14 DAY TRIAL // Su Bin, a Chinese businessman with permanent residence in Canada, has been accused of helping two hackers based in China steal documents from the systems of US aerospace companies with defense contracts.
Also known as Stephen Su and Stephen Subin, the businessman had been arrested on June 28, 2014, in British Columbia.
He has been indicted by the US District Court for the Central District of California with unauthorized computer access, conspiracy to commit theft of trade secrets and aiding and abetting.
The technology targeted by the three Chinese was the one used for developing the C-17 military transport aircraft by Boeing, and for F-35 and F-22 fighter jets produced by multiple defense contractors, Lockheed Martin among them.
According to the indictment, evidence of Su Bin’s involvement started in 2009, when he forwarded to one of them an email received from the other, with a draft contract for the purchase of a “System for Unidirectional Secure Delivery of Files over the Internet.”
The contract was from a company located in China that advertised experience with computer network attacks and defense and communication security.
The email exchange between the three parties has been intercepted by law enforcement, who discovered that the information exfiltrated from the systems of the US aerospace companies was sold to interested Chinese state-owned entities.
During the investigation, an important document has been discovered, which described “the acquisition of 65 gigabytes of data in 630,000 files and 85,000 file folders that included scans, drawings, and technical details related to the C-17 obtained by gaining access to the Boeing network in January 2010.”
The document also informed that the aircraft had been built at a cost of $3.4 / €2.544 billion, spent on research and development expenses.
Su Bin’s role in the conspiracy consisted in providing guidance to the two China-based hackers as to what persons, companies and technologies to be targeted through the computer intrusions.
After penetrating the systems of the marked companies, the hackers would provide Su Bin with the information found and receive instructions about which machines should be broken into and the exact folder whose content should be exfiltrated.
Delivering the information to China was done by sending it to servers in other countries first, from where it was carried by hand to the companies acquiring it.
It appears that the entire conspiracy lasted from October 2008 until around May 2014. Communication was email-based (Gmail), messages being written in both Chinese and English.