IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Alleged Chinese Spies Indicted in US Aircraft Tech Hacking Case

Earlier this month, an officer from the Chinese intelligence branch was extradited from Belgium to Ohio to face intellectual property theft charges.

(TNS) — Two Chinese intelligence officers and a group of alleged hackers have been charged in San Diego on accusations of infiltrating the computer networks of private companies in the U.S. and abroad to steal plans for a turbofan engine to be used in commercial airliners, according to the indictment unsealed Tuesday.

The five-year conspiracy was led by Zha Rong, a division director of the Jiangsu Province Ministry of State Security, and Chai Meng, a section chief — both supervisors overseeing human intelligence and intellectual property theft operations within the ranks of the Chinese government, according to the indictment.

The indictment is among a small but growing collection of prosecutions that openly accuses the Chinese government of stealing U.S. trade secrets.

Earlier this month, an officer from the same Chinese intelligence branch was extradited from Belgium to Ohio to face intellectual property theft charges relating to jet aircraft engines.

According to the indictment, Yanjun Xu, a deputy division director, targeted experts who worked as leaders in the aviation field in private companies — including GE Aviation — and invited them to China to give university presentations as a way to steal trade secrets.

In September, a Chicago federal grand jury indicted a Chinese-born U.S. Army Reserves soldier who is accused of working as an agent for the same intelligence group. His role was to help recruit Chinese nationals working in the U.S. as scientists and engineers to become spies, according to the indictment.

On Thursday, arrest warrants were issued for 10 people in the most recent case, however, all defendants are believed to be in China.

"This action is yet another example of criminal efforts by the (Ministry of State Security) to facilitate the theft of private data for China's commercial gain," U.S. Attorney Adam Braverman said in a statement. "The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products."

The officers are accused of deploying a group of hackers to steal information on the technology of a turbofan engine being developed by an unnamed French aerospace manufacturer and a U.S.-based company. The indictment does not name the U.S. company nor say where it is located.

A state-controlled aerospace company in China had been working to develop similar technology for an engine to use in commercial airliners in China at the time, the indictment alleges.

The intrusion, beginning in 2010, stretched beyond the two main companies involved and targeted several businesses through the U.S. — from Massachusetts to Arizona to Oregon — that were developing parts for the engine, according to the charges. Other victims included a company in Wisconsin, companies based in the United Kingdom, and a "multinational conglomerate."

The intelligence service also repeatedly tried to hack into a San Diego-based technology company as part of the conspiracy from 2012 to 2014 to steal commercial information and use its website as a "watering hole," meaning anyone who visits the website could be vulnerable to infection. On top of the official conspiracy, two alleged hackers are also charged with orchestrating a separate attack on the company for their own criminal motivations, the U.S. Department of Justice said.

The first attack occurred on Jan. 8, 2010, when hackers got inside the networks of Capstone Turbine, a gas turbine manufacturer based in Los Angeles. The hackers first created their own email within the network, and later installed malware onto Capstone's website to make it a "watering hole." The malware, called Sakula, was designed to exploit vulnerabilities in the Internet Explorer web browser.

The hackers infiltrated an Arizona aerospace company in 2012 by sending an email that encouraged targets to click on a website that had been set up purporting to be Capstone Turbine, its domain misspelled by one letter.

The conspiracy also used two insiders working for the French aerospace company to operate as moles, according to the indictment. The company had offices in Suzhou, Jinagsu province.

In November 2013, an intelligence officer told Tian Xi, a product manager for the French company: "I'll bring the (Trojan) horse (malware) to you tonight. Can you take the Frenchmen out to dinner tonight? I'll pretend I bump into you at the restaurant to say hello. This way we don't need to meet in Shanghai," the indictment states.

A month later, the officer allegedly asked Xi three times if he had "plant(ed) the horse."

Another restaurant meeting occurred in January 2014 between the officer and Gu Gen, the French company's information technology infrastructure and security manager.

Within weeks, Xi texted the officer: "The horse was planted this morning."

The prosecution is linked to another San Diego case that accuses a Shanghai malware broker of providing the Sakula program for the Capstone Turbine attacks.

"I believe that the novelty and rarity of this malware is evidence that only a small group of hackers knew of it and that they were working together," a San Diego cybersquad FBI agent noted in the complaint against the malware broker, Pingan Yu.

Sakula is a rare program that was used in the theft of U.S. Office of Personnel Management hacks discovered in 2014 and 2015 that compromised the data of thousands of federal employees. The OPM breaches are not mentioned in either prosecution, however.

Yu, 37 pleaded guilty to a computer hacking conspiracy in September relating to the Capstone case.

When Yu was arrested in August 2017 at the Los Angeles airport, Chinese Foreign Ministry spokeswoman Hua Chunying told reporters on Friday that China opposes of all forms criminal internet activity, according to a report by Reuters.

©2018 The San Diego Union-Tribune. Distributed by Tribune Content Agency, LLC.