A Chinese businessman pleaded guilty Wednesday in federal court in Los Angeles to helping two Chinese military hackers carry out a damaging series of thefts of sensitive military secrets from U.S. contractors.
The plea by Su Bin, a Chinese citizen who ran a company in Canada, marks the first time the U.S. government has won a guilty plea from someone involved with a Chinese government campaign of economic cyberespionage.
The resolution of the case comes as the Justice Department seeks the extradition from Germany of a Syrian hacker — a member of the group calling itself the Syrian Electronic Army — on charges of conspiracy to hack U.S. government agencies and U.S. media outlets.
[U.S. charges three suspected Syrian Electronic Army hackers]
Two years ago, the United States brought the first indictment for economic cyberespionage against hackers working for a foreign government. The indictment of five People’s Liberation Army officers in May 2014 was one of the earliest public signs of a new approach to hacking campaigns sponsored by nation-states.
Su’s plea follows a years-long investigation into the theft of scans, drawings and technical details related to Boeing’s C-17 military transport plane, as well as to advanced fighter jets. The total cost of the programs runs into the billions of dollars, and they involve technologies whose export is prohibited without a license.
The businessman, 50, pleaded guilty to conspiracy to hack information that is export-controlled. He faces a maximum of five years in prison.
“This plea sends a message that we’re committed to going after people even if they are affiliated with nation-state actors who steal from the United States,’’ said John Carlin, assistant U.S. attorney general for national security. “It shows we can find them even if they think they’re anonymous because they’re doing it through hacking and that we can bring them to justice, where they face penalties, like incarceration, just like every other felon.”
[Indictment of PLA hackers is part of broad U.S. strategy to curb Chinese cyberspying]
Su, also known as Stephen Su and Steven Subin, did not actually carry out the hacking. That was left to his co-conspirators, both officers in the People’s Liberation Army in China, said prosecutors, who did not name the two.
Su, the owner of Lode Technology, a company that does business in aviation and space sectors and had an office in British Columbia, identified technical data that the hackers could target and emailed it to them, said prosecutors in the Central District of California. One of the two PLA hackers would obtain the information. The two hackers would then write reports describing the data they had stolen, the value of the information and its significance in developing similar technologies, U.S. Attorney Eileen M. Decker said in a charging document.
The hacking campaign ran from 2008 to 2014, prosecutors said.
In one intercepted email, one of the PLA officers wrote that through the thefts of C-17 data, “we [made] important contributions to our national defense scientific research development.”
In 2009, Su sent an email to one of the PLA officers with a subject line of “Target.” Attached was a file containing the names and positions of U.S. executives on whom the hackers could prey, according to the plea agreement.
“There are some who say, ‘You’ll never catch anyone,’ ” Carlin said, referring to skeptics of the Justice Department’s get-tough approach to hacking associated with nation- states and terrorist groups. “Well, we have caught someone.”
In January, the United States took custody of a hacker accused of aiding the Islamic State from overseas. Ardit Ferizi, a citizen of Kosovo, was detained in Malaysia in September on a U.S. provisional arrest warrant. He is charged with stealing data of U.S. service members and passing it to the terrorist group, which urged supporters online to attack the military members. Ferizi was arraigned in a U.S. court in January.
[U.S. accuses hacker of stealing military members’ data and giving it to ISIS]
After Su was arrested in British Columbia in June 2014 on charges filed in California, the Justice Department began extradition proceedings. A month later, Chinese authorities detained a Canadian woman and her husband on suspicion of stealing state military and defense research secrets, according to Canadian media reports. They were eventually released.
In the end, Su waived his right to oppose extradition and agreed to be sent to the United States.
In the fall, Chinese President Xi Jinping pledged that his country would not engage in economic cyberespionage.
“One of the only reasons they were sitting down at the table” with the United States is that authorities showed they were capable of holding nation-state hackers accountable, Carlin said. At the time that Xi made his pledge, Su was “already locked up in Canada” on U.S. charges.
U.S. charges Iran-linked hackers with targeting banks, N.Y. dam
Following U.S. indictments, China shifts commercial hacking away from military to civilian agency
With a series of major hacks, China builds a database on Americans