FBI, Pentagon Counterspies Hunt Fraudulent Navy Contractor

Spies posing as U.S. military officers try to steal defense technology

Pentagon / AP
December 1, 2016

Counterintelligence agents from the FBI and Pentagon are pursuing a suspected foreign agent posing as a Navy officer who offered fraudulent contracts to defense contractors in a bid to obtain sensitive and embargoed American technology.

The FBI on Wednesday sent a security alert about the scam uncovered recently by a contractor in Massachusetts to contractors engaged in secret defense work.

An FBI counterintelligence agent stated in the alert that the contractor reported "an individual posing as U.S. Navy officer" was issuing fake Navy contracts for computer and telecommunications equipment.

"Further investigation revealed several other reported incidents following a similar pattern where computers, telecommunication equipment, and export controlled technology were requested from cleared defense contractors and information technology companies," stated the notice from FBI Agent Carmine Nigro of the Boston field office.

The contracts involved unsolicited email requests made by people who identified themselves as purchasing agents for the Navy, Army, and Air Force. The emails originated from email domains that appeared similar to official military email accounts. Among the false domains were "" and "" The true Navy email domain is

The email requests specified that the sensitive goods being contracted were to be shipped to non-military facilities including freight and shipping warehouses, commercial office space, and locations overseas—indicating a likely foreign intelligence service connection.

"The individual(s) involved appear to have knowledge and some degree of familiarity with U.S. Department of Defense purchasing procedures and documentation, and have listed legitimate Department of Defense facilities within the original request for information," Nigro stated.

The Boston FBI office is investigating the contracting scam.

An FBI spokesman had no immediate comment.

The alert did not identify what nation's intelligence service was behind the technology acquisition effort.

However, China's spy services in the past have used email solicitation as part of a large-scale cyber espionage campaign targeting U.S. defense technology.

Counterintelligence experts say email solicitation is one of the main techniques used by foreign spies to obtain information and goods through the Internet.

However, posing as U.S. military officers engaged in contracting is a relatively new technique.

The fraudulent email operation is part of what the Pentagon calls cyber-enabled espionage threats to industry. The operations are designed to gather technology or sabotage defense contractors.

The Pentagon's Defense Security Service states in a training brochure that 80 percent of foreign intelligence collection involves six methods.

They include requests for information and academic solicitation of information, computer network activity, targeting at conferences and conventions, corporate solicitation and marketing, foreign visits and specialized information elicitation, and agent recruitment.

The Defense Security Service has identified computer information and information security software as targets of foreign intelligence agencies.

Command, control, communications, and computers are "the backbone of almost all government functions from battlefield commanders to interagency communications," the service said.

"Monitors, computers, printers, phones, radios, and data links are all necessary in this network-centric environment."

Software targeted by foreign spies included computer-aided design software, modeling and simulation software, artificial intelligence, microelectronic design software, and databases.

The Defense Security Service is responsible for thwarting foreign spies and other security threats at some 10,000 defense contractors located at 13,000 facilities and encompassing 1.2 million people.

Jeffrey Burlette, a DSS counterintelligence official, said in a recent online webinar that cyber space has allowed foreign actors seeking to obtain U.S. defense secrets to mask their identities.

Past cases have involved email solicitations that appeared to be from Canada seeking to ship restricted U.S. items to Singapore with the eventual goal of sending them to Iran, Burlette said.

Goods and technology are often acquired through front companies and electronic communications, he said.

Another ruse is for foreign spies to request information through emails, establish a back-and-forth exchange, and then to provide a "weaponized document" that allows the spy to gain access to a defense contractor's computer network.

"One thing you have to remember is these are adversaries that are state-sponsored, they've been classically trained in intelligence collection techniques in how to defeat certain security apparatus, and are very effective at their job," Burlette said.

One damaging foreign espionage case involved a Chinese national, Su Bin, who stole military secrets related to the C-17 transport jet and the F-35 and F-22 stealth fighters.

Su pleaded guilty in March to conspiracy to hack into U.S. defense contractors' computers, steal their data, and send it to China. He was sentenced to nearly four years in prison.

Most cyber espionage is carried out through what is called spear phishing, the use of emails to gain access to industry information. Others methods involve stealing computer access credentials, compromising websites, and exploiting social networking sites.

Published under: Cyber Security