A Chinese man is now under indictment for directing two China-based hackers to infiltrate Boeing and other defense contractors to steal gigabytes of documents describing U.S. military aircraft.
Su Bin, a Chinese national in his late 40s, ended up indicted in U.S. District Court for the Central District of California on charges of unauthorized computer access, conspiracy, conspiracy to commit theft of trade secrets and aiding and abetting. Law enforcement officials arrested him in Canada in June.
Su allegedly worked with two unnamed and unindicted co-conspirators between 2009 and 2013 to obtain documents related to planes such as the C-17, a cargo aircraft, and the F-22 and F-35 fighter jets, according to the indictment.
Su, who ran a China-based aviation company called Lode Technology, tried to sell the information to state-owned companies in China and other entities, according to the indictment.
Su and the co-conspirators in part used free email accounts such as Gmail to communicate, which likely gave law enforcement a broad view into any kind of action that was going on. U.S. prosecutors can obtain such communications with a court order.
Excerpts of the emails were in an affidavit from FBI Special Agent Noel A. Neeman, which part of Su’s court file.
In an August 13, 2012 email the two co-conspirators claimed to have exfiltrated 630,000 digital files related to the C-17 from Boeing, totaling 65 gigabytes of data.
Boeing’s network is “extremely complex,” the hacker wrote, adding the company has layers of security equipment including firewalls and intrusion detection and prevention systems.
The emails also provided insight into general methods the hackers used. To avoid diplomatic and legal problems, stolen documents ended up sent to servers in other countries, such as South Korea and Singapore, before moving over to moved to Hong Kong or Macao,, according to another email sent from co-conspirator #1 to co-conspirator #2.
From those locations, “the intelligence is always picked up and transferred to China in person,” the email said.
Neeman’s affidavit said the suspected could have exaggerated the “success and scope” of the operation, there was evidence that it was successful “to some degree.” His affidavit does not speculate if the co-conspirators are Chinese government employees.