — companies in at least 12 countries, including Canada.
How? According to the indictment, they used forged emails to get unwitting recipients to open files impregnated with security-breaching malware, a technique called “spear-phishing.”
The two suspects, who worked for Huaying Haital Science and Technology Development Co. in Tianjin, are accused of acting in association with the Chinese Ministry of State Security’s Tianjin State Security Bureau.
Strengthening the login process
Canada’s Communications Security Establishment issued a statement supporting the U.S. allegations a few hours after the American announcement.
“Today, many of Canada’s allies and partners have made statements concerning the compromise of several Managed Service Providers. CSE also assesses that it is almost certain that actors likely associated with the People’s Republic of China (PRC) Ministry of State Security (MSS) are responsible for the compromise of several Managed Service Providers (MSP), beginning as early as 2016,” it said.
The statement said Canadian authorities detected the threat at the time and warned businesses in general terms about good security habits in dealing with these providers.
The CSE sent out a more detailed bulletin after Thursday’s indictments, advocating practices such as “multi-factor authentication,” which requires people to sign into computers in more than one way, and running background monitoring software that sends up an alert when an apparently legitimate user starts doing unusual things on a company network.
Canada targeted
The alleged hackers provided Chinese intelligence officials with sensitive business information, said U.S. deputy attorney general Rod Rosenstein.
“This is outright cheating and theft, and it gives China an unfair advantage at the expense of law-abiding businesses and countries that follow the international rules in return for the privilege of participating in the global economic system,” Rosenstein said.
In one case, the indictment says, the APT10 Group obtained unauthorized access to the computers of an unnamed service provider that had offices in New York state and then compromised the data of the provider and clients in Canada, the United States, Britain, Brazil, Finland, France, Germany, India, Japan, Sweden, Switzerland and the United Arab Emirates.
The victims included a global financial institution, three telecommunications or consumer electronics companies, three manufacturing firms, two consulting companies, and businesses involved in healthcare, biotechnology, mining, automotive supply and drilling, authorities say. None of them is specified by name in the indictment.
In another campaign that began as early as 2006, the APT10 Group, including Zhu and Zhang, allegedly attacked the computers and networks of more than 45 technology companies and U.S. government agencies to steal valuable information and data about various technologies.
The group made off with hundreds of gigabytes of sensitive data by targeting the computers of companies involved in aviation, space and satellite technology, manufacturing, pharmaceuticals, and oil and gas exploration, among others, the indictment says. It also broke into computers that held data belonging to NASA and the U.S. navy and took private identify information of more than 100,000 navy personnel, the indictment says.