NZ Herald
  • Home
  • Latest news
  • Herald NOW
  • Video
  • New Zealand
  • Sport
  • World
  • Business
  • Entertainment
  • Podcasts
  • Quizzes
  • Opinion
  • Lifestyle
  • Travel
  • Viva
  • Weather

Subscriptions

  • Herald Premium
  • Viva Premium
  • The Listener
  • BusinessDesk

Sections

  • Latest news
  • New Zealand
    • All New Zealand
    • Crime
    • Politics
    • Education
    • Open Justice
    • Scam Update
  • Herald NOW
  • On The Up
  • World
    • All World
    • Australia
    • Asia
    • UK
    • United States
    • Middle East
    • Europe
    • Pacific
  • Business
    • All Business
    • MarketsSharesCurrencyCommoditiesStock TakesCrypto
    • Markets with Madison
    • Media Insider
    • Business analysis
    • Personal financeKiwiSaverInterest ratesTaxInvestment
    • EconomyInflationGDPOfficial cash rateEmployment
    • Small business
    • Business reportsMood of the BoardroomProject AucklandSustainable business and financeCapital markets reportAgribusiness reportInfrastructure reportDynamic business
    • Deloitte Top 200 Awards
    • CompaniesAged CareAgribusinessAirlinesBanking and financeConstructionEnergyFreight and logisticsHealthcareManufacturingMedia and MarketingRetailTelecommunicationsTourism
  • Opinion
    • All Opinion
    • Analysis
    • Editorials
    • Business analysis
    • Premium opinion
    • Letters to the editor
  • Politics
  • Sport
    • All Sport
    • OlympicsParalympics
    • RugbySuper RugbyNPCAll BlacksBlack FernsRugby sevensSchool rugby
    • CricketBlack CapsWhite Ferns
    • Racing
    • NetballSilver Ferns
    • LeagueWarriorsNRL
    • FootballWellington PhoenixAuckland FCAll WhitesFootball FernsEnglish Premier League
    • GolfNZ Open
    • MotorsportFormula 1
    • Boxing
    • UFC
    • BasketballNBABreakersTall BlacksTall Ferns
    • Tennis
    • Cycling
    • Athletics
    • SailingAmerica's CupSailGP
    • Rowing
  • Lifestyle
    • All Lifestyle
    • Viva - Food, fashion & beauty
    • Society Insider
    • Royals
    • Sex & relationships
    • Food & drinkRecipesRecipe collectionsRestaurant reviewsRestaurant bookings
    • Health & wellbeing
    • Fashion & beauty
    • Pets & animals
    • The Selection - Shop the trendsShop fashionShop beautyShop entertainmentShop giftsShop home & living
    • Milford's Investing Place
  • Entertainment
    • All Entertainment
    • TV
    • MoviesMovie reviews
    • MusicMusic reviews
    • BooksBook reviews
    • Culture
    • ReviewsBook reviewsMovie reviewsMusic reviewsRestaurant reviews
  • Travel
    • All Travel
    • News
    • New ZealandNorthlandAucklandWellingtonCanterburyOtago / QueenstownNelson-TasmanBest NZ beaches
    • International travelAustraliaPacific IslandsEuropeUKUSAAfricaAsia
    • Rail holidays
    • Cruise holidays
    • Ski holidays
    • Luxury travel
    • Adventure travel
  • Kāhu Māori news
  • Environment
    • All Environment
    • Our Green Future
  • Talanoa Pacific news
  • Property
    • All Property
    • Property Insider
    • Interest rates tracker
    • Residential property listings
    • Commercial property listings
  • Health
  • Technology
    • All Technology
    • AI
    • Social media
  • Rural
    • All Rural
    • Dairy farming
    • Sheep & beef farming
    • Horticulture
    • Animal health
    • Rural business
    • Rural life
    • Rural technology
    • Opinion
    • Audio & podcasts
  • Weather forecasts
    • All Weather forecasts
    • Kaitaia
    • Whangārei
    • Dargaville
    • Auckland
    • Thames
    • Tauranga
    • Hamilton
    • Whakatāne
    • Rotorua
    • Tokoroa
    • Te Kuiti
    • Taumaranui
    • Taupō
    • Gisborne
    • New Plymouth
    • Napier
    • Hastings
    • Dannevirke
    • Whanganui
    • Palmerston North
    • Levin
    • Paraparaumu
    • Masterton
    • Wellington
    • Motueka
    • Nelson
    • Blenheim
    • Westport
    • Reefton
    • Kaikōura
    • Greymouth
    • Hokitika
    • Christchurch
    • Ashburton
    • Timaru
    • Wānaka
    • Oamaru
    • Queenstown
    • Dunedin
    • Gore
    • Invercargill
  • Meet the journalists
  • Promotions & competitions
  • OneRoof property listings
  • Driven car news

