A Chinese businessman pleaded guilty this week to conspiracy to hack computer networks of U.S. defense contractors and obtain sensitive data on military aircraft that was passed on to China.
Su Bin, also known as Stephen Su and Stephen Subin, reached a plea deal in U.S. District Court in Los Angeles on Tuesday, following a 2014 criminal complaint and later indictment for illegal computer hacking and theft and transfer of export-controlled data.
The plea deal includes an admission by Su of conspiring with two people in China from October 2008 to March 2014 who broke into U.S. computer networks at Boeing and other defense companies.
The hackers stole large amounts of military information that was supplied to China, according to court documents and a statement by the U.S. Attorney for the Central District of California.
The case is the first successful prosecution of a Chinese hacker for stealing defense secrets. It follows the indictment of five People’s Liberation Army hackers in Pennsylvania in May 2014. The five officers remain in China.
Su was described in court documents as a wealthy Chinese businessman who owned a Beijing aviation technology company called Lode Tech. He was a permanent resident of Canada and owned homes in that country and China.
According to court papers, Su worked with two Chinese hackers who “engaged in clandestine computer and network reconnaissance and intrusion operations.” The two Chinese agents were not identified but were linked to “multiple organizations” in China, according to the court papers.
Michelle Van Cleave, former national counterintelligence executive within the office of the director of national intelligence, said the Su prosecution was a success but represents "a drop in a bucket that keeps getting bigger every year.”
“The Chinese have a sophisticated network of tens of thousands human spies and computer hackers targeting American military and technological secrets,” she said. "What they can’t acquire legally through trade, or creatively through mergers and acquisitions, they are prepared to steal. And it’s getting harder all the time to stop them.”
The two Chinese were listed as unindicted co-conspirators by prosecutors but were not identified by name or agency.
The two Chinese agents emailed Su with stolen defense contractor file directories listing data from U.S. and foreign company networks that China had hacked. Su then advised the two Chinese agents on which specific technologies to target from the companies. The three obtained details on “dozens” of military projects, according to an FBI criminal complaint.
Su also sought to sell the stolen U.S. technology obtained by the China-based hackers to state-owned companies in China.
The operation first gained access to some 630,000 Boeing computer files on the C-17 military transport aircraft technology in early 2009. The C-17 is the U.S. military’s main cargo aircraft. The data included details on the aircraft’s onboard computer.
Other stolen files included data on the F-22 and F-35 aircraft, the military’s most advanced radar-evading stealth fighter jets.
The F-22 data included details of an unspecified “training component” on the stealth jet used to launch missiles.
Other stolen data stolen by the Chinese spies included an unspecified “advanced United States military project” that the three men were attempting to steal blueprints and testing data.
Regarding the F-35, the frontline U.S. jet fighter being developed in both Air Force, Navy, and Marine Corps variants, the Chinese obtained the “Flight Test Plan” for the jet written by a U.S. defense engineer.
According to an FBI agent writing in the criminal complaint, Noel A. Freeman, a report by the spies stated that the stolen data would “allow us to rapidly catch up with U.S. levels” and will allow China to “stand easily on the giant’s shoulders.”
The court case provides additional clues to Chinese cyber theft of U.S. aircraft data disclosed last year in National Security Agency documents made public by former NSA contractor Edward Snowden.
An NSA document states that China obtained more than 50 terabytes—a huge amount of data—from U.S. defense and government networks, including the F-35 radar and engine secrets. The data included numbers and types of F-35 radar modules, and detailed engine schematics for the Lockheed Martin aircraft.
Chinese cyber spies also obtained export-restricted data through defense industrial espionage on the B-2 bomber, F-22, F-35, Space-based Laser, and other weapons.
According to court papers in the Su case, the Chinese cyber espionage operation to obtain U.S. military technology used “hop points” for the cyber attacks in the United States, France, Japan and Hong Kong, and was funded with the Chinese equivalent of more than $500,000.
Court papers did not disclose how the three cyber spies were detected.
However, one court document said the case may be related to the arrest of a Boeing aerospace engineer Keith Gartenlaub, who was arrested in August 2014 on child pornography charges.
A court document in the case said the Su case may be related to the Gartenlaub case because “the cases arise out of the same conspiracy, common scheme, transaction, series of transactions, or events.”
No details were given on the links between the two cases but the Orange County Register reported that Gartenlaub had been the target of Foreign Intelligence Surveillance Court monitoring.
Prosecutors stated during a detention hearing in 2014 that they were concerned Gartenlaub would flee to China, where his wife was born and where the couple owned property and traveled frequently.
Assistant Attorney General John Carlin said in a statement that Su admitted to playing an important role in the China-based conspiracy “to illegally access sensitive military data, including data relating to military aircraft that are indispensable in keeping our military personnel safe.”
“This plea sends a strong message that stealing from the United States and our companies has a significant cost; we can and will find these criminals and bring them to justice,” Carlin said.
U.S. Attorney Eileen M. Decker said in a statement that cyber crime “represents one of the most serious threats to our national security.”
“Today’s guilty plea and conviction demonstrate that these criminals can be held accountable no matter where they are located in the world and that we are deeply committed to protecting our sensitive data in order to keep our nation safe,” Decker said.
“Our adversaries’ capabilities are constantly evolving, and we will remain vigilant in combating the cyber threat,” said FBI Assistant Director Jim Trainor.
Under the plea deal, Su faces a maximum sentence of five years in prison and a fine of $250,000. Sentencing is scheduled for July 13.
Update, 3:00 P.M., Saturday 26 March: An earlier version of this post incorrectly described the F-35 as a Northrop Grumman aircraft. It is produced by Lockheed Martin.