Attacks/Breaches

11/18/2008
01:57 PM
50%
50%

Chinese-Born Scientist Pleads Guilty To Tech Espionage

Quan-Sheng Shu, who was also charged with illegal arms exports, faces up to 10 years in prison.

A Chinese-born scientist working in Virginia has pleaded guilty to selling U.S. technology and military secrets for rocket propulsion to China, though news service XFN-Asia reported that the Chinese government insists the charges were "completely fabricated."

Quan-Sheng Shu pleaded guilty Monday in U.S. District Court in Norfolk to charges of bribery in violation of the Foreign Corrupt Practices Act and breaking the federal Arms Export Control Act.

The U.S. Department of Justice said the physicist in Newport News exported technical space launch data and defense services to the People's Republic of China and offered bribes to Chinese government officials.

Shu, a naturalized U.S. citizen, exported defense services from January 2003 through October 2007 by helping China design and develop a cryogenic fueling system for space launch vehicles in Hainan, China, U.S. prosecutors said in an indictment. China plans to use the facility to launch space stations, satellites, manned space flights, and lunar missions, according to the complaint. The People's Liberation Army's General Armaments Department and the 101st Research Institute, which is overseen by China's Industry for the National Defense, run the facility.

The U.S. government also claimed that Shu illegally exported controlled military data in a document entitled "Commercial Information, Technical Proposal and Budgetary Officer -- Design, Supply, Engineering, Fabrication, Testing & Commissioning of 100m3 Liquid Hydrogen Tank and Various Special Cryogenic Pumps, Valves, Filters and Instruments," on December 20, 2003.

Finally, the U.S. government also charged Shu with using his U.S. company, AMAC, and a French company he represented, to offer money to Chinese government officials for a contract for the development of a 600 liter per hour liquid hydrogen tank system. The complaint states that he offered "percentage points" worth about $56,800 in February and April 2006. In May 2006, he offered another $75,700 in points, bringing the total to $189,300, according to the complaint.

In January 2007, the French company that Shu represented won the $4 million hydrogen liquefier project.

Shu, 68, will be sentenced April 6, 2009. He faces a maximum sentence of 10 years in prison and a fine of $1,000,000 for each violation of the Arms Export Control Act, and a possible maximum sentence of five years in prison and a fine of $250,000 or twice the gross gain for violating the Foreign Corrupt Practices Act.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8142
PUBLISHED: 2018-05-21
A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035.
CVE-2018-11311
PUBLISHED: 2018-05-20
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
CVE-2018-11319
PUBLISHED: 2018-05-20
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to ...
CVE-2018-11242
PUBLISHED: 2018-05-20
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVE-2018-11315
PUBLISHED: 2018-05-20
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a ho...