Puzzles & Quizzes

  • Puzzles
    • All Puzzles
    • Sudoku
    • Code Cracker
    • Crosswords
    • Cryptic crossword
    • Wordsearch
  • Quizzes
    • All Quizzes
    • Morning quiz
    • Afternoon quiz
    • Sports quiz

Regions

  • Northland
    • All Northland
    • Far North
    • Kaitaia
    • Kerikeri
    • Kaikohe
    • Bay of Islands
    • Whangarei
    • Dargaville
    • Kaipara
    • Mangawhai
  • Auckland
  • Waikato
    • All Waikato
    • Hamilton
    • Coromandel & Hauraki
    • Matamata & Piako
    • Cambridge
    • Te Awamutu
    • Tokoroa & South Waikato
    • Taupō & Tūrangi
  • Bay of Plenty
    • All Bay of Plenty
    • Katikati
    • Tauranga
    • Mount Maunganui
    • Pāpāmoa
    • Te Puke
    • Whakatāne
  • Rotorua
  • Hawke's Bay
    • All Hawke's Bay
    • Napier
    • Hastings
    • Havelock North
    • Central Hawke's Bay
    • Wairoa
  • Taranaki
    • All Taranaki
    • Stratford
    • New Plymouth
    • Hāwera
  • Manawatū - Whanganui
    • All Manawatū - Whanganui
    • Whanganui
    • Palmerston North
    • Manawatū
    • Tararua
    • Horowhenua
  • Wellington
    • All Wellington
    • Kapiti
    • Wairarapa
    • Upper Hutt
    • Lower Hutt
  • Nelson & Tasman
    • All Nelson & Tasman
    • Motueka
    • Nelson
    • Tasman
  • Marlborough
  • West Coast
  • Canterbury
    • All Canterbury
    • Kaikōura
    • Christchurch
    • Ashburton
    • Timaru
  • Otago
    • All Otago
    • Oamaru
    • Dunedin
    • Balclutha
    • Alexandra
    • Queenstown
    • Wanaka
  • Southland
    • All Southland
    • Invercargill
    • Gore
    • Stewart Island
  • Gisborne

Media

  • Video
    • All Video
    • NZ news video
    • Herald NOW
    • Business news video
    • Politics news video
    • Sport video
    • World news video
    • Lifestyle video
    • Entertainment video
    • Travel video
    • Markets with Madison
    • Kea Kids news
  • Podcasts
    • All Podcasts
    • The Front Page
    • On the Tiles
    • Ask me Anything
    • The Little Things
  • Cartoons
  • Photo galleries
  • Today's Paper - E-editions
  • Photo sales
  • Classifieds

NZME Network

  • Advertise with NZME
  • OneRoof
  • Driven Car Guide
  • BusinessDesk
  • Newstalk ZB
  • Sunlive
  • ZM
  • The Hits
  • Coast
  • Radio Hauraki
  • The Alternative Commentary Collective
  • Gold
  • Flava
  • iHeart Radio
  • Hokonui
  • Radio Wanaka
  • iHeartCountry New Zealand
  • Restaurant Hub
  • NZME Events

SubscribeSign In
Advertisement
Advertise with NZME.
Home / Business

Chinese hackers rummage through email trash for corporate, military secrets

Other
22 Jul, 2020 07:49 PM6 mins to read

Subscribe to listen

Access to Herald Premium articles require a Premium subscription. Subscribe now to listen.
Already a subscriber?  Sign in here

Listening to articles is free for open-access content—explore other articles or learn more about text-to-speech.
‌
Save

    Share this article

The alleged hackers spent 10 years rummaging through corporate and military computer systems. Photo / 123RF

The alleged hackers spent 10 years rummaging through corporate and military computer systems. Photo / 123RF

Before an abundance of encrypted messaging apps, "trash" email folders were often used to communicate without leaving a trace.

