POST Online Media Lite Edition



 

Chinese intelligence conspired to steal sensitive aviation and technological data for years

Staff Writer |
Chinese intelligence officers and those working under their direction, which included hackers and co-opted company insiders, conducted or otherwise enabled repeated intrusions into private companies’ computer systems in the United States and abroad for over five years.<br><br>rnThe conspirators’ ultimate goal was to steal, among other data, intellectual property and confidential business information, including information related to a turbofan engine used in commercial airliners.<br><br>rnThe charged intelligence officers, Zha Rong and Chai Meng, and other co-conspirators, worked for the Jiangsu Province Ministry of State Security (“JSSD”), headquartered in Nanjing, which is a provincial foreign intelligence arm of the People’s Republic of China’s Ministry of State Security (“MSS”).<br><br>rnThe MSS, and by extension the JSSD, is primarily responsible for domestic counter-intelligence, non-military foreign intelligence, and aspects of political and domestic security.<br><br>rnFrom at least January 2010 to May 2015, JSSD intelligence officers and their team of hackers, including Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei, and Ma Zhiqi, focused on the theft of technology underlying a turbofan engine used in U.S. and European commercial airliners.<br><br>rnThis engine was being developed through a partnership between a French aerospace manufacturer with an office in Suzhou, Jiangsu province, China, and a company based in the United States.<br><br>rnMembers of the conspiracy, assisted and enabled by JSSD-recruited insiders Gu Gen and Tian Xi, hacked the French aerospace manufacturer.<br><br>rnThe hackers also conducted intrusions into other companies that manufactured parts for the turbofan jet engine, including aerospace companies based in Arizona, Massachusetts and Oregon.<br><br>rnAt the time of the intrusions, a Chinese state-owned aerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in China and elsewhere.<br><br>rnDefendant Zhang Zhang-Gui is also charged, along with Chinese national Li Xiao, in a separate hacking conspiracy, which asserts that Zhang Zhang-Gui and Li Xiao leveraged the JSSD-directed conspiracy’s intrusions, including the hack of a San Diego-based technology company, for their own criminal ends.<br><br>rn“For the third time since only September, the National Security Division, with its US Attorney partners, has brought charges against Chinese intelligence officers from the JSSD and those working at their direction and control for stealing American intellectual property,” said John C. Demers, Assistant Attorney General for National Security.<br><br>rn“This is just the beginning.<br><br>rnTogether with our federal partners, we will redouble our efforts to safeguard America’s ingenuity and investment.”<br><br>rn“State-sponsored hacking is a direct threat to our national security.<br><br>rnThis action is yet another example of criminal efforts by the MSS to facilitate the theft of private data for China’s commercial gain,” said U.S.<br><br>rnAttorney Adam Braverman.<br><br>rn“The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products.”<br><br>rn“The threat posed by Chinese government-sponsored hacking activity is real and relentless,” said John Brown, FBI Special Agent in Charge of the San Diego Field Office.<br><br>rn“Today, the Federal Bureau of Investigation, with the assistance of our private sector, international and U.S.<br><br>rngovernment partners, is sending a strong message to the Chinese government and other foreign governments involved in hacking activities.<br><br>rnWe are working together to vigorously investigate and hold hackers accountable regardless of their attempts to hide their illicit activities and identities.”<br><br>rnOn October 10, the Department of Justice announced that a JSSD intelligence officer was extradited to the Southern District of Ohio, on charges that he attempted to steal trade secrets related to jet aircraft engines, and in September, in the Northern District of Illinois, a grand jury indicted a U.S.<br><br>rnArmy recruit who is accused of working as an agent of a JSSD intelligence officer, without notification to the Attorney General.rnrnAs the indictment in the Southern District of California describes in detail, China’s JSSD intelligence officers and hackers working at their direction masterminded a series of intrusions in order to facilitate intrusions and steal non-public commercial and other data.<br><br>rnThe hackers used a range of techniques, including spear phishing, sowing multiple different strains of malware into company computer systems, using the victim companies’ own websites as “watering holes” to compromise website visitors’ computers, and domain hijacking through the compromise of domain registrars.<br><br>rnThe first alleged hack began no later January 8, 2010, when members of the conspiracy infiltrated Capstone Turbine, a Los-Angeles-based gas turbine manufacturer, in order to steal data and use the Capstone Turbine website as a “watering hole.”<br><br>rnChina’s intelligence service also sought, repeatedly, to hack into a San Diego-based technology company from at least August 7, 2012 through January 15, 2014, in order to similarly steal commercial information and use its website as a “watering hole.”<br><br>rnChinese actors used not only hacking methods to conduct computer intrusions and steal commercial information, they also coopted victim company employees.<br><br>rnFrom at least November 2013 through February 2014, two Chinese nationals working at the direction of the JSSD, Tian Xi and Gu Gen, were employed in the French aerospace company’s Suzhou office.<br><br>rnOn January 25, 2014, after receiving malware from an identified JSSD officer acting as his handler, Tian infected one of the French company’s computers with malware at the JSSD officer’s direction.<br><br>rnOne month later, on February 26, 2014, Gu, the French company’s head of Information Technology and Security in Suzhou, warned the conspirators when foreign law enforcement notified the company of the existence of malware on company systems.<br><br>rnThat same day, leveraging that tip-off, conspirators Chai Meng and Liu Chunliang tried to minimize JSSD’s exposure by causing the deletion of the domain linking the malware to an account controlled by members of the conspiracy.<br><br>rnThe group’s hacking attempts continued through at least May of 2015, when an Oregon-based company, which, like many of the other targeted companies, built parts for the turbofan jet engine used in commercial airliners, identified and removed the conspiracy’s malware from its computer systems.<br><br>rnCount Two of the indictment charges a separate conspiracy to hack computers in which Zhang Zhang-Gui, a defendant charged in Count One, supplied his co-defendant and friend, Li Xiao, with variants of the malware that had been developed and deployed by hackers working at the direction of the JSSD on the hack into Capstone Turbine.<br><br>rnUsing malware supplied by Zhang, as well as other malware, Li launched repeated intrusions that targeted a San Diego-based computer technology company for more than a year and a half.<br><br>rnThese intrusions caused thousands of dollars of damage to protected computers.<br><br>rnCount Three of the indictment charges Zhang Zhang-Gui with the substantive offense of computer hacking a San Diego technology company, which was one of the targets of the conspiracies alleged in Counts One and Two.<br><br>rnThe charges contained in the indictment are merely accusations, and the defendants are presumed innocent unless and until proven guilty.<br><br>rnThe FBI, led by the San Diego Field Office, conducted the investigation that resulted in charges announced today.<br><br>rnThis case is being prosecuted by Alexandra Foster and Sabrina Fève of the United States Attorney’s Office for the Southern District of California and Jason McCullough of the National Security Division’s Counterintelligence and Export Control Section.<br><br>rnThe Criminal Division’s Office of International Affairs also provided assistance in this matter, and the Department appreciates the cooperation and assistance provided by France’s General Directorate for Internal Security (DGSI) and the

