TAIPEI — Two years after his arrest in Canada, Su Bin, a Chinese citizen you ran Lode-Technology, has pled guilty in a California federal court to carrying out a series of cyber espionage thefts of U.S. military secrets that included the C-17 Globemaster, and Lockheed F-35 and F-22 stealth fighters.
2014 US Govt Document on F-35 information stolen
Photo Credit: US Government Document
2014 US Govt Document
Photo Credit: US Government Document
In a March 23 press release issued by the U.S. Department of Justice, Central District of California, in a plea agreement, Su "admitted to conspiring with two persons in China from October 2008 to March 2014 to gain unauthorized access to protected computer networks in the United States, including computers belonging to the Boeing Company in Orange County, California, to obtain sensitive military information and to export that information illegally from the United States to China."
Boeing was hit hard by the cyber intrusion into one of the U.S. company's most protected files on the C-17 Globemaster program, according to a 50-page criminal complaint filed by the FBI in a June 27, 2014, affidavit that revealed the extent of a three-man group's alleged hacking activities. Data on "dozens of U.S. military projects," including the F-35 and F-22 stealth fighters, also was stolen in intrusions into other companies' networks.
Besides Su Bin (Stephen Su) there were two unidentified mainland Chinese cohorts. Lode-Technology is mainly engaged in the aircraft cable harness business, but U.S. and European company websites also indicate the company served as an agent and distributor of aviation tooling and UV-laser products in China.
Su was arrested June 28, 2014, in Canada and waved extradition to the U.S. in February 2016. Su pleaded guilty this week before U.S. District Judge Christina A. Snyder.
Details of other aircraft and U.S. companies are sketchy. Su is alleged to have obtained F-35 test plans and "blueprints" that would "allow us [China] to catch up rapidly with U.S. levels ... [and] stand easily on the giant's shoulders," according to Su's emails.
A former U.S. government counterintelligence analyst on China said the case is a "close parallel" to other cases involving Chinese businessmen "taking government information to ensure long-term success of [their] business." He also said that Canada and Hong Kong were still popular technical transfer shipment points for Chinese industrial and military espionage.
According to the complaint, one of Su's emails states that his team "secured the authority to control the website of the ... missile developed jointly by India and Russia and that they would 'await the opportunity to conduct internal penetration.'"
Su also allegedly focused on military technology in Taiwan and files held by various Chinese "democracy" groups and the "Tibetan Independence Movement." On Taiwan, the intelligence collected was focused on military maneuvers, military construction, warfare operation plans, strategic targets and espionage activities. According to one of the several emails, "we still have control on American companies like [identifying U.S. companies] and etc. and the focus is mainly on those American enterprises which belong to the top 50 arms companies in the world."
One attachment listed 32 U.S. military projects and another listed 80 engineers and program personnel working on a "military development project." Another listed the names and email addresses for four people at a "European company that develops military navigation, guidance and control systems."
Cyber intrusions into Boeing and other companies were sophisticated. According to one of Su's emails, they had control of an unidentified defense company's file transfer protocol server. Jump servers, also known as "hop points," were set up in France, Japan, Hong Kong, Singapore, South Korea and the United States According to emails, these were set up to avoid "diplomatic and legal" difficulties for China.
According to one email, "the collected intelligence will be sent first by an intelligence officer placed outside China or via a jump server which is placed in a third country before it finally gets to the surrounding regions/areas or a work station located in Hong Kong or Macao. The intelligence is always picked up and transferred to China in person."
The alleged perpetrators accessed Boeing computers "directly," according to the original 2014 complaint. One Su email announced the first penetration occurred in January 2010. Further, "we discovered that the Boeing Company's internal network structure is extremely complex." The email states that its border deployment has firewalls and intrusion prevention systems, the core network deployment has intrusion detection systems, "and the secret network has ... type isolation equipment as anti-invasion security equipment in huge quantities." Additionally, "we have discovered in its internal network 18 domains and about 10,000 machines."