The tactic, common among al-Qaeda terrorists - and teenagers - involved setting up an email account that two people could access, and write and read deleted messages. The technique caused the downfall of former CIA director General David Petraeus, who resigned after he was caught by the FBI talking to his lover through draft emails.

The tactic resurfaced this week when the US Government said it had caught two Chinese hackers pillaging the recycling bins of employees at "hundreds" of companies, stealing trade and business secrets work "hundreds of millions" during a 10-year spree.

The humble icon, which we largely ignore on computer desktops, was used to hide malicious software that could steal computer files, and to hoover up anything that was deleted. The folder where recycle bin files are stored is hidden by default on Windows machines, "and system administrators can thus be less likely to discover files saved there", Washington claimed.

Advertisement
Advertise with NZME.
Advertisement
Advertise with NZME.

The Department of Justice claimed that the hackers were focused on stealing intellectual property for profit when they began their spree in September 2009.

Alleged cyber attacks by the pair were carefully carried out to try to hide any chance of their entry into computer networks being detected.

It's claimed that as well as hiding files in recycle bins, they also renamed stolen files to make it look as if they were actually just innocent image files being transferred outside of computer networks.

In reality, they were confidential files that could be of great value to the Chinese military.

Advertisement
Advertise with NZME.

What we know about the alleged hackers

Li Xiaoyu and Dong Jiazhi were friends who met during their computer science course in Chengdu, China.

Their alleged spoils ranged from radio and antennae technology from a California-based technology and defence company, to information on supply chains from a manufacturing firm that revealed a global shortage of a key component.

Satellite business proposals, military workers' personal information and the source code for two games, one of which is yet to be released, from a California game-maker and subsidiary of a Japanese company were also allegedly stolen. The hackers attempted to extort one of their victims by threatening to leak the stolen material online, according to the indictment.

More recently, the suspects are accused of infiltrating pharmaceutical and biotech companies, grabbing years of research and development that would allow a rival under different laws to produce a treatment without any of the initial costs.

The hackers also broke into pharmaceutical company computers. Photo / 123RF
The hackers also broke into pharmaceutical company computers. Photo / 123RF

Somewhere along the line, it's believed they became entangled in the Chinese military, handing over email accounts and passwords belonging to a community organiser in Hong Kong, the pastor of a Christian church and a dissident and former Tiananmen Square protestor.

Emails from a US professor and organiser, and two Canadian residents, who advocated for freedom and democracy in Hong Kong, were also stolen, according to the indictment.

The attacks weren't limited to the US, either. The indictment, revealed by the US government on Tuesday, shows that the hackers also broke into computer networks of businesses in the UK, Australia, Germany and Japan, among other countries.

Chester Wisniewski, principal research scientist at Sophos, said the coordinated campaign "reads like a state-sponsored attack textbook", and that "pillaging people's trash cans and hiding things there is both an evasion and an obfuscation tactic".

Government-sponsored attacks

What is unusual, however, is that the suspects appear to be freelance hackers who apparently received numerous state requests, "and probably cannot say no", Wisniewski says. This blurs the lines of what is a civilian and what is military with regard to the criminal status, and the diplomatic row that will ensue after the charges.

It is unclear why the Department of Justice waited until the pair allegedly started spying on Covid-19 research to blow the cover of the investigation, but it comes just days after Foreign Minister Dominic Raab revealed that vaccine researchers on British soil had been the target of Russian hackers.

Advertisement
Advertise with NZME.

The British Government has not confirmed if any vaccine data was stolen.

The news will be a wake-up call to employees working remotely and those working within IT departments at companies working with confidential material. The hackers depended on corporations failing to update their software, the US said.

