WASHINGTON — A Chinese businessman in Canada hacked into Boeing’s computers and stole information about U.S. military aircraft and weapons, the Justice Department said Friday, describing a corporate espionage case that is unusual for the huge amount of data involved.
The businessman, Su Bin, spent years taking data from Boeing, the FBI said in court documents, and working with two unidentified contacts in China sought to sell the information to companies there.
There is no indication that the Chinese government orchestrated the attacks, or that anyone breached classified systems or stole classified information. But the assault on one of the nation’s most sophisticated defense contractors is a reminder that even seemingly safe computer systems are vulnerable.
Bin owned a Chinese aviation company called Lode Tech that had offices in Canada, where Bin lived. He was arrested there June 28, the FBI said, and is expected in court there later this month for a bail hearing. The Justice Department is seeking his extradition to the United States. He is charged with unauthorized computer access.
“We remain deeply concerned about cyber-enabled theft of sensitive information and we have repeatedly made it clear that the United States will continue using all the tools our government possesses to strengthen cyber security and confront cybercrime,” Marc Raimondi, a Justice Department spokesman, said.
Court documents do not say how the hackers breached Boeing’s computers. But Noel Neeman, the FBI agent who wrote the document, describes a general strategy that will be familiar to anyone whose email or social media accounts have been compromised: Hackers send an email with a link to a malicious piece of code. Clicking on that link gives hackers access to computer systems.
While court documents quote from emails describing elaborate hacking schemes and successful efforts to obtain aircraft schematics, Neeman writes that those accounts “could have been exaggerated.” The hackers’ description of Boeing’s computer network is not accurate and the sensitive design information they claim to have seized was stored across multiple servers, including two on Air Force bases, Neeman writes.