Prosecuting Cross-Border Cyber Hacks Originating From Chinese Territory

03 Nov 2025 --
0 Comments

Legal Issues in Prosecuting Cross-Border Cyber Hacks Originating From Chinese Territory

The prosecution of cybercrimes originating from Chinese territory presents complex legal issues, especially for countries outside China that wish to investigate and prosecute offenders. These challenges are rooted in jurisdictional conflicts, international law, cybersecurity cooperation, and data sovereignty. To understand these legal issues, it is essential to analyze how laws on cross-border cybercrimes work in practice, as well as specific case law examples where these legal challenges have been confronted.

I. Key Legal Issues

Jurisdictional Challenges:

Cybercrimes are transnational by nature, often involving multiple countries. Determining which country has the authority to prosecute or take legal action against a cyberattack originating in China but affecting another country (e.g., the U.S. or EU) is a complex issue of jurisdiction.

Different countries have varying extraterritorial laws, meaning a country like the U.S. may seek to prosecute Chinese hackers for activities that primarily occurred within Chinese borders, creating a conflict of jurisdiction.

Sovereignty and International Cooperation:

China's sovereignty over its territory complicates the enforcement of foreign laws. The Chinese government may be unwilling to cooperate with investigations or extradite individuals who are accused of cybercrimes.

International agreements, such as the Budapest Convention on Cybercrime (which China has not signed), govern cross-border cooperation in prosecuting cybercrimes. However, China’s non-participation in such treaties leads to complications in extradition and evidence-sharing.

Extradition and Data Access:

Extradition requests are often problematic because of political issues or conflicting national laws. In some cases, even if a hacker is identified, extradition may be refused because the accused is a national of China, and extradition is not granted for certain offenses under Chinese law.

Data access is another major issue. Authorities in other countries may need to access data stored on servers located in China, but Chinese data protection laws restrict foreign access to data.

Attribution of Cybercrimes:

Accurately attributing a cyberattack to specific individuals or state actors is difficult, especially when the attackers use sophisticated methods to hide their identities. Even if the attack originates from Chinese territory, proving that it was the Chinese state or specific Chinese nationals behind the attack is legally challenging.

Evidence Gathering and Digital Forensics:

Forensic analysis of evidence may be complicated by the cross-border nature of the data. If the hackers use VPNs or proxy servers to obscure their location, proving the origin of the attack and gathering evidence in China’s jurisdiction can be a technical and legal hurdle.

II. Detailed Case Law Examples

1. United States v. Tian, et al. (2019) – The APT10 Hack (China)

Background:

The U.S. Justice Department indicted members of APT10, a cyber-espionage group affiliated with the Chinese government. The group conducted cyberattacks targeting private companies, government agencies, and universities, stealing intellectual property and sensitive information.

The hackers used techniques like spear-phishing to gain unauthorized access to computer systems across the U.S. and other countries, including the U.K. and Japan.

Legal Issues:

The main legal issue was jurisdiction, as the crimes were committed outside the U.S. but had significant impacts on U.S. interests.

The U.S. Department of Justice pursued charges despite the hackers being located in China, using cybercrime laws that allow prosecution based on the impact of the crime in the U.S..

Attribution was another issue. The U.S. identified APT10 as a Chinese state-sponsored group, but proving direct state involvement in the cyberattacks required sophisticated digital forensics.

Outcome:

The U.S. did not manage to extradite the suspects from China, but the indictment served as a formal accusation against Chinese government-backed hackers, showcasing the difficulty of prosecuting cross-border cybercrime originating in China.

This case illustrates the jurisdictional challenge and extraterritorial prosecution based on the effects doctrine under U.S. cybercrime laws.

2. The OPM Data Breach (2015, China)

Background:

In 2015, the U.S. Office of Personnel Management (OPM) suffered a massive data breach, resulting in the theft of sensitive personal data of more than 21 million federal employees. The hackers were attributed to Chinese state-sponsored actors.

The breach was primarily aimed at stealing personal and security clearance data, potentially for espionage purposes.

Legal Issues:

Attribution and Jurisdiction: The U.S. government accused China’s Ministry of State Security of orchestrating the cyberattack, but proving the direct involvement of Chinese nationals or officials was difficult.

