>The nine-count indictment alleges that Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke(许可) and Liu Lei (刘磊) were members of the PLA’s 54th Research Institute, a component of the Chinese military.
How were they identified exactly? I'm always fascinated with these DOJ indictments of foreign state actors but I'm always left wondering how they managed to narrow it down to a small group of people. I'm guessing that "PLA’s 54th Research Institute" employs thousands of people so how does the FBI/DOJ identify the culprits so precisely? Is it through CIA/NSA spying and moles inside the PLA?
You don't see foreign governments identifying individual NSA employees when the NSA hacks into something... so how does the DOJ do it?
> How were they identified exactly? I'm always fascinated with these DOJ indictments of foreign state actors but I'm always left wondering how they managed to narrow it down to a small group of people.
My guess is they counter-hacked the PLA’s 54th Research Institute to identify the culprits, then used parallel construction for the indictment.
IIRC, the public intelligence report on the Russian 2016 election influence campaign revealed that the US had counter-hacked some of the Russian groups involved, and used the information gained from that as evidence to attribute the overall campaign to the Russians.
They've just named some names. These people might be associated with that "institute", but they're just as likely to be custodians or secretaries as hackers.
On the "surveillance footage", were they mopping and sweeping? I wonder whether such "footage" constitutes prima facie evidence for an indictment going the opposite direction...
Your reply to that comment was about Russia, so everything from that on down was probably a waste of time. Then again, we're talking about DoJ indictments of foreign soldiers for allegedly accessing data that was open to all, so the whole thing has been a waste of time from the beginning. It's a good thing there isn't any real crime in USA for DoJ to investigate.
> TFA and my first comment ITT are about China. Your reply to that comment was about Russia, so everything from that on down was probably a waste of time.
Can you even follow the thread? The TFA is an American indictment against some Chinese government hackers. There are some unanswered questions about it, which were partially answered by speculation informed by parallels to a similar indictment against Russian government hackers [1] and related reporting [2].
[1] See https://www.justice.gov/opa/pr/grand-jury-indicts-12-russian...: "In 2016, officials in Unit 26165 began spearphishing volunteers and employees of the presidential campaign of Hillary Clinton, including the campaign’s chairman. Through that process, officials in this unit were able to steal the usernames and passwords for numerous individuals and use those credentials to steal email content and hack into other computers. They also were able to hack into the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC)..."
Haha ok who's really "trolling" whom? There was an unsubstantiated claim that something had happened in one nation, therefore we can assume it happened in some other nation! Further, we really believe that you really believe those TLA posers were sitting there watching John Podesta tell someone in Russia that his password is "Runner4567", because only Russian hackers would be so clever to phish a genius like John Podesta.
Indictments don't contain evidence. Sometimes they contain rumors of evidence.
>>> Then again, we're talking about DoJ indictments of foreign soldiers for allegedly accessing data that was open to all...
I just noticed that you made a pretty mind-boggling claim there. Is it really your position that Equifax's data was "data that was open to all"?
> There was an unsubstantiated claim that something had happened in one nation, therefore we can assume it happened in some other nation!
No, we can make informed speculation in a discussion. That's quite different than "assuming it [actually] happened."
The main issue here is that you appear to read something, misunderstand or exaggerate it into hyperbole, then respond to your own hyperbole. That's not a good way to have a discussion with anyone.
You are working very hard to support my original statement, you didn't read the indictments very closely (or at all).
If you knew anything about cybercrime attribution, you'd know that indictment was detailed far beyond anything we've ever seen from the DOJ. They took the extraordinary step of giving away hints on collection sources/methods just to make the evidence overwhelming and undeniable.
Which was my point, which instead of addressing you keep trying to obfuscate. Because you are a troll.
I remember your user name, you popped up in another thread about US/China, talked baseless anti-US conspiracies then left. Is there a reason you spend time out of your day to do this?
The "war" you referenced btw, the one we are discussing in this thread, is against the US. Do tell us how the Chinese Military hacking American private companies is somehow the fault of America.
