Chinese hacker admitted hacking US Defense contractors

A Chinese national pleaded guilty yesterday, March 23, on charges with hacking trade secrets from US defense contractors.

A Chinese national pleaded guilty yesterday, March 23, on charges with hacking trade secrets from US defense contractors. The man, Su Bin (also known as Stephen Su and Stephen Subin), 50, had been charged in a 2014 indictment with hacking into the computer networks of US defense contractors, including the Boing. The hackers aimed to steal blueprints and intellectual property for the F-22 and F-35 fighter jets and C-17 transport aircraft. In January 2015, Edward Snowden revealed China stole designs for the US-built F-35 Fighter jet hacking computer systems at US Defense contractors, and provides details also a counter-intelligence operation run by the NSA.

According to Snowden, the US Intelligence was aware that Chinese cyber spies have stolen “many terabytes of data” about the design of Australia’s Lockheed Martin F-35 Lightning II JSF. The details of the operation are described in a set of top secret documents published by the Der Spiegel magazine.

Chinese hackers have allegedly stolen as much as 50 terabytes of data from the US Defense contractors, including the details of the fighter’s radar systems, engine schematics, “aft deck heating contour maps,” designs to cool exhaust gasses and the method the jet uses to track targets.

The purpose of the Chinese Government is to acquire intellectual property on advanced technologies, benefiting Chinese companies on the market and narrowed the gap in the research of advanced technological solution. Military experts speculated that the stolen blueprints  could help the country to develop a new generation of advanced aircraft fighter, so-called “fifth-generation” fighters.

In 2014, according to a US criminal complaint, computers of Boeing and other military contractors have been hacked to steal intellectual property and trade secrets on transport aircraft. The initial attacks against Boeing likely occurred between Jan 14th and March 20th, 2010. The complaint is dated June 27th and was disclosed on July 2015, it describes how the attackers have spied on Boeing computer networks for a year, and then have compromised systems of the principal US Defense contractors to steal intellectual property. According to the information disclosed, the hackers were mainly interested in the C-17 military transport.

The US law enforcement agencies accused Su Bin, a Chinese businessman residing in Canada, of supporting two countrymen in the organization of cyber attacks on Boeing systems to collect information about the C-17 and other military programs.

The criminal complaint revealed that Su Bin with two unnamed co-conspirators, identified as UC1 and UC2, were collecting technical information related to components and performance of the C-17 transport and Lockheed Martin’s F-22 and F-35 fighter jets. During the period related the first attacks against Boeing, Su Bin was operating in the United States, as confirmed by FBI Special Agent Noel Neeman in the complaint.

Su Bin was arrested on June 2014 month in Canada, Neeman revealed that an email attachment sent by UC1 claims the Chinese hackers exfiltrated 65 gigabytes of data over a couple of years, including information on the C-17 transport from Boeing systems. The FBI agent collected evidence of data theft from Boeing systems, but there is no proof that the data that the stolen information was classified. The email provides also information related to the huge effort spent by hackers to compromise the Boeing system, the document details the architecture of the internal network of Boeing, which includes 18 domains, 10,000 PC and a “huge quantities” of defense appliances.

“Through painstaking labor and slow groping, we finally discovered C-17 strategic transport aircraft-related materials stored in the secret network,” the document says.

He was sent to the United States in February 2016.

The hackers described the difficulties to breach the system avoid detection system deployed by Boeing.

“From breaking into its internal network to obtaining intelligence, we repeatedly skipped around in its internal network to make it harder to detect reconnaissance, and we also skipped around at suitable times in countries outside the U.S. In the process of skipping, we were supported by a prodigious quantity of tools, routes and servers, which also ensured the smooth landing of intelligence data.” states the report.

The complaint did not provide any description on how hackers have stolen information about the Lockheed Martin jet fighters.

Another document issued by the FBI described the communications between UC1 and UC2, which states that the Chinese hackers successfully acquired information about US military project by establishing hot points in the U.S., France, Japan and Hong Kong. This last document, according to the complaint, reveals that the subjects have received about $1 million to build a team and infrastructure outside of China, the investigators are working to understand who has funded the entire operation.

Now in a plea agreement filed in a California federal court, Su admitted to conspiring with two unnamed persons in China from October 2008 to March 2014 to hack network of US contractors and steal “sensitive military information and to export that information illegally from the United States to China.”

The Court documents did not provide details on who operated the cyber espionage campaign, but security and intelligence experts believe that Su was working for the Chinese Government.

“Su Bin admitted to playing an important role in a conspiracy, originating in China, to illegally access sensitive military data, including data relating to military aircraft that are indispensable in keeping our military personnel safe,” said Assistant Attorney General John Carlin.

“This plea sends a strong message that stealing from the United States and our companies has a significant cost; we can and will find these criminals and bring them to justice.”

Sentencing was set for July 13, when Su faces a maximum penalty of five years in prison and a monetary fine of $250,000 or twice the gross gain from the offense.

The US government will issue a final ruling on the case on July 13. The Chinese man faces a maximum penalty of five years in prison and a monetary fine of $250,000 or twice the gross gain from the offense.

[adrotate banner=”9″]

Pierluigi Paganini

Security Affairs –  (Chinese hackers, Defense contractors)