Extradition and International Cooperation: Despite the U.S. accusations, China refused to cooperate, citing sovereignty concerns. The U.S. could not extradite the perpetrators.

The case highlighted the challenges in gathering evidence in China and the limitations of existing international legal frameworks for cybercrimes.

Outcome:

While the breach’s economic impact was significant, the U.S. did not prosecute individuals in China due to lack of cooperation and the jurisdictional complexity. The case underscores the issue of sovereignty in prosecuting state-backed cybercrimes.

3. The SolarWinds Cyberattack (2020 – Russia and China suspected)

Background:

In December 2020, the SolarWinds cyberattack compromised thousands of organizations, including U.S. government agencies, corporations, and critical infrastructure systems, through a supply chain vulnerability in SolarWinds software.

The attack is believed to have been conducted by Russian APT29 (Cozy Bear), but China was also suspected of exploiting the same vulnerability to carry out intelligence-gathering operations.

Legal Issues:

Multi-jurisdictional Cybercrime: While the attack originated from Russian territory, China's role in exploiting the same vulnerability raised complex legal issues regarding cross-border cyberattacks.

The jurisdictional issue of prosecuting Chinese hackers or state actors for attacks affecting U.S. businesses became central to ongoing international diplomatic discussions.

Outcome:

The U.S. government issued a series of sanctions and public statements condemning state-backed cyberattacks. However, prosecution was impossible due to political and jurisdictional complexities, and the perpetrators were not extradited from China or Russia.

This case highlights international disputes over cybersecurity laws, jurisdictional sovereignty, and the lack of a cohesive framework for prosecuting cross-border cybercrime.

4. United States v. Zhang (2018, China - Cyber Espionage)

Background:

China-based hacker, Zhang, was indicted in 2018 for cyber espionage, targeting U.S. companies and government entities. The hack aimed to steal trade secrets and sensitive intellectual property. Zhang used malware to infiltrate systems, causing financial damage and security risks.

The hacker was located in China, making extradition and prosecution difficult.

Legal Issues:

Sovereignty: China did not cooperate with the U.S. in extraditing Zhang, as China considers cyber espionage as a national priority and does not enforce foreign criminal judgments.

The U.S. pursued the case using extraterritorial laws that allow for prosecution if the harm is felt within U.S. jurisdiction.

This case underscores the jurisdictional conflict when dealing with crimes originating from a nation that does not acknowledge or participate in international legal standards for cybersecurity.

Outcome:

The charges remained unresolved, as Zhang could not be apprehended, showing the difficulty in prosecuting cybercriminals from countries that refuse to cooperate on cybercrime investigations.

5. The Great Cannon (2015, China)

Background:

The Great Cannon was a Chinese cyber-weapon used in DDoS (Distributed Denial of Service) attacks against Western websites, including Google, GitHub, and other targets. It was reportedly orchestrated by Chinese authorities or state-backed actors to suppress dissent and target organizations outside of China.

The Chinese government reportedly used this tool as part of a broader cyber warfare strategy.

Legal Issues:

Attribution: The difficulty in directly linking state-sponsored actions to specific individuals or groups.

Jurisdiction: Since the attack was orchestrated from Chinese territory, it presented issues regarding extraterritorial enforcement of laws and the lack of international cooperation.

Outcome:

Despite strong evidence of state involvement, no formal prosecution took place. China’s refusal to cooperate made it difficult to take action against perpetrators outside its borders.

This case emphasizes the challenges of enforcing international cybercrime laws when state actors are involved, particularly in cases where data sovereignty and national security concerns dominate.

Conclusion:

Prosecuting cross-border cybercrimes originating from Chinese territory involves navigating significant legal, political, and jurisdictional challenges. The cases discussed illustrate the difficulty in attributing cybercrimes, enforcing jurisdiction, and obtaining international cooperation. China's sovereignty, lack of participation in global cybersecurity treaties, and refusal to extradite nationals further complicate efforts. The international legal framework for prosecuting cybercrimes is still in development, and much work remains to be done to address these transnational cyber threats effectively.