Tuesday, October 30, 2018

Chinese Intelligence Officers and Their Recruited Hackers and Insiders Conspired to Steal Sensitive Commercial Aviation and Technological Data for Years

Chinese intelligence officers and those working under their direction, which included hackers and co-opted company insiders, conducted or otherwise enabled repeated intrusions into private companies’ computer systems in the United States and abroad for over five years.  The conspirators’ ultimate goal was to steal, among other data, intellectual property and confidential business information, including information related to a turbofan engine used in commercial airliners.

The charged intelligence officers, Zha Rong and Chai Meng, and other co-conspirators, worked for the Jiangsu Province Ministry of State Security (“JSSD”), headquartered in Nanjing, which is a provincial foreign intelligence arm of the People’s Republic of China’s Ministry of State Security (“MSS”). The MSS, and by extension the JSSD, is primarily responsible for domestic counter-intelligence, non-military foreign intelligence, and aspects of political and domestic security.

From at least January 2010 to May 2015, JSSD intelligence officers and their team of hackers, including  Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei, and Ma Zhiqi, focused on the theft of technology underlying a turbofan engine used in U.S. and European commercial airliners.  This engine was being developed through a partnership between a French aerospace manufacturer with an office in Suzhou, Jiangsu province, China, and a company based in the United States. Members of the conspiracy, assisted and enabled by JSSD-recruited insiders Gu Gen and Tian Xi, hacked the French aerospace manufacturer.  The hackers also conducted intrusions into other companies that manufactured parts for the turbofan jet engine, including aerospace companies based in Arizona, Massachusetts and Oregon.  At the time of the intrusions, a Chinese state-owned aerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in China and elsewhere.

Defendant Zhang Zhang-Gui is also charged, along with Chinese national Li Xiao, in a separate hacking conspiracy, which asserts that Zhang Zhang-Gui and Li Xiao leveraged the JSSD-directed conspiracy’s intrusions, including the hack of a San Diego-based technology company, for their own criminal ends.

“For the third time since only September, the National Security Division, with its US Attorney partners, has brought charges against Chinese intelligence officers from the JSSD and those working at their direction and control for stealing American intellectual property,” said John C. Demers, Assistant Attorney General for National Security.  “This is just the beginning.  Together with our federal partners, we will redouble our efforts to safeguard America’s ingenuity and investment.”

 “State-sponsored hacking is a direct threat to our national security.  This action is yet another example of criminal efforts by the MSS to facilitate the theft of private data for China’s commercial gain,” said U.S. Attorney Adam Braverman.  “The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products.”

 “The threat posed by Chinese government-sponsored hacking activity is real and relentless,” said John Brown, FBI Special Agent in Charge of the San Diego Field Office. “Today, the Federal Bureau of Investigation, with the assistance of our private sector, international and U.S. government partners, is sending a strong message to the Chinese government and other foreign governments involved in hacking activities.  We are working together to vigorously investigate and hold hackers accountable regardless of their attempts to hide their illicit activities and identities.”

On October 10, the Department of Justice announced that a JSSD intelligence officer was extradited to the Southern District of Ohio, on charges that he attempted to steal trade secrets related to jet aircraft engines, and in September, in the Northern District of Illinois, a grand jury indicted a U.S. Army recruit who is accused of working as an agent of a JSSD intelligence officer, without notification to the Attorney General.

As the indictment in the Southern District of California describes in detail, China’s JSSD intelligence officers and hackers working at their direction masterminded a series of intrusions in order to facilitate intrusions and steal non-public commercial and other data.  The hackers used a range of techniques, including spear phishing, sowing multiple different strains of malware into company computer systems, using the victim companies’ own websites as “watering holes” to compromise website visitors’ computers, and domain hijacking through the compromise of domain registrars. 

The first alleged hack began no later January 8, 2010, when members of the conspiracy infiltrated Capstone Turbine, a Los-Angeles-based gas turbine manufacturer, in order to steal data and use the Capstone Turbine website as a “watering hole.”  

China’s intelligence service also sought, repeatedly, to hack into a San Diego-based technology company from at least August 7, 2012 through January 15, 2014, in order to similarly steal commercial information and use its website as a “watering hole.”

