Farnborough Air Show

Cyber Warfare Episode Plays Out in Court Case

 - July 8, 2016, 1:30 AM
China’s FC-31 jet fighter project, though a twin-engine design, is believed to be dependent on data on the U.S. F-35 that was derived by cyber-sleuthing.

On 28 June 2014, a Chinese businessman based in Canada was arrested on the charge of stealing information about a raft of U.S. military aircraft and weapon systems. This particular case of industrial espionage was described by the U.S. Justice Department as being “unusual for the tremendous amounts of data that is involved.” According to e-mails that were obtained by the U.S. Federal Bureau of Investigation (FBI), “tremendous amounts” came to more than 65 gigabytes over one specifically identified two-year period and involved “dozens of U.S. military projects.”

The businessman in question, Su Bin, finally agreed a plea deal with the U.S. government in March of this year in which he admitted using his company, Lode Technology, to steal data in U.S. military aircraft and weapons programs for years. Court documents also detail how he then collaborated with contacts inside of the People’s Republic of China (PRC) to sell this information to various Chinese military aircraft R&D and production centers.

The data is reported to have been stolen from different computer systems included detailed information on the Boeing C-17 Globemaster cargo lifter and two jet fighter programs for which Lockheed Martin is the prime contractor—the F-22A Raptor and F-35 Joint Strike Fighter (JSF).

Su had two accomplices working back in the PRC who were distributing and securing payments for the information that was being provided to various Chinese design centers. The two have never been identified in court documents, but numerous media reports and other government documents have identified them as officers of one the People’s Liberation Army (PLA) cyber attack units.

More than a year before the arrest of Su, a prominent U.S. cyber security firm, Mandiant, identified the existence of PLA Unit 61398, which belongs to the Second Bureau of the PLA General Staff’s Third Department. The unit, based in the Pudong district of Shanghai, is one of what Mandiant estimates total 20 or more PLA cyber-warfare special operations units with the mission of attacking both foreign government and industry computer networks.

Scapegoats and Loopholes

Among other visible results, the data provided by Su to the PRC’s aerospace industry has been credited with providing the insight for one of its major enterprises, the Xi’an Aircraft Industrial Corporation, to be able to develop a C-17-like cargo aircraft, designated the Y-20. In some of Su’s e-mails that were recovered by the FBI, he made reference to other U.S. military programs that he had been able to hack into. In one set of messages he wrote that test program plans for the F-35 and “blueprints” would “allow us [PRC] to catch up rapidly with U.S. levels [of aircraft design],” and that China would soon “stand easily on the giant’s [the U.S.’s] shoulders.”

In 2014 at the Air Show China expo in Guangdong Province, a new fighter aircraft, the Shenyang Aircraft Corporation (SAC) FC-31, flew for the first time at a public event. Similarities between this aircraft and the F-35, despite the Chinese aircraft being a twin-engine configuration, are now believed to be at least partially a consequence of the data that Su’s network was stealing through cyber hacking.

Prior to the emergence of the FC-31, SAC had shown little evidence of being able to develop its own design concepts. The company had largely been responsible for reverse-engineered copies of the Russian-made Sukhoi Su-27, Su-30MKK and Su-33 fighters. The available evidence is that the FC-31’s configuration was inspired by a large body of foreign design data that Su provided from his operational base in Canada.

The original investigation into what data was stolen, and from where, centered on the Boeing Company. However, one of Su’s e-mails stated clearly that the focus of his hacking activities is “mainly on those American enterprises which belong to the top 50 arms companies in the world.” There is also a long list of U.S. and European companies that were doing business with Su’s company, which provides cabling and wiring harness hardware to aircraft firms worldwide. The implication is they also may have compromised their computer systems and been unknowingly victimized by doing business with him.

Stolen design information did not all come from Boeing. An FBI agent responsible for writing the official court documents in this case stated that the data was located on a number of computer servers, including those on two U.S. Air Force bases.