Su allegedly wrote, "through painstaking labor and slow groping," they discovered C-17 data "stored in the secret network." Getting to the data was obviously not easy, as "the secret network is not open 24 hours and is normally physically isolated, it can be connected only when C-17 project related personnel have verified their secret code." C-17 data included drawings, revisions, group signatures, performance and flight test documents.
One Chinese company under suspicion is the Xian Aircraft Industrial Corp., which is building a C-17 look-alike dubbed the Y-20. In one e-mail mentioned in the complaint, Su allegedly expected "big money" for the C-17 data and complained that the unidentified Chinese company was "too stingy" for paying $5,000.
U.S. and European companies that identified themselves on their websites as having had business relations with Su or Lode-Technology include the following:
■ Acuitas (Switzerland)
■ Altec Card Copy Machines (Germany)
■ Artos Engineering Co. (U.S.)
■ Daniels Manufacturing Corp. (U.S.)
■ DIT-MCO International (U.S.)
■ Dynalab Test Systems (U.S.)
■ Lakes Precision (U.S.)
■ LASELAC (France)
■ LS-Laser Systems (Germany)
■ OES Technologies (Canada)
None of these companies would comment on the record and some removed references to Lode and Su from their websites. Some of the company websites indicated they had shared exhibition space with Lode at Chinese shows: China International Defence Electronics Exhibition, Beijing Aviation Expo, Electronica and Productronica China, and the DEX International Electronic, Laser, Harness Exhibition.
One oddity of the 2014 U.S. criminal complaint was the fact that Lode-Technology is only the English name of Su Bin's company. Nowhere in any of the complaints are references to its actual name in China, even when it is spelled in English, which is "Beijing Nuodian Technology Co. Ltd."
The criminal complaint mentions Lode's office in Canada and Beijing, but fails to mention its offices in Hong Kong; Nanchang, Jiangxi Province; Shanghai; Xian, Shanxi Province; and Chengdu, Sichuan Province. Nuodian in the Chinese language has an office in Guangzhou, Guangdong, but none of these sites was mentioned in the complaints though they are listed on a variety of U.S. and European business websites that worked with Su and Lode.
Despite expectations in 2014 that Su would face up to 30 years in prison, the U.S. Department of Justice press release indicated he faces a maximum of only four years and would be sentenced in July. Despite the reduced sentence, there was significant backslapping and self-congratulations in the press release amongst the prosecution, including U.S. Attorney Eileen M. Decker, Assistant Attorney General for National Security John P. Carlin, Assistant Director Jim Trainor of the FBI's Cyber Division, and Assistant Director in Charge David Bowdich of the FBI's Los Angeles Division.
"Protecting our national security is the highest priority of the U.S. Attorney's Office, and cybercrime represents one of the most serious threats to our national security," Decker said. "The innovative and tireless work of the prosecutors and investigators in this case is a testament to our collective commitment to protecting our nation's security from all threats. Today's guilty plea and conviction demonstrate that these criminals can be held accountable no matter where they are located in the world and that we are deeply committed to protecting our sensitive data in order to keep our nation safe."
"Su Bin admitted to playing an important role in a conspiracy, originating in China, to illegally access sensitive military data, including data relating to military aircraft that are indispensable in keeping our military personnel safe," Carlin said. "This plea sends a strong message that stealing from the United States and our companies has a significant cost; we can and will find these criminals and bring them to justice. The National Security Division remains sharply focused on disrupting cyber threats to the national security, and we will continue to be relentless in our pursuit of those who seek to undermine our security."
"Cyber security is a top priority not only for the FBI but the entire U.S. government," Trainor said. "Our greatest strength is when we harness our capabilities to work together, and today's guilty plea demonstrates this. Our adversaries' capabilities are constantly evolving, and we will remain vigilant in combating the cyber threat."
"This investigation demonstrates the FBI's resolve in holding foreign cyber actors accountable regardless of where they reside," Bowdich said. "Cybercrime investigators in Los Angeles are among the finest and their efforts toward preserving America's national security in this case should be commended."
The two "cohorts" have yet to be identified, but various government reports and media outlets indicate the two are members of the People's Liberation Army.