Chinese actors used not only hacking methods to conduct computer intrusions and steal commercial information, they also coopted victim company employees.  From at least November 2013 through February 2014, two Chinese nationals working at the direction of the JSSD, Tian Xi and Gu Gen, were employed in the French aerospace company’s Suzhou office.  On January 25, 2014, after receiving malware from an identified JSSD officer acting as his handler, Tian infected one of the French company’s computers with malware at the JSSD officer’s direction. One month later, on February 26, 2014, Gu, the French company’s head of Information Technology and Security in Suzhou, warned the conspirators when foreign law enforcement notified the company of the existence of malware on company systems. That same day, leveraging that tip-off, conspirators Chai Meng and Liu Chunliang tried to minimize JSSD’s exposure by causing the deletion of the domain linking the malware to an account controlled by members of the conspiracy.

The group’s hacking attempts continued through at least May of 2015, when an Oregon-based company, which, like many of the other targeted companies, built parts for the turbofan jet engine used in commercial airliners, identified and removed the conspiracy’s malware from its computer systems.

Count Two of the indictment charges a separate conspiracy to hack computers in which Zhang Zhang-Gui, a defendant charged in Count One, supplied his co-defendant and friend, Li Xiao, with variants of the malware that had been developed and deployed by hackers working at the direction of the JSSD on the hack into Capstone Turbine. Using malware supplied by Zhang, as well as other malware, Li launched repeated intrusions that targeted a San Diego-based computer technology company for more than a year and a half.  These intrusions caused thousands of dollars of damage to protected computers.

Count Three of the indictment charges Zhang Zhang-Gui with the substantive offense of computer hacking a San Diego technology company, which was one of the targets of the conspiracies alleged in Counts One and Two.

The charges contained in the indictment are merely accusations, and the defendants are presumed innocent unless and until proven guilty.

The FBI, led by the San Diego Field Office, conducted the investigation that resulted in charges announced today.  This case is being prosecuted by Alexandra Foster and Sabrina Fève of the United States Attorney’s Office for the Southern District of California and Jason McCullough of the National Security Division’s Counterintelligence and Export Control Section.  The Criminal Division’s Office of International Affairs also provided assistance in this matter, and the Department appreciates the cooperation and assistance provided by France’s General Directorate for Internal Security (DGSI) and the Cybercrime Section of the Paris Prosecutor’s Office during the investigation of this matter.

Thursday, October 25, 2018

Criminal Justice Technology in the News

Law Enforcement News

Portsmouth Council OKs Purchase of Drone by Police Dept.
Seacoastonline, (10/16/2018), Jeff McMenemy
The Police Department in Portsmouth, N.H., will use a $69,638 grant to pay for a small unmanned aerial vehicle as well as the cost of maintenance for the device and training of officers. Uses for UAVs include crime scene and accident investigations.
Link to Article

Davenport Firefighters Get Gear to Protect Them in Active Shooter Situations
WGAD, (10/17/2018), Katrina Lamansky
Members of the Davenport Fire Department in Iowa now have ballistic helmets and body armor for protection in active shooter situations. A $5,600 grant from the Scott County Regional Authority was used to pay for the equipment for six firefighters.
Link to Article

Freeport Police to Purchase Use-of-Force Training Simulator
Journal Standard, (10/16/2018), Derrick Mason
The Freeport City Council in Illinois has approved the purchase of a use-of-force simulator for the police department. The technology uses high-definition video, a projection screen, sound and other components to create realistic scenarios.
Link to Article

Mecklenburg County Commissioners Approve $4.6M for CMS Security Plan
WCNC (10/17/2018), Ariel Plasencia
The Mecklenburg County Commissioners have approved releasing an additional $4.6 million for security enhancements at Charlotte-Mecklenburg Schools. The funding will allow CMS to implement phase one of its safety enhancements, which include better cameras, stronger fencing and additional locks on exterior doors.
Link to Article

Irvine Police Department Begins Drone Operations
New University, (10/18/2018), Chelsea Pan
The Irvine City Council in California has approved the Irvine Police Department's establishment of an unmanned aircraft system (UAS) program. The UAS team is permitted to fly and operate a single drone to assist with crime investigations, search for missing persons, and respond to and evaluate natural disasters.
Link to Article

