Three From China Indicted In Hacks -- WSJ

This article is being republished as part of our daily reproduction of articles that also appeared in the U.S. print edition of The Wall Street Journal (November 28, 2017).

Three Chinese people have been indicted in the U.S. for allegedly hacking into the email account of a Moody's Analytics economist and stealing confidential business information from German electrical engineering giant Siemens AG, according to an indictment unsealed Monday.

The hackers targeted an unnamed "influential economist" at Moody's and forwarded the economist's emails to themselves beginning in 2011, court papers said. The indictment alleges that the economist, who isn't identified by name but is described in detail, was the victim of a scheme in which all of his incoming emails were forwarded beginning no later than 2011 to an email account that was then accessed by one of the defendants.

The indictment provides numerous details about the economist in question, and they closely match the background of Moody's chief economist Mark Zandi. Mr. Zandi declined to comment and referred questions Monday to a Moody's spokesman, who declined to comment on its economist.

Mr. Zandi is a high-profile economist who has provided analysis for Sen. John McCain (R., Ariz.) and has frequently been cited by congressional Democrats and Obama administration officials.

The alleged hackers also gained unauthorized access to Siemens's computer networks and removed about 407 gigabytes of data in 2015 from the network, including files created by Siemens' energy, technology and transportation businesses, according to the indictment. The alleged hackers also targeted in 2015 and 2016 the networks of GPS developer Trimble Inc., stealing information about a product then in development to improve the positioning accuracy of mobile devices in a cost-effective way, the indictment said.

A Siemens representative said the company doesn't comment on "internal security matters" but that it "rigorously" monitors its networks.

A representative for Trimble said the company had responded to the attempted hacks and determined they had "no meaningful impact" on its business.

With the case, U.S. prosecutors are continuing a name-and-shame campaign to publicize alleged foreign hackers even though the defendants aren't in custody and are unlikely to see the inside of a U.S. courtroom any time soon. The defendants are believed to be in China, according to a Justice Department spokesman. China and the U.S. don't have an extradition treaty.

The indictment doesn't detail what the motivations of the alleged hackers may have been. "We can't divine why they targeted these corporations in particular," said Soo Song, the acting U.S. attorney in Pittsburgh, whose office is prosecuting the case. "We do allege that there was some financial incentive or benefit that would have motivated them to make these infiltrations."

The three alleged hackers are owners of, or employed by, a Chinese cybersecurity firm called BoYu Information Technology Co., or Boyusec, the indictment said -- a company that private security researchers have linked to the Chinese government. The indictment doesn't allege the hackers had any state backing, but Justice Department officials said Monday the Chinese government wasn't responding to U.S. requests for help in prosecuting the alleged hackers.

U.S. officials sought China's assistance in putting a stop to Boyusec's activities in October after the indictment was returned in September, received "no meaningful response," and decided to make the charges public, a Justice Department spokesman said Monday.

The three alleged hackers -- Wu Yingzhuo, Dong Hao and Xia Lei -- are based in Guangzhou, China, according to the indictment, which says the company is also based there. Neither the defendants nor Boyusec could immediately be reached for comment.

A representative of the Chinese embassy in Washington didn't comment on the indictment, but pointed to a Justice Department summary of the October cybersecurity dialogue that described efforts to improve cybercrime cooperation between the U.S. and China.

"We work hard to bring these charges...if you don't identify and expose the conduct, nothing will ever change," Ms. Song said.

The case is similar to a 2014 indictment against five Chinese military officers, which alleged those officers hacked U.S. companies' computers to steal trade secrets to benefit Chinese state-owned companies that were competitors. After that indictment, experts said they found a drop in such activity from China. Those officers haven't been arrested, but the case helped lead to a 2015 agreement between U.S. and China under which both countries said they wouldn't support cyberespionage for commercial purposes. While the agreement appears to have slowed such activity, experts say it hasn't stopped.

The 2015 agreement may have put pressure on China to use private contractors, such as Boyusec -- also known by the names APT 3 and Gothic Panda -- to acquire sensitive information, rather than using military hackers, said Adam Meyers, vice president of intelligence with the cyber investigation firm CrowdStrike Inc. The intelligence firm Recorded Future Inc. has linked employees of Boyusec to China's intelligence agency, known as the Ministry of State Security.

Boyusec's past targets victims include targets of interest to the Chinese government including Hong Kong free speech dissidents, Mr. Meyers said. And the targeting of Mr. Zandi hints at a political, rather than financial motive.

Mr. Zandi, described as an "influential economist" in the indictment, co-founded an economic-forecasting firm that was purchased by Moody's Corp. in 2005. A registered Democrat, he was an economic adviser to Mr. McCain's 2008 presidential campaign and was later consulted regularly by congressional Democrats and the Obama administration on housing and economic issues during and after the financial crisis.

Moody's said the company has worked closely with U.S. law enforcement during the investigation and didn't believe any confidential customer data or other personal employee information had been compromised. Moody's Analytics is a unit of Moody's Corp.

Boyusec's website was offline on Monday, but a version of the company's webpage that was saved by the Internet Archive says the company sells security assessment services.

It also advertised a partnership with Chinese technology giant Huawei Technologies Corp., whose telecom gear was effectively banned in the U.S. after a 2012 congressional report raised fears that its networking equipment could be used to spy on Americans. That company, founded by a former Chinese army engineer, has repeatedly dismissed such concerns.

Write to Aruna Viswanatha at, Robert McMillan at and Nick Timiraos at

(END) Dow Jones Newswires

November 28, 2017 02:47 ET (07:47 GMT)