Chinese Hackers, Agents in Plot to Hack Aerospace Tech From US Companies

Chinese spies and hackers have been indicted for "repeated intrusions into companies' computer systems" in the U.S. and elsewhere for more than five years, the U.S. Department of Justice has announced.

Zha Rong, Chai Meng and other co-conspirators worked for the provincial arm of China's state security police in the eastern province of Jiangsu, which has its headquarters in Nanjing, the DOJ said in a statement on its website.

"The conspirators’ ultimate goal was to steal, among other data, intellectual property and confidential business information, including information related to a turbofan engine used in commercial airliners," it said.

Zha and Zhai used a team of hackers including Zhang Zhanggui, Liu Chunliang, Gao Hongkun, Zhuang Xiaowei, and Ma Zhiqi to try to steal technology for a turbofan engine used on U.S. and European commercial airliners, it said.

The hackers used a range of techniques, including spear phishing, to sow different strains of malware into company computer systems using the victim companies’ own websites as "watering holes" to compromise website visitors’ computers, and domain hijacking through the compromise of domain registrars, the DOJ said.

The first alleged hack had begun by Jan. 8, 2010, when members of the conspiracy infiltrated Capstone Turbine, a Los-Angeles-based gas turbine manufacturer, in order to steal data and use the Capstone Turbine website as a "watering hole" to compromise site visitors' computers.

French connection

The team also recruited insiders working for a French aerospace manufacturer that had an office in Jiangsu's Suzhou city and a partner company based in the United States, before hacking the computer systems of the French company.

The French company in Suzhou hired two employees in 2013, Tian Xi and Gu Chen, who had sought their jobs at the behest of the Jiangsu state security department. They then facilitated the infection of the company's systems with malware, and warned the department when the malware was discovered, enabling it to cover its tracks to a certain extent, the statement said.

Companies based in Arizona, Massachusetts and Oregon linked to the turbofan project were also targeted.

"At the time of the intrusions, a Chinese state-owned aerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in China and elsewhere," the DOJ statement said.

Zhang and Li Xiao were also accused of freelancing off the back of the state-sponsored hacking project for their own gain in a project that included a hack targeting a technology company based in San Diego, it said.

"For the third time since only September, the National Security Division, with its US Attorney partners, has brought charges against Chinese intelligence officers from [Jiangsu] and those working at their direction and control for stealing American intellectual property," U.S. Assistant Attorney General for National Security John C. Demers said in a statement.

"This is just the beginning. Together with our federal partners, we will redouble our efforts to safeguard America’s ingenuity and investment," Demers said.

Hacking continues

John Brown, FBI Special Agent in Charge of the San Diego Field Office, said Chinese state-sponsored hacking attempts have continued unabated.

"The threat posed by Chinese government-sponsored hacking activity is real and relentless," Brown said. "Today, the Federal Bureau of Investigation, with the assistance of our private sector, international and U.S. government partners, is sending a strong message to the Chinese government and other foreign governments involved in hacking activities."

The DOJ successfully extradited an officer with the Jiangsu state security department to Ohio in connection with a hacking attempt linked to technology for jet aircraft engines, while a U.S. Army recruit was charged in September of working for the Jiangsu state security department.

Reported by RFA's Cantonese Service. Translated and edited by Luisetta Mudie.