Potential rift with China over hacking charges

The Justice Department tried and failed to get Beijing’s help with locating and apprehending three Chinese hackers who stole sensitive data from the manufacturing giant Siemens and two American companies, a DOJ spokesman told MC on Monday.

The Trump administration on Monday unsealed charges against the three hackers for allegedly breaching Siemens, Moody’s Analytics and the GPS services firm Trimble. During an October meeting of U.S. and Chinese officials to discuss law enforcement and cybersecurity matters, DOJ asked the Chinese delegation for help with the case. “We received no meaningful response,” said DOJ spokesman Wyn Hornbuckle in an email. The revelation suggests that cybercrime-related cooperation between the two major cyber powers has not improved significantly since a 2015 agreement meant to strengthen that dialogue.

An unexplained connection between the defendants and the Chinese government might have complicated Beijing’s assistance. One of the men, Wu Yingzhuo, has been linked to a notorious hacker group with ties to China’s Ministry of State Security. The DOJ indictment mentions that Wu and his co-defendants used a form of malware associated with that group — dubbed APT 3 for its status as an “advanced persistent threat” — but it does not allege that Beijing played a role in the Siemens, Moody’s and Trimble breaches. “The indictment makes no allegations regarding state sponsorship,” Hornbuckle confirmed.

As part of the 2015 cyber deal, the U.S. and China agreed not to use their hackers to steal business data for commercial purposes. Chinese officials accepted the restriction to avoid American economic sanctions under a then-new executive order. A year earlier, the Obama administration had indicted five Chinese government hackers for cyber-enabled economic espionage, and Beijing worried that Obama would use the sanctions authority to go further. If Beijing were directly involved in the breaches described in the new indictment — and if, as the indictment suggests, they were carried out to help the victims’ corporate rivals in China — that would violate the deal.

HAPPY TUESDAY and welcome to Morning Cybersecurity! So maybe it was a cyber-y Cyber Monday after all. Send your thoughts, feedback and especially tips to tstarks@politico.com and be sure to follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info below.

HACKING THE ROOM SERVICE MENU — The technical standards agency NIST wants help from outside experts in preparing cybersecurity guidance for hotels. In a recently published Federal Register notice, NIST invited “interested parties” to apply for partnerships with the agency “to provide products and technical expertise to support and demonstrate security platforms” for the hospitality industry. “Hospitality organizations rely on property management systems (PMS) for daily tasks, planning, and record keeping,” NIST said on its website. These systems manage Wi-Fi networks, electronic locks and other vital pieces of equipment. But third-party companies, like on-property restaurants, may connect to these systems, increasing the risk of a hack that compromises all of the data. “Demonstrating methods to improve the security of the PMS can help protect the business from network intrusions that might lead to data breaches and fraud.” NIST said it would launch its partnerships once it had enough applications “to address all the necessary components and capabilities,” but no sooner than Dec. 26.


Continue reading…