Article continues below




ttp://www.histerius.com/hs0818/officials.jpg" class="slikadesno" alt="officials" title="officials">Chinese intelligence officers and those working under their direction, which included hackers and co-opted company insiders, conducted or otherwise enabled repeated intrusions into private companies’ computer systems in the United States and abroad for over five years.

The conspirators’ ultimate goal was to steal, among other data, intellectual property and confidential business information, including information related to a turbofan engine used in commercial airliners.

The charged intelligence officers, Zha Rong and Chai Meng, and other co-conspirators, worked for the Jiangsu Province Ministry of State Security (“JSSD”), headquartered in Nanjing, which is a provincial foreign intelligence arm of the People’s Republic of China’s Ministry of State Security (“MSS”).

The MSS, and by extension the JSSD, is primarily responsible for domestic counter-intelligence, non-military foreign intelligence, and aspects of political and domestic security.

From at least January 2010 to May 2015, JSSD intelligence officers and their team of hackers, including Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei, and Ma Zhiqi, focused on the theft of technology underlying a turbofan engine used in U.S. and European commercial airliners.

This engine was being developed through a partnership between a French aerospace manufacturer with an office in Suzhou, Jiangsu province, China, and a company based in the United States.

Members of the conspiracy, assisted and enabled by JSSD-recruited insiders Gu Gen and Tian Xi, hacked the French aerospace manufacturer.

The hackers also conducted intrusions into other companies that manufactured parts for the turbofan jet engine, including aerospace companies based in Arizona, Massachusetts and Oregon.

