Chinese Executive charged of Hacking on Boeing and other defense contractors to steal military data and advanced technologic projects.

According to a US criminal complaint, computers of Boeing and other military contractors have been hacked to steal intellectual property and trade secrets on transport aircraft. The initial attacks against Boeing probably occurred between Jan 14th and March 20th, 2010. The complaint is dated June 27th and was recently disclosed, it describes how the attackers have spied on Boeing computer networks for a year, and then have compromised systems of principal contractors to steal intellectual property. According the information disclosed, the hackers were mainly interested in the C-17 military transport.

c1
For the majority of people cyber espionage operated by Chinese hackers could appear an actual problem, in reality, in this period, many security firms are uncovering cyber operations that are going undetected for a long time. Recently we discussed about the hack of US Government network and of cyber espionage campaigns that seems to be linked to Chinese hackers like the Pitty Tiger APT. Chinese hackers are a persistent collector and this last case is interesting the Boeing company. The US law enforcement agencies are accusing Su Bin, a Chinese businessman residing in Canada, of supporting two countrymen in the organization of cyberattacks on Boeign systems to collect information about the C-17 and other military program. The criminal complaint reveals that Su Bin with two-unnamed co-conspirators, identified as UC1 and UC2, were collecting technical information related to components and performance of the C-17 transport and Lockheed Martin’s F-22 and F-35 fighter jets. During the period related the first attacks against Boeing, Su Bin was operating in the United States, as confirmed by FBI Special Agent Noel Neeman in the complaint. Su Bin was arrested last month in Canada, where he is awaiting a bail hearing. Neeman revealed that an email attachment sent by UC1 claims the Chinese exfiltrated 65 gigabytes of data over a couple of years, including information on the C-17 transport from Boeing systems. The FBI agent collected evidence of data theft from Boeing systems, but there is no proof that the data that the stolen information was classified. The email provides also information related to the huge effort spent by hackers to compromise the Boeing system, the document details the architecture of the internal network of Boeing, which includes 18 domains, 10,000 PC and a “huge quantities” of defense appliances.

“Through painstaking labor and slow groping, we finally discovered C-17 strategic transport aircraft-related materials stored in the secret network,” the document says.

The hackers described the difficulties to breach the system avoid detection system deployed by Boeing.

“From breaking into its internal network to obtaining intelligence, we repeatedly skipped around in its internal network to make it harder to detect reconnaissance, and we also skipped around at suitable times in countries outside the U.S. In the process of skipping, we were supported by a prodigious quantity of tools, routes and servers, which also ensured the smooth landing of intelligence data.” states the report.

The complaint doesn’t provide any description on how hackers have stolen information about the Lockheed Martin jet fighters.

“The success and scope of the operation could have been exaggerated,” Neeman says.

The report says that the Chinese hackers have adopted any precaution to avoid being tracked by US law enforcement

“The routes went through at least three countries, and we ensured one of them did not have friendly relations with the U.S.,” states the document.

The investigators believe that have dismantled an organization which was building a spying cell and a hacking infrastructure outside of China, in another document the FBI describe the communications between UC1 and UC2, which states that the Chinese hackers successfully acquired information about US military project by establishing hot points in the U.S., France, Japan and Hong Kong. This last document, according to the complaint, reveals that the subjects have received about $1 million to build a team and infrastructure outside of China, the investigators are working to understand who has funded the entire operation.

Stay tuned for more information.

Pierluigi Paganini

(Editor-In-Chief, CDM)

rsa-logo