14 DAY TRIAL // China national Su Bin has been charged on June 27 with hacking into the systems of multiple U.S. aerospace companies that had large defense contracts, such as Boeing and Lockheed Martin; the next day, he was arrested in British Columbia.
Su Bin is believed to have worked with other two individuals, still to be identified, to break into the systems of the targeted companies and obtain information about military projects from remote machines based in China.
The perpetrators allegedly gained access to data regarding parts and performance of the C-17 military cargo plane from Boeing, and F-22 and F-35 fighter jets from Lockheed Martin.
The trio carried out their business between 2009 and 2013, and they are said to have tried to sell the illegally obtained information to state-owned Chinese companies.
Su Bin is the owner of Lode Technologies, an aviation company based in China, with an office in Canada.
According to documents unsealed in federal court in Los Angeles, Su Bin’s co-conspirators managed to exfiltrate 630,000 files relating to Boeing’s C-17 project, totaling 65GB.
Infecting the machines on Boeing and Lockheed networks was done through phishing by the two unnamed hackers, who operated from China. Once the malicious file was executed, it would contact a remote server for commands and instructions.
The court document says that the infected machines were accessed through the remote desktop protocol (RDP), and the intruders could explore the network.
Furthermore, the attackers had persistent presence on the compromised system and could escalate their privileges as well as reach secure parts of the network. The collected data would be compressed in RAR archives and sent to computers under their control.
Surveillance of military technology seems to be the main task of the other two members of the group, named UC1 and UC2 in the court documents.
Law enforcement agencies managed to find an email with an attached document that was in fact a report identifying targets, objectives, and the success of computer intrusions to U.S. companies.
It also noted that entities with military technology information in Taiwan and files from different groups in China, such as the Democracy Movement and the Tibetan Independence Movement, were also targeted.
Based on the unsealed document, UC1 and UC2 exchanged information about 32 U.S. military projects, with details about the amount of data that was stolen.
Su Bin is to remain in custody in Canada waiting a bail hearing scheduled for July 18 in Vancouver, B.C.