Chinese businessman admits to cyber spying on Boeing and hacking into networks of top military contractors

In a statement issued on Wednesday, the U.S. Department of Justice said that a Chinese businessman pleaded guilty to conspiring to hack into the computer networks of top U.S. military contractors to steal sensitive military aircraft data and send to China.

Identified as Su Bin, the 50-year-old Chinese citizen admitted to working together with two unindicted Chinese co-conspirators for more than five years to target military data, including Boeing’s C-17 military transport aircraft and Lockheed Martin’s F-35 and F-22 fighter jets, the department said.

“This plea sends a strong message that stealing from the United States and our companies has a significant cost,” said John Carlin, assistant attorney-general for national security. “We can and will find these criminals and bring them to justice.”

However, the Department of Justice didn’t recognize the eventual recipients of the stolen information inside China.

Su’s plea agreement, filed in the U.S. District Court for the Central district of California, comes in the midst of intensifying U.S. efforts to restrict what officials describe as rampant Chinese cyber-spying.

Beijing has repeatedly denied U.S. claims that it steals secrets from American companies, including in Su’s case saying that the allegations are “purely ungrounded and serve an ulterior purpose.” In the meantime, it has accused the U.S. government of its own hacking campaign against China.

In September, the two governments agreed to refrain from cyber theft of trade secrets and intellectual property against one another for commercial purposes. Last month, James Clapper, the director of national intelligence, told Congress that “China continues to have success in cyber espionage against the US Government, our allies, and U.S. companies.” But the spy chief said it was not yet clear whether the most recent efforts were backed by the Chinese government or it involved the theft of data for commercial gain.

However, prior to the deal, some U.S. cybersecurity firms had traced hacking to Chinese military units.

Su was arrested in Canada in July 2014. He was later transferred to the U.S last month after waiving extradition. The businessman also known as “Stephen Su” and “Steven Subin” directed a pair of Chinese associates who obtained access to defence contractors’ computer networks. On at least one occasion, Su sent his partners lists of U.S. and European defence executives in an email with the subject line “Target.”

According to the plea agreement, the two unnamed allies began hacking into the corporate computers starting around October 2008. Once they had gained access, they emailed lists of files and folders to Su asking him which were important enough to steal. Su would then reply with requested file names highlighted in yellow and the hackers would obtain the material and email it to him.

Su also made off with a presentation on aircraft training and a flight test plan along with stealing information on how to produce C-17 components. All of the information was forbidden from export outside the U.S.

In Su’s case, he now faces a maximum sentence of five years in prison and a fine of $250,000 or twice his financial gain from the spying, whichever is greater. He is due to be sentenced in July.