NYPD Suspends Use of Body Camera Model After One Explodes
Washington Times, (10/22/2018), Associated Press
The New York City Police Department has suspended use of a model of body camera after one exploded. The NYPD says an officer noticed smoke coming from the Vievu LE-5 body camera, removed it, and the device exploded. No one was injured. The NYPD says that the explosion revealed a potential for the battery to ignite, and that the 2,990 cameras in use are being removed. In a statement, Axon, Vievu's parent company, says it will do whatever is necessary to resolve the situation.
Link to Article

Handcuffed Man Shoots Trooper on I-75 Before Being Killed in Gun Battle
WXIA-TV, (10/18/2018), Kristen Reed
A handcuffed man was able to shoot a state trooper in the torso on I-75 in Bartow County, Ga., according to authorities. The trooper was wearing a ballistic vest and survived. The suspect was shot several times and died a short time later.
Link to Article

Corrections News

Staff Drug Exposure Problem Prompts Pa. Prisons to Screen Books
Pittsburgh Post-Gazette, (10/19/2018), Mark Scolforo for the Associated Press
The Pennsylvania Corrections Department says it will screen books donated to state prison inmates for drugs as part of its response to a sharp rise in the number of employees seeking medical care for suspected exposure to synthetic marijuana. The agency told The Associated Press that donation groups will no longer ship books directly to inmates; the books will be examined by drug sniffing dogs at a central location before being given to prisoners. After a two-week lockdown that began in late August and changes to mail and visiting procedures, drug finds and positive results in random inmate drug tests are down by about half, and assaults and drug misconducts are also down, according to the department. Staff emergency room visits for suspected drug exposure fell from 48 in August to eight in September.
Link to Article

Five Former Probation Commissioners Urge Officials to Stop Testing Parolees for Marijuana
New York Daily News, (10/16/2018), Reuven Blau
Some former New York City probation commissioners feel that people on parole and probation should no longer be tested for marijuana if the drug is legalized in New York State. Vincent Schiraldi, a former city probation commissioner, testified before a state Assembly committee hearing on allowing adult use of marijuana and spoke on behalf of four other former probation commissioners. New York currently allows people to use marijuana for medical purposes. State lawmakers are considering fully legalizing the drug for recreational use.
Link to Article

Sullivan Jail Turns to Tech for Double-Check of Inmate IDs
TimesNews, (10/18/2018), Rain Smith
The Sullivan County Sheriff's Office in Tennessee has taken steps to ensure the correct inmates are released from the county jail. Corrections officers recently scanned more than 900 prisoners' thumbprints via a computer kiosk. Along with checks such as personal information and mugshots, staff will run prisoners through the biometric process again for release, double-checking that the right person is being freed from the facility.
Link to Article

Detention Alternative Initiative Adding Mentors
Pharos-Tribune, (10/18/2018), Mitchell Kirk
An Indiana county's implementation of the Juvenile Detention Alternatives Initiative plans to add a mentoring program next year. Through the initiative, Cass County offers an alternative to secure detention for low-level juvenile offenders. The mentoring program will aim to deter youth involved in the juvenile justice system from re-offending by making a positive impact on them through support and encouragement.
Link to Article

South Carolina Prisons Assessing Anti-cellphone Technology
WACH, (10/17/2018), Associated Press
South Carolina prison officials are assessing a managed access system intended to block cellphones smuggled inside by inmates. Managed access interferes with cell signals in a designated area.
Link to Article

Butler Co. Prison Revamps Mail Policy Following Sickenings
WISR, (10/17/2018), Kayla Molczanon
The Butler County Prison in Pennsylvania is revamping its mail policy following the sickening of six prison workers. Paper mail will no longer be coming into the prison other than legal mail. A company will scan personal mail and then upload it onto an electronic tablet, which an inmate can use to view mail.
Link to Article

Upcoming Forensic Technology Center of Excellence Webinar

Advancing Research Initiatives and Combatting the Human Trafficking Epidemic wil take place Nov. 1, 2018 at 1 p.m. ET. Recommendations will be discussed addressing general policies and priorities; a need to better protect refuges, immigrants and other at-risk populations; labor trafficking; and sexual exploitation. For information and to register, go to https://forensiccoe.org/webinar/combatting-human-trafficking-epidemic/.