Federal prosecutors indicted three Chinese nationals this week for using a spearphishing campaign to steal trade secrets.
They apparently used "hop points" to try to hide their true location, but prosecutors say they made a mistake that created a path back to them. Interestingly, they are co-founders of a cybersecurity company in China.
In this case, they allegedly made off with hundreds of gigabytes of information from Siemens, Moody's Analytics, and satellite GPS company Trimble. Video of Acting U.S. Attorney Soo Song, explaining who these men are:
Prosecutors say previous trade secret hacks perpetrated by the Chinese include U.S. Steel, Westinghouse, Alcoa, and Solar World, among others.
And at SecureWorld cybersecurity conferences this year, we talked to the former Director of Operations at U.S. Cyber Command about this very topic.
Major General (Ret.) Brett Williams told us that stealing trade secrets is how the Chinese operate. "For China, it's very hard to hide the fact that their R&D world is largely based on theft of intellectual property." And it's part of the reason he put China on his list of top three cyber threats to the United States.
Does indicting foreign hackers make any difference?
Reporters at the press conference asked tough questions about the relevance of indicting the three Chinese men who are unlikely to ever be extradited to the United States.
Prosecutors responded that the men can be arrested if they travel outside of China and that the United States is dedicated to stopping bad actors in cyberspace that attack the United States, regardless of where they are attacking from.