Recent United States Department of Justice (“DOJ”) indictments of Chinese hackers provide a reminder that trade secrets and other intellectual property stored on databases are attractive targets to bad actors. The DOJ announced that seven international defendants were charged in connection with computer intrusion campaigns impacting more than 100 victims in the United States and abroad.
The victims of the cyberattacks included software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments. The hacking facilitated the theft of source code, software code signing certificates, customer account data, and other valuable business information. These cyberattacks also enabled the defendants’ other criminal schemes, including ransomware attacks and “crypto-jacking” schemes, which involve the unauthorized use of victim computers to “mine” cryptocurrency.
The United States District Court for the District of Columbia issued arrest warrants for the defendants. Five of the defendants are residents and nationals of China and remain fugitives. Two other defendants, charged with conspiring with the Chinese hackers to profit from computer intrusions targeting the video game industry, were arrested in Malaysia. In addition to the arrest warrants, the court issued seizure warrants that resulted in the seizure of hundreds of accounts, servers, domain names, and command-and-control (“C2”) “dead drop” web pages used by the defendants to conduct their computer intrusion offenses.
These indictments are part of a larger effort by U.S. law enforcement to stop Chinese appropriation of American trade secrets. For example, in July 2020, the DOJ obtained other indictments of individuals involved in state-sponsored theft, and the U.S. State Department closed the Chinese consulate in Houston, Texas, in response to allegations that certain trade secret thefts were being carried out by Chinese operatives.
The recent actions serve as a reminder that bad actors are actively pursuing to wrongfully acquire trade secrets from United States-based companies. It is important to monitor network and software security and to eliminate vulnerabilities that can be targeted by hackers. Learn more about best practices to protect trade secrets and prevent theft here.