At the time of the intrusions, a Chinese state-owned aerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in China and elsewhere.

Defendant Zhang Zhang-Gui is also charged, along with Chinese national Li Xiao, in a separate hacking conspiracy, which asserts that Zhang Zhang-Gui and Li Xiao leveraged the JSSD-directed conspiracy’s intrusions, including the hack of a San Diego-based technology company, for their own criminal ends.

“For the third time since only September, the National Security Division, with its US Attorney partners, has brought charges against Chinese intelligence officers from the JSSD and those working at their direction and control for stealing American intellectual property,” said John C. Demers, Assistant Attorney General for National Security.

“This is just the beginning.

Together with our federal partners, we will redouble our efforts to safeguard America’s ingenuity and investment.”

“State-sponsored hacking is a direct threat to our national security.

This action is yet another example of criminal efforts by the MSS to facilitate the theft of private data for China’s commercial gain,” said U.S.

Attorney Adam Braverman.

“The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products.”

“The threat posed by Chinese government-sponsored hacking activity is real and relentless,” said John Brown, FBI Special Agent in Charge of the San Diego Field Office.

“Today, the Federal Bureau of Investigation, with the assistance of our private sector, international and U.S.

government partners, is sending a strong message to the Chinese government and other foreign governments involved in hacking activities.

We are working together to vigorously investigate and hold hackers accountable regardless of their attempts to hide their illicit activities and identities.”

On October 10, the Department of Justice announced that a JSSD intelligence officer was extradited to the Southern District of Ohio, on charges that he attempted to steal trade secrets related to jet aircraft engines, and in September, in the Northern District of Illinois, a grand jury indicted a U.S.

Army recruit who is accused of working as an agent of a JSSD intelligence officer, without notification to the Attorney General. As the indictment in the Southern District of California describes in detail, China’s JSSD intelligence officers and hackers working at their direction masterminded a series of intrusions in order to facilitate intrusions and steal non-public commercial and other data.

The hackers used a range of techniques, including spear phishing, sowing multiple different strains of malware into company computer systems, using the victim companies’ own websites as “watering holes” to compromise website visitors’ computers, and domain hijacking through the compromise of domain registrars.

The first alleged hack began no later January 8, 2010, when members of the conspiracy infiltrated Capstone Turbine, a Los-Angeles-based gas turbine manufacturer, in order to steal data and use the Capstone Turbine website as a “watering hole.”

China’s intelligence service also sought, repeatedly, to hack into a San Diego-based technology company from at least August 7, 2012 through January 15, 2014, in order to similarly steal commercial information and use its website as a “watering hole.”

Chinese actors used not only hacking methods to conduct computer intrusions and steal commercial information, they also coopted victim company employees.

From at least November 2013 through February 2014, two Chinese nationals working at the direction of the JSSD, Tian Xi and Gu Gen, were employed in the French aerospace company’s Suzhou office.

On January 25, 2014, after receiving malware from an identified JSSD officer acting as his handler, Tian infected one of the French company’s computers with malware at the JSSD officer’s direction.

One month later, on February 26, 2014, Gu, the French company’s head of Information Technology and Security in Suzhou, warned the conspirators when foreign law enforcement notified the company of the existence of malware on company systems.

That same day, leveraging that tip-off, conspirators Chai Meng and Liu Chunliang tried to minimize JSSD’s exposure by causing the deletion of the domain linking the malware to an account controlled by members of the conspiracy.

The group’s hacking attempts continued through at least May of 2015, when an Oregon-based company, which, like many of the other targeted companies, built parts for the turbofan jet engine used in commercial airliners, identified and removed the conspiracy’s malware from its computer systems.

Count Two of the indictment charges a separate conspiracy to hack computers in which Zhang Zhang-Gui, a defendant charged in Count One, supplied his co-defendant and friend, Li Xiao, with variants of the malware that had been developed and deployed by hackers working at the direction of the JSSD on the hack into Capstone Turbine.

Using malware supplied by Zhang, as well as other malware, Li launched repeated intrusions that targeted a San Diego-based computer technology company for more than a year and a half.

These intrusions caused thousands of dollars of damage to protected computers.

