Arrested: This photo of Su Bin, a citizen of China and permanent resident of Canada, was taken at a US border crossing during a trip he made in 2011. (US criminal court complaint June 27, 2014)
TAIPEI — Boeing was hit hard by a Chinese cyber intrusion into one of the US company’s most protected files on the C-17 Globemaster program, according to a 50-page criminal complaint filed by the FBI in a June 27 affidavit that revealed the extent of a three-man group’s alleged hacking activities. Data on “dozens of US military projects,” including the F-35 and F-22 stealth fighters, also was stolen in intrusions into other companies’ networks.
The alleged perpetrators are Chinese citizens Su Bin (Stephen Su), owner of Lode-Technology, and two unidentified cohorts. Lode-Technology is mainly engaged in the aircraft cable harness business, but US and European company websites also indicate the company serves as an agent and distributor of aviation tooling and UV-laser products in China.
Su was arrested June 28 in Canada and is facing extradition to the US. News of the arrest did not become public until July 10 when the charges were unsealed in California.
Both Boeing and Lockheed Martin, maker of the F-35 and F-22, declined to comment.
Details of other aircraft and US companies are sketchy. Su is alleged to have obtained F-35 test plans and “blueprints” that would “allow us [China] to catch up rapidly with US levels ... [and] stand easily on the giant’s shoulders,” according to Su’s emails.
A former US government counterintelligence analyst on China said the case is a “close parallel” to other cases involving Chinese businessmen “taking government information to ensure long-term success of [their] business.” He also said that Canada and Hong Kong were still popular technical transfer shipment points for Chinese industrial and military espionage.
According to the complaint, one of Su’s emails states that his team “secured the authority to control the website of the ... missile developed jointly by India and Russia and that they would ‘await the opportunity to conduct internal penetration.’ ”
Su also allegedly focused on military technology in Taiwan and files held by various Chinese “democracy” groups and the “Tibetan Independence Movement.” On Taiwan, the intelligence collected was focused on military maneuvers, military construction, warfare operation plans, strategic targets and espionage activities. According to one of the several emails, “we still have control on American companies like [identifying US companies] and etc. and the focus is mainly on those American enterprises which belong to the top 50 arms companies in the world.”
One attachment listed 32 US military projects and another listed 80 engineers and program personnel working on a “military development project.” Another lists the names and email addresses for four people at a “European company that develops military navigation, guidance and control systems.”
Cyber intrusions into Boeing and other companies were sophisticated. According to one of Su’s emails, they had control of an unidentified defense company’s file transfer protocol server. Jump servers, also known as “hop points,” were set up in France, Japan, Hong Kong, Singapore, South Korea and the US. According to emails, these were set up to avoid “diplomatic and legal” difficulties for China.
According to one email, “the collected intelligence will be sent first by an intelligence officer placed outside China or via a jump server which is placed in a third country before it finally gets to the surrounding regions/areas or a work station located in Hong Kong or Macao. The intelligence is always picked up and transferred to China in person.”
The alleged perpetrators accessed Boeing computers “directly,” according to the complaint. One Su email announced the first penetration occurred in January 2010. Further, “we discovered that the Boeing Company’s internal network structure is extremely complex.” The email states that its border deployment has firewalls and intrusion prevention systems, the core network deployment has intrusion detection systems, “and the secret network has ... type isolation equipment as anti-invasion security equipment in huge quantities.” Additionally, “we have discovered in its internal network 18 domains and about 10,000 machines.”
Su allegedly wrote “through painstaking labor and slow groping,” they discovered C-17 data “stored in the secret network.” Getting to the data was obviously not easy, as “the secret network is not open 24 hours and is normally physically isolated, it can be connected only when C-17 project related personnel have verified their secret code.” C-17 data included drawings, revisions, group signatures, performance and flight test documents.
One Chinese company under suspicion is the Xian Aircraft Industrial Corp., which is building a C-17 look-alike dubbed the Y-20. In one e-mail mentioned in the complaint, Su allegedly expected “big money” for the C-17 data and complained that the unidentified Chinese company was “too stingy” for paying $5,000.
FBI agents are only now beginning interviews with US companies that worked with him, according to some of those companies.
US and European companies that identified themselves on their websites as having business relations with Su or Lode-Technology include the following:
■ Acuitas (Switzerland)
■ Altec Card Copy Machines (Germany)
■ Artos Engineering Co. (US)
■ Daniels Manufacturing Corp. (US)
■ DIT-MCO International (US)
■ Dynalab Test Systems (US)
■ Lakes Precision (US)
■ LASELAC (France)
■ LS-Laser Systems (Germany)
■ OES Technologies (Canada)
None of these companies would comment on the record and some have begun removing references to Lode and Su from their websites. Some of the company websites indicated they had shared exhibition space with Lode at Chinese shows: China International Defence Electronics Exhibition, Beijing Aviation Expo, Electronica and Productronica China, and DEX International Electronic, Laser, Harness Exhibition.
One oddity of the US criminal complaint is the fact that Lode-Technology is only the English name of Su Bin’s company. Nowhere in the complaint is a reference to its actual name in China, even when it is spelled in English, which is “Beijing Nuodian Technology Co. Ltd.”
The criminal complaint mentions Lode’s office in Canada and Beijing, but fails to mention its offices in Hong Kong; Nanchang, Jiangxi Province; Shanghai; Xian, Shanxi Province; and Chengdu, Sichuan Province. Nuodian in the Chinese language has an office in Guangzhou, Guangdong, but none of these sites is mentioned in the complaint though they are listed on a variety of US and European business websites that worked with Su and Lode.
When contacted by phone, FBI press officer Laura Eimiller refused to take any questions. ■