The suspects' ability to get into the corporate network, and access recycling bins, relied heavily on known software glitches in common corporate software and they would act quickly on vulnerabilities that had just been announced before companies had time to patch their systems.

But sometimes the hackers hit roadblocks, such as when they found they were unable to break into the emails of a Burmese human rights group. They turned to their Government handlers inside China's Ministry of State Security for help and were given a valuable piece of malware, which even advanced security systems couldn't guard against.

The indictment shows the full range of tools used by the hackers, including the use of services that can scan a target computer system to search for any weak points with outdated software that could be used as an entry point into the organisation.

Experts say uncovering the hacking campaign underscores the need for businesses and organisations to make sure their systems are kept up to date.

Advertisement
Advertise with NZME.

"Patching now has never been more important," says Jake Moore, a cyber security specialist at ESET. "Persistent threats are becoming more advanced on a daily basis, and businesses and government agencies are struggling to keep them at bay to a greater extent than we have ever seen before."

Hackers have recently found it easier than ever to sneak into supposedly secure computer networks because of the rise in the number of people working from home during the pandemic.

This has allowed them to blend in with unusual traffic on networks, and has let them take advantage of flaws in virtual private network software used by employees to log in from home.

Cyber espionage is widely accepted as fair game among cyber security experts, with the understanding that the UK and US gives as much as it gets.

But this apparent surge in activity where individuals - and states - are exploiting the coronavirus pandemic and targeting researchers working tirelessly to help, may spark retaliation.

- Telegraph Media Group

Advertisement
Advertise with NZME.
Save

    Share this article

Latest from Business

Premium
Shares

Market close: IkeGPS continues run, up 8.6%

Premium
New Zealand

'Bringing the community together': Young new owner's plans for Hastings cinema

Premium
Retail

HelloFresh pleads guilty after ‘subscription traps’ tricked customers


Sponsored

Tired of missing out on getting to global summits to help grow your business?

Advertisement
Advertise with NZME.

Latest from Business

Premium
Premium
Market close: IkeGPS continues run, up 8.6%
Shares

Market close: IkeGPS continues run, up 8.6%

Gentrack dipped 4.23% after two large trades, one analyst said.

14 Jul 05:57 AM
Premium
Premium
'Bringing the community together': Young new owner's plans for Hastings cinema
New Zealand

'Bringing the community together': Young new owner's plans for Hastings cinema

14 Jul 04:29 AM
Premium
Premium
HelloFresh pleads guilty after ‘subscription traps’ tricked customers
Retail

HelloFresh pleads guilty after ‘subscription traps’ tricked customers

14 Jul 03:51 AM


Tired of missing out on getting to global summits to help grow your business?
Sponsored

Tired of missing out on getting to global summits to help grow your business?

14 Jul 04:48 AM
NZ Herald
  • About NZ Herald
  • Meet the journalists
  • Newsletters
  • Classifieds
  • Help & support
  • Contact us
  • House rules
  • Privacy Policy
  • Terms of use
  • Competition terms & conditions
  • Our use of AI
Subscriber Services
  • NZ Herald e-editions
  • Daily puzzles & quizzes
  • Manage your digital subscription
  • Manage your print subscription
  • Subscribe to the NZ Herald newspaper
  • Subscribe to Herald Premium
  • Gift a subscription
  • Subscriber FAQs
  • Subscription terms & conditions
  • Promotions and subscriber benefits
NZME Network
  • The New Zealand Herald
  • The Northland Age
  • The Northern Advocate
  • Waikato Herald
  • Bay of Plenty Times
  • Rotorua Daily Post
  • Hawke's Bay Today
  • Whanganui Chronicle
  • Viva
  • NZ Listener
  • Newstalk ZB
  • BusinessDesk
  • OneRoof
  • Driven Car Guide
  • iHeart Radio
  • Restaurant Hub
NZME
  • About NZME
  • NZME careers
  • Advertise with NZME
  • Digital self-service advertising
  • Book your classified ad
  • Photo sales
  • NZME Events
  • © Copyright 2025 NZME Publishing Limited
TOP