Chinese man accused of nicking data on C-17 U.S. military cargo plane
Cyber espionage; Network intrusion
Su Bin, owner of a Chinese aviation company, is charged with successfully hacking a Boeing system to get information on the transport, which has delivered cargo in every worldwide operation since the 1990s.
He also allegedly plotted with two unnamed Chinese individuals to burglarize the networks of other U.S. defense contractors. They wanted data on other aircraft, including Lockheed Martin Corp.’s F-22 and F-35 fighter jets. Charges against Su were unsealed July 10 in federal court in Los Angeles.
The accomplices claimed to have stolen 65 gigabytes of data from Boeing about the C-17. The information was taken in 2010. There’s no evidence it includes classified information.
FBI agent Noel A. Neeman “describes a general strategy that will be familiar to anyone whose email or social media accounts have been compromised: Hackers send an email with a link to a malicious piece of code. Clicking on that link gives hackers access to computer systems,” the New York Times reports.
Court documents suggest the trio excised a comparatively small amount of material on Lockheed Martin’s F-22 and F-35 jets. It’s unclear how that breach went down.
Su was arrested in British Columbia, where he has an office, on June 28.
Boeing is cooperating with the Air Force and other federal authorities to get to the bottom of the case.
“We appreciate that the government brought its concerns about a potential compromise of our protected computer systems to our attention,” Boeing officials said in a statement.
The two unidentified men are “affiliated with multiple organizations and entities in the PRC,” according to U.S. prosecutors. Su had been working with them since the summer of 2009.
The C-17 Globemaster, which can refuel in flight, carries loads as bulky as the M-1 Abrams, the U.S. Army’s main battle tank.
Su and one of his accomplices were looking to sell the C-17 information and other technology they stole for “big money” to Chinese aircraft corporations, according to emails between the two.
Su said in an email: “It’s not that easy to sell the information. If money is collected for the sample of 17, it won’t be easy to collect your big money that would follow.”
In another e-mail, Su said, “They are too stingy!” without identifying who he was referring to.
Defense Industrial Base
July 12, 2014
Link to report
location of breach
location of perpetrators
date breach occurred
date breach detected