Count Three of the indictment charges Zhang Zhang-Gui with the substantive offense of computer hacking a San Diego technology company, which was one of the targets of the conspiracies alleged in Counts One and Two.

The charges contained in the indictment are merely accusations, and the defendants are presumed innocent unless and until proven guilty.

The FBI, led by the San Diego Field Office, conducted the investigation that resulted in charges announced today.

This case is being prosecuted by Alexandra Foster and Sabrina Fève of the United States Attorney’s Office for the Southern District of California and Jason McCullough of the National Security Division’s Counterintelligence and Export Control Section.

The Criminal Division’s Office of International Affairs also provided assistance in this matter, and the Department appreciates the cooperation and assistance provided by France’s General Directorate for Internal Security (DGSI) and the Cybercrime Section of the Paris Prosecutor’s Office during the investigation of this matter.


What to read next

Conspiring to export specialty metals to Iran
Chinese company Sinovel Wind Group convicted of theft of trade secrets
Executives charged with manipulating company’s accounting systems

U.S. obtains warrant for seizure of plane of sanctioned Russian oligarch Andrei Skoch

 
The United States of America has been authorized to seize an Airbus A319-100 owned and controlled by sanctioned Russian oligarch Andrei Skoch, pursuant to a seizure warrant from the U.S. District Court for the Southern District of New York, which found that the airplane is subject to seizure and forfeiture based on probable cause of violation of the federal anti-money laundering laws.
 
 

Latest

City of Chicago to buy 100% renewable power by 2025
Germany records first case of monkeypox in child
Namibia lifts restrictive measures after controlling H5N1 avian influenza
Lenovo Q1 net income grew 11%

NEWS

U.S.: Dangerous heat in northeast and northwest

UK Met Office issued Amber Extreme heat warning, health agency Level 3 Heat Health Alert
Germany’s largest crematorium works around the clock to save on gas consumption
About 700 firefighters putting out wildfires in Yakutia, Russia
Heavy downpours in Seoul: At least 7 dead, retail sector hit
Three injured in Google data center explosion
 

BUSINESS

Harris County Attorney Menefee announces EPA investigation into Texas concrete plant permitting

Biden signs bill to boost U.S. chips, compete with China
Azerbaijan's gas supplies to Europe up by 24 percent
Ukraine has 12 bcm of gas in underground storage facilities
MENA bus and coach market to reach $4.47 billion
Italy reduces LNG imports due to terminal closure, Gazprom transit request via Ukraine at 41.8 mcm
 

Trending Now

Micromanaging is the worst enemy of efficiency and teamwork

Cape Town and Dubai battle over Africa's energy future

Oil discovery in Kavango Basin may mean huge benefits for Namibians

Niger set to monetize massive gas reserves through Saharan natural gas pipeline


POLITICS

Commission approves Italian scheme under RRF to support biomethane production

Commission approves €149 million Romanian scheme under RRF to support renewable hydrogen production
Prisoners in UK to be upskilled in cutting-edge farming techniques
Agriculture Ministry: Firewood production remains sustainable in Hungary
Lithuanian FM: Russia should find way to pay for Kaliningrad transit by itself
Program to support students impacted by pandemic, fulfill critical workforce need in Georgia
 

Today We Recommend

Azerbaijan's gas supplies to Europe up by 24 percent


Highlights 

Whirlpool acquires InSinkErator for $3 billion

Devon Energy to buy Validus for $1.8 billion

Munich Re Q2 profit €768m


COMPANIES

HEICO subsidiary acquires RF and microwave switch maker Charter Engineering

Papa Murphy's parent acquires Famous Dave's parent for $200 million
Imspex Diagnostics' BreathSpec instrument receives CE Mark for COVID-19 testing
German Eukalin acquires Adhesives Specialists from Pennsylvania
UPS acquires Italian health care provider Bomi Group
Whirlpool acquires InSinkErator for $3 billion
 

CAREERS

Island Pacific appoints Herman Chiu as CFO

Horizon Bancorp appoints Thomas M. Prame as president
Encora appoints Deepak Bhandari as EVP, head of corporate development
Firmenich: Maurizio Clementi interim president of taste and beyond division
Joyce Farms appoints two new leaders
Shore Bancshares appoints Esther A. Streete as director
 

