Su Bin
A Chinese man has been indicted for allegedly directing two China-based hackers to infiltrate Boeing and other defense contractors to steal gigabytes of documents describing US military aircraft.
Su Bin, a Chinese national in his late 40s, was indicted in the US District Court for the Central District of California on charges of unauthorized computer access, conspiracy, conspiracy to commit theft of trade secrets and aiding and abetting. He was arrested in Canada in June.
Su allegedly worked with two unnamed and unindicted co-conspirators between 2009 and 2013 to obtain documents related to planes such as the C-17, a cargo aircraft, and the F-22 and F-35 fighter jets, according to the indictment.
Su, who ran a China-based aviation company called Lode Technology, is accused of trying to sell the information to state-owned companies in China and other entities.
Curiously, Su and the co-conspirators in part used free email accounts such as Gmail to communicate, which likely gave law enforcement a broad view into their alleged actions. U.S. prosecutors can obtain such communications with a court order.
Excerpts of the emails were included in an affidavit from FBI Special Agent Noel A. Neeman, which is contained in Su's court file.
An August 2012 email from one of the China-based hackers to the other one describes a painstaking, year-long 2.7 million yuan ($439,000) effort that successfully stole 85 GB of information about the C-17, including electronic cable wiring documents and detailed schematics.
Boeing's network is "extremely complex," the hacker wrote, adding the company has layers of security equipment including firewalls and intrusion detection and prevention systems.
The emails also provided insight into general methods the hackers used. To avoid diplomatic and legal problems, stolen documents were sent to servers in other countries, such as South Korea and Singapore, before being moved to Hong Kong or Macao, according to another email sent from co-conspirator #1 to co-conspirator #2.
From those locales, "the intelligence is always picked up and transferred to China in person," the email said.
Neeman's affidavit said that while the "success and scope" of the operation could have been exaggerated, there was evidence that it was successful "to some degree." His affidavit does not speculate if the co-conspirators are Chinese government employees.
The U.S. and China have traded sharp accusations over hacking in recent months, with each accusing the other of government-sanctioned intrusions.
In May, the U.S. Department of Justice filed a criminal indictment against five members of Chinese Army signal intelligence Unit 61398 with stealing nuclear, solar power and steel trade secrets from six U.S. organizations over eight years. China vehemently denied the accusations.
Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.