Posted by Kevin on July 13, 2014.
News emerged on Friday that a Chinese national is being held in Canada on US charges that include being involved in hacking Boeing and stealing data on the C-17 military transport plane. The man is Su Bin. He is accused of working with two unnamed Chinese nationals who live in China. The accusation is that Su Bin directed the Chinese nationals on what documents to steal.
Two things are worth noting from the FBI’s Criminal Complaint dated 27 June 2014 and unsealed on Thursday. The first is that this was a long term and successful attack against Boeing, starting in 2009 and continuing until 2013. Indeed, from comments reported in Reuters, Boeing was completely unaware of the intrusion until warned by the FBI that it had been compromised.
One of the documents quoted by the FBI includes a description of the difficulties encountered by the hackers. This is from a report attached to an email sent between the two unnamed Chinese hackers:
…the Boeing Company’s internal network structure is extremely complex. Its border deployment has FW and IPS, and the secret network has [ ] type isolation equipment as anti-invasion security equipment in huge quantities.
Yet despite Boeing’s security expertise and all of this security equipment, the company not only failed to stop the breach, but failed to detect it over a period of several years. That does not augur well for the rest of us in defending against clearly advanced and persistent threats from China (or anywhere else for that matter).
The second point is that although the FBI nowhere accuses the Chinese government of involvement, it clearly suspects at least, shall we say, collusion. A second quoted document, sent between the two Chinese nationals and concerning a ‘specific [but unnamed] entity in the PRC’ describes a cyber espionage methodology:
…we have gradually established technology bases outside of China for the sake of security/safety and stability. So far, jump servers have been set up in the U.S., Korea, Singapore and etc…
…in order to avoid diplomatic and legal complications, surveillance work and intelligence collection are done outside China. The collected intelligence will be sent first by an intelligence officer via a pre-ordered temporary server placed outside China or via a jump server which is placed in a third country…
Elsewhere, the FBI court document describes a further report sent between the two:
The report stated that those involved had received funding in the amount of 2.2 million RMB to build up its team and infrastructure, to construct positions outside the border, and to purchase software and hardware. The report noted, however, that the actual expenditure had been 6.8 million RMB [which is in excess of $1 million]…
All of this talk about avoiding diplomatic and legal complications, intelligence and intelligence officers, and funding budgets does not describe a typical hacking group or freelance hackers. It seems that the FBI is clearly saying that this operation may not have been undertaken under the instruction of the Chinese government, but was almost certainly done with the connivance and possibly moral support and funding, of a state agency.Submitted in: News, News_hacks, News_legal |