Within less than a month, the same Chinese provincial intelligence branch was implicated in three U.S. cases of stealing American technologies. The latest case involves espionage to acquire know-how for making turbofan engines used in commercial airliners.
The alleged culprit is the Jiangsu Province Ministry of State Security (JSSD), a branch of China’s Ministry of State Security (MSS), which is responsible for counterintelligence, foreign intelligence, and political security.
According to a U.S. court indictment released by the U.S. Department of Justice on Oct. 30, JSSD officers, Zha Rong and Chai Meng, the former a division director and the latter a section chief, led a conspiracy scheme to steal turbofan engine designs being developed through a partnership between a French aerospace manufacturer and an aerospace company based in the United States.
Eight others were charged in the conspiracy: five are computer hackers and malware developers who operated at the direction of the JSSD. Two are Chinese employees who worked at the French company’s office in Suzhou City, Jiangsu Province, as company information technology manager and product manager.
The 10th person charged was Li Xiao, a computer hacker who used JSSD-supplied malware to carry out a separate hack on a San Diego-based technology company.
The JSSD officers targeted more than a dozen companies—mostly in the aerospace industry—but only Capstone Turbine Corporation, a Los Angeles-based gas turbine manufacturer, was identified by name.
Other companies, including a Massachusetts-based aerospace company, and two aerospace suppliers in Arizona and Oregon, manufactured parts for turbofan engines.
The 10 people are charged with conspiring to steal sensitive data “that could be used by Chinese entities to build the same or similar engine without incurring substantial research and development expenses,” the indictment said.
At the time of the hacks, which took place from January 2010 through May 2015, a Chinese-state owned aerospace company was trying to develop a comparable engine for use in aircraft to be manufactured in China and other countries.
Chinese-made jets, including the C919 and ARJ21, currently use foreign engines but the country has been trying to develop a competitive homegrown alternative.
“State-sponsored hacking is a direct threat to our national security. This action is yet another example of criminal efforts by the MSS to facilitate the theft of private data for China’s commercial gain,” said U.S. Attorney Adam Braverman in a Justice Department press release.
“The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products,” he added.
John Brown, FBI Special Agent in Charge of the San Diego Field Office, vowed that Chinese criminals would be held “accountable regardless of their attempts to hide their illicit activities and identities.”
The indictment detailed the hacking tactics deployed by the 10 defendants. To hide the source and destination of their online traffic, defendants used unidentified software and leased servers to avoid detection.
Defendants deployed many different tactics to hack the data, such as spear phishing, malware, and using dynamic domain name service (DNS) accounts. DNS allows users to register different website domain names under a single account and frequently change the internet protocol (IP) address assigned to a domain name.
Spear phishing sends emails embedded with malware. Two types of malware, Sakula and IsSpace, were used by the defendants, to access the email recipients’ computers. They would send fictitious emails containing website links that closely resemble legitimate ones, also known doppelganger domain names. After someone clicks on the link, a hacker can gain access.
The hackers also installed malware on the targeted companies’ webpages, known as watering hole attacks, which provide defendants with a way to hack computers that have visited the webpages.
In January 2014, JSSD officer Chai got access to the French manufacturer by sending fake emails to employees at the company, pretending to be from the company’s network management. Later that same month, one of the indicted employees at the French company, Tian Xi, installed Sakula malware by inserting a USB drive provided by an unidentified JSSD officer, onto a computer at the French company’s Suzhou office.
The case will now be prosecuted in Southern California, according to the Justice Department press release.
Earlier, U.S. federal authorities announced two other cases of Chinese espionage involving JSSD officers.
In early October, Xu Yangjun, a JSSD intelligence officer, was extradited to the United States from Belgium, for charges that he attempted to steal trade secrets related to jet aircraft engines. Xu will now face trial in federal court in Cincinnati, Ohio.
Ji Chaoqun, a Chinese citizen who came to the United States in 2013 and enlisted in the U.S. Army Reserves in 2016, was arrested in Chicago in late September, on charges that he had covertly worked for a Chinese intelligence official from JSSD. Ji tried to recruit engineers and scientists in the United States to work for China.