A Chinese man accused of hacking University of Texas Medical Branch email accounts in search of COVID-19 vaccine research made off with about 1.5 gigabytes of emails, an FBI agent testified Thursday.
Xu Zewei confirmed his haul in a text message to a Chinese intelligence official who in February 2020 asked him if he had found anything "juicy or good" from his intrusion into the medical branch's computer network, FBI Special Agent Benjamin Hyman testified.
Xu, 34, was arrested last year in Italy and charged with nine federal felonies, including wire fraud, intentional damage to a protected computer and aggravated identity theft. He was extradited to the United States last week.
On Thursday, U.S. Magistrate Judge Richard W. Bennett ordered Xu held in custody until his trial, citing the high incentive for Xu to try to flee if he were released on bond.
During a detention hearing before Bennett, Hyman repeated much of the information that was revealed last year when Xu was initially arrested. He and another man, Zhang Yu, were accused of hacking into U.S. institutions at the behest of the Shanghai State Security Bureau, the Chinese equivalent of the CIA, apparently in search of COVID-19 treatment information in the early days of the pandemic.
UTMB, located on the east end of Galveston, is home to some of the nation's top infectious disease researchers. Xu is believed to have used the credentials of the medical branch's IT administrator to gain access to the institution's virtual private network, and continued to access emails. Authorities haven't said which researchers were targeted, but have previously said the targets included three virologists or immunologists.
Xu and Zhang are also accused of hacking into systems at a university in North Carolina and another university in Texas.
In the case of the UTMB hack, the men are accused of using a vulnerability — CVE-2019-11510 — to read memory fields and steal the administrator's credentials.
FBI agents in Houston and Philadelphia were able to track Xu down through an IP address, Hyman said. The address was traced to a piece of code downloaded from GitHub. Investigators subpoenaed GitHub to get access to email addresses associated with the accounts that downloaded the code and used that information to locate an Apple account tied to the same emails.
In the Apple account, they found Xu's family photos and chats with his wife, alongside messages from February 2020 about the hacks, Hyman said. The security bureau is believed to have sent Xu information about a medical branch server and tasked him with getting into it.
FBI Director Kash Patel's Italy trip for Xu's extradition
Dan Cogdell, Xu's defense attorney, said he had expected Bennett to order Xu to be held in custody. The Chinese national has no known ties to the U.S. and had fought his extradition in Italian courts before he was handed over. Xu was arrested after he and his family flew to Milan last year, Cogdell said.
Cogdell noted that FBI Director Kash Patel had used Xu's extradition case as a reason to visit Italy in February. During the same trip, Patel attended the Winter Olympics and famously celebrated in the locker room of the gold medal-winning men's hockey team. A DOJ spokesman on Thursday said that while he was in Italy, Patel signed a memorandum of understanding with the Italian National Police which "contributed greatly to this week's extradition.."
Patel told Fox News on Tuesday that the Chinese government had tried to intervene in the extradition.
Defense attorney calls accusations 'ridiculous'
Cogdell questioned the government's narrative, saying it was implausible that a sophisticated hacker could so easily be traced back to his personal device and email.
"The idea that some guy in a sophisticated hacking exercise is going to use his own phone, his own email address? Give me a break," Cogdell said. "I got my grandson he knows how to spoof. I just think that's ridiculous."
FBI officials said at a Thursday press briefing that Xu played a key role in a broader “hacker-for-hire ecosystem” in the Chinese government, which employs private contractors and tech companies to hack and steal information while concealing the state’s involvement. Those private operatives target a wide range of vulnerable computers as they “hack more or less speculatively,” FBI Cyber Division Assistant Director Brett Leatherman said.
If the operation fails, the hackers will look to sell their data to any willing buyers.
“The protection you assume from operating inside China does not extend the moment you cross a border,” Leatherman said. “The FBI and the [Department of Justice] is patient, and the partnerships we have built with like-minded countries make that patience operational.”
Another senior Justice Department official said the hackers wanted to broaden their understanding of how the U.S. was responding to the pandemic, but the official stopped short of confirming any breaches beyond emails. The official said the Chinese government could have used the intellectual property to conduct similar research without the costs to do so in the United States, but the official noted the indictment has not made those specific allegations.
Xu will remain in custody until his trial.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.