Details Emerge of Boeing Hack

FBI: Chinese Nationals Stole Data on C-17 Transport

By , July 13, 2014.
Su Bin, accused of hacking Boeing IT systems to steal C-17 transport secrets.
Su Bin, accused of hacking Boeing IT systems to steal C-17 transport secrets.

Three Chinese nationals seeking to make "big bucks" broke into the computers of Boeing and other military contractors, stealing trade secrets on transport aircraft, a U.S. criminal complaint says.

See Also: Stop Mobile Payment Fraud, Not Customers

The criminal complaint, dated June 27 and made public last week, describes in some detail how the alleged conspirators patiently observed Boeing and its computer network for a year, and then breached the contractor's systems to steal intellectual property on the C-17 military transport. It also casts light on the free-enterprise nature of cyber-snooping, as the co-conspirators allegedly exchanged e-mails about profiting from their enterprise.

U.S. authorities accuse Su Bin, a Chinese businessman residing in Canada, of helping direct two other Chinese nationals in cyberattacks to obtain information about the C-17 and other military projects. The complaint says that Su, who was arrested last month in Canada, and two-unnamed co-conspirators, identified as UC1 and UC2, targeted information related to parts and performance of the C-17 transport and Lockheed Martin's F-22 and F-35 fighter jets. Su, who was arrested last month, is in jail in Canada, awaiting a bail hearing.

The initial attacks against Boeing occurred between Jan 14 and March 20, 2010, and for part of that time Su was in the United States, FBI Special Agent Noel Neeman says in the complaint. The documents do not describe how the information about the Lockheed Martin jet fighters were obtained.

Did Chinese Embellish Hack?

Neeman says an e-mail attachment sent by UC1 and eventually uncovered by American authorities claims the Chinese successfully exfiltrated 65 gigabytes of data over two years, including information on the C-17 transport from Boeing computers. Although evidence exists that information was stolen from Boeing computers, Neeman says he hasn't found any proof that the stolen information was classified. "The success and scope of the operation could have been exaggerated," Neeman says.

Still, the documents the FBI says it obtained provide a colorful and rather positive narrative from the Chinese perspective about the planning and attacks on the computer systems that began in 2009 with a reconnaissance of Boeing and the initial breach in early 2010.

The e-mail attachment describes the difficulty of breaching and the complexity of the Boeing system, with 18 domains and 10,000 machines and "huge quantities" of anti-invasion security equipment. "Through painstaking labor and slow groping, we finally discovered C-17 strategic transport aircraft-related materials stored in the secret network," the document says.

Later, the attached report states, "Experts have confirmed that the documents were truly C-17 related and the data scope involved the landing gear, flight control system and airdrop system, etc. Experts inside China have a high opinion of them, express that the C-17 data were the first ever seen in the country and confirming the documents' value and their unique nature in China."

Avoiding Detection

The alleged hackers, in the report, explain they had to plan meticulously and employ vigorous technical support to pilfer the data. "From breaking into its internal network to obtaining intelligence, we repeatedly skipped around in its internal network to make it harder to detect reconnaissance, and we also skipped around at suitable times in countries outside the U.S. In the process of skipping, we were supported by a prodigious quantity of tools, routes and servers, which also ensured the smooth landing of intelligence data."

To evade tracking by American law enforcement, the report says the hackers planned for numerous skip routes in many countries. "The routes went through at least three countries, and we ensured one of them did not have friendly relations with the U.S.," the document says. The hackers used so-called jump servers, special purpose computers on a network typically used to manage devices in separate security zones.

Another document the FBI has obtained describes communications between UC1 and UC2, which says they successfully acquired information about U.S. military technology by establishing hot points in the U.S., France, Japan and Hong Kong. According to the complaint, the report says those involved received 6.8 million Chinese yuan, or about $1 million, to build a team and infrastructure outside of China. The report did not say who funded the operation, but said part of the funding came from a loan of 4.6 million yuan, or $742,000.

Freelance E-Spies

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Cyber-Attacks: The Internal Threat

Not all threat intelligence is created equally, says Fortinet's John Maddison. And it's not just...

Latest Tweets and Mentions

ARTICLE Cyber-Attacks: The Internal Threat

Not all threat intelligence is created equally, says Fortinet's John Maddison. And it's not just...

The ISMG Network