Details Emerge of Boeing Hack

FBI: Chinese Nationals Stole Data on C-17 Transport
Details Emerge of Boeing Hack
Su Bin, accused of hacking Boeing IT systems to steal C-17 transport secrets.

Three Chinese nationals seeking to make "big bucks" broke into the computers of Boeing and other military contractors, stealing trade secrets on transport aircraft, a U.S. criminal complaint says.

See Also: The Alarming Data Security Vulnerabilities Within Many Enterprises

The criminal complaint, dated June 27 and made public last week, describes in some detail how the alleged conspirators patiently observed Boeing and its computer network for a year, and then breached the contractor's systems to steal intellectual property on the C-17 military transport. It also casts light on the free-enterprise nature of cyber-snooping, as the co-conspirators allegedly exchanged e-mails about profiting from their enterprise.

U.S. authorities accuse Su Bin, a Chinese businessman residing in Canada, of helping direct two other Chinese nationals in cyberattacks to obtain information about the C-17 and other military projects. The complaint says that Su, who was arrested last month in Canada, and two-unnamed co-conspirators, identified as UC1 and UC2, targeted information related to parts and performance of the C-17 transport and Lockheed Martin's F-22 and F-35 fighter jets. Su, who was arrested last month, is in jail in Canada, awaiting a bail hearing.

The initial attacks against Boeing occurred between Jan 14 and March 20, 2010, and for part of that time Su was in the United States, FBI Special Agent Noel Neeman says in the complaint. The documents do not describe how the information about the Lockheed Martin jet fighters were obtained.

Did Chinese Embellish Hack?

Neeman says an e-mail attachment sent by UC1 and eventually uncovered by American authorities claims the Chinese successfully exfiltrated 65 gigabytes of data over two years, including information on the C-17 transport from Boeing computers. Although evidence exists that information was stolen from Boeing computers, Neeman says he hasn't found any proof that the stolen information was classified. "The success and scope of the operation could have been exaggerated," Neeman says.

Still, the documents the FBI says it obtained provide a colorful and rather positive narrative from the Chinese perspective about the planning and attacks on the computer systems that began in 2009 with a reconnaissance of Boeing and the initial breach in early 2010.

The e-mail attachment describes the difficulty of breaching and the complexity of the Boeing system, with 18 domains and 10,000 machines and "huge quantities" of anti-invasion security equipment. "Through painstaking labor and slow groping, we finally discovered C-17 strategic transport aircraft-related materials stored in the secret network," the document says.

Later, the attached report states, "Experts have confirmed that the documents were truly C-17 related and the data scope involved the landing gear, flight control system and airdrop system, etc. Experts inside China have a high opinion of them, express that the C-17 data were the first ever seen in the country and confirming the documents' value and their unique nature in China."

Avoiding Detection

The alleged hackers, in the report, explain they had to plan meticulously and employ vigorous technical support to pilfer the data. "From breaking into its internal network to obtaining intelligence, we repeatedly skipped around in its internal network to make it harder to detect reconnaissance, and we also skipped around at suitable times in countries outside the U.S. In the process of skipping, we were supported by a prodigious quantity of tools, routes and servers, which also ensured the smooth landing of intelligence data."

To evade tracking by American law enforcement, the report says the hackers planned for numerous skip routes in many countries. "The routes went through at least three countries, and we ensured one of them did not have friendly relations with the U.S.," the document says. The hackers used so-called jump servers, special purpose computers on a network typically used to manage devices in separate security zones.

Another document the FBI has obtained describes communications between UC1 and UC2, which says they successfully acquired information about U.S. military technology by establishing hot points in the U.S., France, Japan and Hong Kong. According to the complaint, the report says those involved received 6.8 million Chinese yuan, or about $1 million, to build a team and infrastructure outside of China. The report did not say who funded the operation, but said part of the funding came from a loan of 4.6 million yuan, or $742,000.

Freelance E-Spies

The criminal complaint suggests the co-conspirators weren't employees of Chinese intelligence or the military, but freelancers who faced a bureaucracy to get paid. An e-mail dated April 5, 2010, that Su sent UC1 states, "It's not that easy to sell the information. If money is collected for the sample of (C-)17, it won't be easy to collect our big money that would follow. Also, it's a long process to apply for the expenses." Later, UC1 replied, "It's putting pressure on you, not selling for money. It's just a bargaining chip."

Neeman says he believes UC1 was explaining that the sample document being shown to potential buyers was not intended to be for sale, but rather to be a bargaining chip to advance the overall negotiations and sale. "This e-mail exchange shows that both Su and UC1 were seeking the 'big money' that would result from selling the information they had acquired," Neeman says in the complaint.

The FBI special agent says the conspirators likely sought to sell the pilfered information to various customers, including aircraft corporations operated by the Chinese military.

A major complaint often voiced by the U.S. government about Chinese hacking is that the Chinese steal intellectual property from Western businesses to save years and millions - if not billions - of dollars in developing competing wares. That point was acknowledged in documents cited in the criminal complaint. Noting that the development costs of the C-17 transport reached $3.4 million, one of the alleged conspirators wrote that they were "making important contributions to our national defense research development and receiving unanimous favorable comments" by obtaining the Boeing documents.

According to The New York Times, Boeing will cease production of the C-17 after two decades of building the planes. The paper reports that the Chinese government is developing its own cargo plane similar in some respects to the C-17.

U.S.-Chinese Tension Over Cyberattacks

Relations between the U.S. and China have soured over cyberattacks. Documents provided by former National Security Agency contractor Edward Snowden show that the agency hacked into servers of Huawei and exploited the Chinese telecommunications conglomerate's technology, so that when it sold equipment to other countries, the NSA could roam through the company's computer and telephone networks to conduct surveillance (see Rebuilding America's Online Reputation)

The U.S. has long griped that Chinese hacking is conducted for economic advantage, while its intrusions are done to gather national security information. That was a point driven home in May, when Atty. Gen. Eric Holder announced the indictments of five Chinese military officers at a press conference (see The Real Aim of U.S. Indictment of Chinese).

But the top brass in Washington have remained silent regarding the charges against Su; there was no formal announcement by government officials. The case only came to light when the government unsealed the criminal complaint filed with the U.S. Magistrate in Los Angeles. And, while the U.S. authorities intend to seek extradition of Su from Canada to stand trial, the charges against the five military officers is seen more as a political statement to highlight Chinese attacks against American companies to steal trade secrets.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.