There isn't actually a war. Some Chinese people have been accused of accessing some PII published by Equifax. Even mentioning "war" in these circumstances is a bit twisted. Unlike small nations who can't defend themselves, if we start something with China we'll get our asses kicked. Then your agitation for violent conflict won't seem like such a great idea...
You are guessing that they are guessing, and don't in fact know that. Your opinion has the right to exist, but I'll choose to believe that they identified actual military intelligence officers using methods they're not going to tell us about, to send a strong message to China (whether these specific officers are guilty of these specific offences is immaterial, the outing itself is the message).
I am pretty sure this one is for domestic consumption.
The Chinese are a bogeyman comparable to the Russians. Being tough on them and have the other party being in bed with them is something that is surely useful in a coming election campaign.
As for the ability to trace back traffic sent through 30+ computers placed around the world including China; just think of what surveillance and logging that would entail. It is not really possible.
Other than potentially exposing sources and methods what do they gain exactly? They aren't going to Beijing to arrest them, and only legal indictments aren't(and haven't) going to scare off China.
What if China says “we’re sending you a plane with the four individuals you are after. We insist on their innocence and want to see a fair and public trial”
Then DOJ would have to reveal their sources, wouldn’t they?
What they've done in the past [0], is continually to delay the actual trial. The idea is to force the defendants either to avoid setting foot in the jurisdiction or to spend their entire net worth on defense attorneys.
Or drop charges. This is clearly a what-if that's been taken into account, the implication being that these people either are in fact military intelligence or otherwise very valuable, or don't exist at all.
If Iran made such an accusation against 4 NSA employees, that were actually innocent, do you think that those 4 people would ever be handcuffed, and put on a flight to Iran?
Of course not, that would be idiotic, and horrible for morale. You don't give your own people up, regardless of whether or not they are innocent or guilty.
As such, this is a spherical cow thought experiment. To address it - it's quite likely that the sources would not be revealed in an open trial, due to the catch-all of national security. For a helping of double irony, the sources are likely the product of... Espionage (Digital or otherwise).
Sure, but the US can actually try foreign military officers somewhat fairly. Almost no country in the world can accomplish that, other than perhaps the UK and Canada.
It doesn't matter if the trial is going to be fair or not. Doing this is the worst kind of betrayal that a military can commit against a soldier.
This is also why the US is not even a signatory of the ICC. It, by principle, opposes the sheer notion of Americans facing international trials for war crimes, even in impartial, third party courts. There's no way in hell it would extradite its spies to face trials for computer crimes.
It's arguments for not participating in the ICC are that the trials would be political, and not impartial. That's a stick with two ends.
My first thought was that American spies must have infiltrated the PLA's 54th Research Institute, or infiltrated some branch of the chinese government that was privy to that information at least.
Which is pretty ironic, really. Whoever did the hacking for the US could be charged by China for basically the same thing the DOJ just charged the Chinese hackers for.
Forensics. Attackers use and sometime re-use domains, ips and code to recon, attack and exfil data. Those items may have been used before. All the attributes related to each of those items are cross referenced. You might find a server in this breach was associated with an email address that was used to register a domain in the current breach. That email now loosely ties the two breaches and actors together.
If they made it public, they could never do it again.
You don't see foreign governments identifying individual NSA employees when the NSA hacks into something...
I suspect that it does happen, but most people don't know about it because that requires knowing another language, and then regularly keeping up with the media of another country in that language.
I'm guessing part of the reason they're willing to ID them is because the DOJ knows this will never actually get to court where they'd have to explain how they found them.
Seems likely. I wouldn't be suprised if it was done as a way to get them put on watchlists in all western countries without having to officially reveal any sources or methods.
>The nine-count indictment alleges that Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke(许可) and Liu Lei (刘磊) were members of the PLA’s 54th Research Institute, a component of the Chinese military.
How were they identified exactly? I'm always fascinated with these DOJ indictments of foreign state actors but I'm always left wondering how they managed to narrow it down to a small group of people. I'm guessing that "PLA’s 54th Research Institute" employs thousands of people so how does the FBI/DOJ identify the culprits so precisely? Is it through CIA/NSA spying and moles inside the PLA?
You don't see foreign governments identifying individual NSA employees when the NSA hacks into something... so how does the DOJ do it?