Richmond Chinese man helped steal U.S. military secrets for state-owned companies in China, claims FBI

 

 

BY KEITH FRASER, THE PROVINCE JULY 11, 2014

 

 

 

The FBI claims Su Bin is was part of a hacking ring that was attempting to steal U.S. military secrets for state-owned companies in China.

A Chinese man arrested in Richmond and who is being sought for extradition to the U.S. for cyber-spying was part of aconspiracy that stole large quantities of data related to dozens of U.S. military projects, including U.S. fighter jets, the FBI alleges.

Su Bin, a 39-year-old Chinese citizen attempting to obtain permanent resident status in Canada, began working in 2009 with two unidentified and uncharged co-conspirators in China to steal data about the U.S. aircraft, according to an affidavit filed in Los Angeles.

The affidavit, a copy of which was obtained by The Province, was filed by a special agent of the FBI and says that the three suspects conspired with each other and others to gain unauthorized access to computers maintained by defence contractors, including Boeing.

It says Bin, the owner and manager of Lode-Tech, a Chinese-based company focused on aviation technology with an office in Canada, was in contact with military and commercial entities involved in aerospace technology in China.

Starting in August 2009, one of the co-conspirators, identified only as UCI, began working with Bin, emailing him file directories listing data on the computer systems of U.S. and foreign companies to which he could gain access, says the 49-page affidavit.

Bin would then advise UCI and the second alleged conspirator, only identified as UC2, what technology to target from the companies, it says.

“In some instances (Bin) would also seek to sell stolen data obtained by UCI to entities in (China), including state-owned companies, for their personal profit.”

As part of their conspiracy, the three suspects gained unauthorized access to computers maintained in Orange County, California, for information about the C-17 Strategic Transport Aircraft, an advanced transport aircraft.

A report from the suspects detailing what they claimed was a successful theft of C-17 data noted that the aircraft was the third-most expensive military aircraft in U.S. history, costing $3.4 billion US in research and development.

It also notes that the first time the conspirators broke through the internal network of the Boeing company was in January 2010.

“Experts have confirmed that the documents were truly C-17 related and the data scope involved the landing gear, flight control system and airdrop system,” said the report, translated from Chinese to English by the FBI.

“Experts inside China have a high opinion about them, expressing that the C-17 data were the first ever seen in the country and confirming the documents’ value and their unique nature in China.”

The FBI affidavit, however, said that while the report discussed the successful theft of information, many of the details of the report have not been corroborated.

“The success and scope of the operation could have been exaggerated.”

The affidavit also describes the alleged theft of information on the U.S. fighter jet F-22 ‘Raptor’ — described as a “supersonic, super-manoeuverable, stealthed air superiority fighter” and the “world’s premier 5th-generation fighter.

Also allegedly stolen was information about the F-35 fighter jet, described as the world’s most advanced multi-role fighter, combining “radar-evading stealth, supersonic speed and extreme agility.”

The affidavit says that based on border-crossing records, Bin had continued to spend a considerable amount of time in China and had also travelled a number of times to the U.S.

According to the FBI, the alleged intrusions into the computers of U.S. companies often had certain characteristics.

Those traits included the hackers sending “phishing” email to an employee at their target company, that was designed to appear as if it came from a colleague or a legitimate business contact.

The phishing email prompts the “victim employee” to click on a link or open an attachment, which causes the victim’s computer to initiate an “outbound connection” with a domain under the control of the hackers, according to the affidavit.

By controlling the domain embedded in the link or attachment, the hackers can manipulate the IP address of the victim computer, allowing the hackers to install malicious software, giving access to the computer remotely and allowing exploration of the now-compromised computer, says the affidavit.

Bin was arrested on a provisional warrant on June 28. He was remanded in custody and has a bail hearing scheduled July 18. No date has yet been set for an extradition hearing.