ECONOMY

German economy to lose $265 billion in added value

Czech Republic reports $500mln trade deficit in June
Philippine GDP grows 7.4 percent on year in Q2
Georgia's July net tax revenues up 2.5%
Conference Board Employment Trends Index decreased in July
China's foreign trade of goods up 10.4% in first seven months
 

EARNINGS

Legal & General H1 profit £1,160m

Munich Re Q2 profit €768m
TreeHouse Foods Q2 net sales increased 19.4%
AgriBank Q2 net income remains strong
Tyson Foods Q3 GAAP EPS $2.07
Hawaiian Electric Industries net income $52.5 million
 

OP-ED

Micromanaging is the worst enemy of efficiency and teamwork

Niger set to monetize massive gas reserves through Saharan natural gas pipeline
Putting the brakes on EV folly that choked the market
Oil discovery in Kavango Basin may mean huge benefits for Namibians
Cape Town and Dubai battle over Africa's energy future
Is America going to lose its superpower status?
 

AGRIFISH

Tanzania signs 21 irrigation scheme contracts for over 26,000 ha of land

Australia: Be on guard for foot-and-mouth scam emails seeking your confidential information
Saudi Arabia allows imports of fruits and vegetables from Serbia
Brazil's fish exports double in H1
Vietnam: Agro-forestry and fishery exports in July 2022 estimated at 4.76 billion USD
Government of Canada invests in improving animal welfare
 

LEADERSHIP

If company overcomes post-IPO innovation slump, it will survive longer

62% of consumers will stop buying from brands that compromise products to cut costs
Companies must invest to avoid supply chain scandal or pay the price in lost consumers
How awards, recognition decrease inventors' creativity
Keeping employees is harder than ever. And we don't have good news
How much is 'great resignation' costing companies?
 

CRIME

PwC fined $2 million over BT audit after fraud discovered in Italy

Guardia di Financa finds unregistered foreign company operating in e-commerce
Iowa AG sues tobacco companies over $133 million in withheld payments
AG Bonta announces $15.5 million judgment against Rent-A-Center
Illinois AG Raoul announces agreement with former opioid maker Allergan
AG Shapiro secures preliminary agreement with Teva for $4.25 billion
 

Magazine

TRAVEL

Avani Chaweng Samui Hotel & Beach Club opens in Thailand

Buffalo Bill is coming to Manitowoc with his Wild West show
Pullman Doha West Bay Hotel opens in Qatar
DoubleTree by Hilton hotel opens in Malaysia
Great Dorset Chilli Festival, the hottest festival in UK
Selina Serenity Rawai Phuket Hotel opens in Thailand
 

SEA, LAND, AIR

Porsche unveils newest generation of 911 GT3 R

2023 Subaru Crosstrek sells like hotcakes
New Mercedes‑Benz GLC, at home on any terrain
GMC unleashes new 2023 Sierra 1500 AT4X AEV Edition
First BMW M3 Touring presented
Southern Wind Power of 2, just for you and ocean ahead
 

DESIGN

Nobody's Child, everybody's favorite

Freddy WR.UP, pants that hug you in all the right places
Stylishly luxurious house design
Great design ideas that might not work for you
Garden mirrors, explore new views of your garden
Unusual and highly functional lamps
 

GADGETS

Shure MV7 professional dynamic microphone now available in new limited-edition color

Forget streaming services, use McIntosh MR89 to enjoy AM/FM music
Infinix NOTE 12 PRO, first smartphone powered by MediaTek Helio G99
MW75 active noise-cancelling headphones, variety of new features
Parasound JC 1+ mono power amplifier by John Curl, pure delight
Cambridge Audio SX80, stylish loudspeakers for any room
 

HEALTH

Denmark to offer monkeypox vaccine to gay men

Guatemala confirms first case of monkeypox
First monkeypox case identified in Moldova
At least 12 deaths reported in cholera outbreak in Afghanistan's Jawzjan
Batten disease, a group of fatal genetic disorders
German government supports development of nasal COVID-19 vaccine
 

MEANTIME

Drought increases toxic microbe-laden dust landing in Sierras

Ancient source of oxygen for life hidden deep in Earth's crust
Length of Earth's days has been increasing, scientists don't know why
South Korea launches first lunar orbiter
Bantu speakers crossed through Central African Rainforest 4,000 years ago, changed everything
Webb telescope captures colorful Cartwheel Galaxy