US arrests Chinese aerospace exec in hacking conspiracy

DOJ says hackers were looking for information on the F-22 fighter, among others.

In the latest of a string of Chinese hacking revelations, the Justice Department has charged and arrested a Chinese aviation technology executive with hacking U.S. defense companies.

DOJ alleges in a criminal complaint that Su Bin, a Chinese national living in Canada and owner of Chinese aviation company Lode-Tech, conspired with two unnamed hackers in China to target and steal information regarding U.S. military projects from Boeing and other contractors. The criminal complaint, which was unsealed last week, says that the group attempted to sell the information to state-owned Chinese companies beginning in 2009 and continuing through 2013.

Su was arrested June 28 in Canada, and faces extradition proceedings to the United States, according to the Wall Street Journal, which first reported the arrest.

FBI agents found evidence that the two hackers gave Su lists of files that could be readily stolen, having obtained access to the different networks. Su would then reply with which files would be the most useful to Chinese aerospace firms.

While recent reports have alleged a link between the Chinese military and industrial espionage, Su appears to have been motivated by personal gain. Email discussions between Su and his conspirators point to possible “big money” from the sale of the information, according to the complaint. Other emails discussed the negotiation of information to other Chinese aircraft corporations.

“The value is decent,” Su wrote to one of the hackers regarding one of the stolen documents. “In China this information is what the [unidentified Chinese aircraft corporation] need. They are too stingy!”

The complaint highlights that the hackers sought information regarding military aircraft such as the F-22, F-35 and C-17, working “in the clandestine acquisition of military technology.” The FBI investigation into the matter found emails detailing activities and methodologies of an unnamed Chinese entity, as well as possible records of data amounts collected on 32 US military projects. 

Both the F-22 and the F-35 are advanced fifth-generation fighters, making them attractive targets for traditional espionage. DOJ said it believes Su and the hackers were able to obtain technical schematics for F-22 parts and a flight test protocol document for the F-35 that was not distributed publically.

The investigation against Su also turned up independent evidence that the hackers were able to obtain information about the C-17 in 2010.  Among their emails communications, the hackers sent Su a 1,467-page directory of 50,000 files related to the production, performance or testing of the C-17, according to the complaint. Su then highlighted relevant documents for the hackers to steal.

Design data stolen on the F-35 in 2007 has purportedly been incorporated into China’s new J-20 stealth fighter, the Washington Times reported. Photos of the demonstrator craft showed the J-20 with improved exhaust nozzles, tail and vertical fin modifications, and a new electronic targeting system that is similar to that of the F-35.

Meanwhile, Chinese aerospace companies have struggled with the development of both jet and turbofan engines that can match their Western counterparts.

The Chinese Air Force launched its first large military transport aircraft, the Y-20, earlier this year. The Y-20 is said to be technologically inferior to other military transport planes due to its dependence on an older Russian-designed engine, according to military experts, but Chinese engineers are working to develop a high bypass ratio turbofan engine comparable to those on Boeing 737s. Improved military transport aircraft would increase the Chinese military’s power projection capabilities, allowing them to conduct operations farther out from China.

Cyberattacks continue to be a critical problem for both private industry and the government, and commercial and military intellectual property theft continues to plague U.S. businesses.

Chinese hackers were able to gain access to the Office of Personnel Management back in March, as reported by the New York Times. Meanwhile, DOJ in May indicted members of the Chinese military for spying on private companies, marking the first time the United States filed formal charges of cyber espionage against a state actor.