US authorities have arrested a Chinese intelligence officer for attempting to steal trade secrets that would have helped China unfairly advance in the aviation and aerospace sectors.
The arrest comes amid numerous recent reports about an increase in cyber-enabled espionage involving China-backed actors. It suggests that little has changed in the three years since China signed an agreement with the US to refrain from backing such activity.
"This case is not an isolated incident," said John Demers, assistant attorney general for the US Department of Justice's National Security division, in a statement announcing the arrest. "It is part of an overall economic policy of developing China at American expense."
In charges announced Wednesday, the DoJ accused Yanjun Xu, an operative of China's Ministry of State Security (MSS), with economic espionage involving theft of trade secrets from GE Aviation and other leading US aviation companies.
The charges, filed in federal court in the Southern District of Ohio, allege that Yu and other unnamed conspirators working on behalf of the Chinese government systematically targeted companies inside and outside the US that are considered leaders in the aviation industry.
The alleged activity started in December 2013 and continued through April of this year, when Yu was arrested in Belgium after he traveled there to meet with an engineer from GE Aviation. Yu has since been extradited to the US, where he faces up to 15 years in federal prison if convicted on the espionage charges.
Court papers related to the case describe Yu as the deputy division director with the MSS's Jiangsu State Security Department. One of Yu's responsibilities in that role was to obtain technical information, including trade secrets from aviation and aerospace companies around the world.
In carrying out that mission, Yu would often use aliases and represent himself as being associated with the Jiangsu Science & Technology Promotion Association (JAST). He would target expert engineers at aviation companies and recruit them to travel to China to ostensibly deliver university presentations on aviation technology-related topics.
Going After GE Aviation's Material Design Technology
One of the engineers Yu targeted worked at GE Aviation. Yu contacted the individual in March 2017 and invited the engineer to deliver a presentation at China's leading Nanjing University of Aeronautics and Astronautics (NUAA). In discussing what to present, Yu instructed the engineer to give a report on certain key GE Aviation engine structure design analysis and manufacturing technology.
On one occasion, the engineer travelled to China and gave a presentation at NUAA, for which the engineer was later reimbursed $3,500 for travel and other expenses.
In subsequent communications with the same engineer, Yu tried to extract much more detailed information, including some highly proprietary information on the composite materials used in GE Aviation's fan blades and fan blade encasements. GE Aviation is the only company using the technology, which it spent billions of dollars in developing, the court papers said.
Though the engineer explicitly informed Yu that the information he was seeking involved commercial secrets, Yu persisted in asking for the information. He instructed the engineer on how to send him a copy of the file directory on the engineer's GE-issued computer. The engineer followed Yu's instructions for sorting and saving the file directory, resulting in a complete menu of all the files on the engineer's system. The engineer then sent the file to Yu, as instructed, but it was heavily edited to remove all sensitive information – and with GE Aviation's knowledge and approval.
The court documents also show that Yu targeted at least two other unnamed US aviation companies. The information he sought to obtain from these companies included materials related to electric landing gear and electric jet braking and data pertaining to a technology for aerial refueling of military aircraft.
Yu's arrest is sure to focus attention once again on China's state-backed espionage activity, an issue that the US government has previously raised at the highest levels. Yu is, in fact, the second Chinese citizen to be recently arrested. In September, law enforcement in Chicago arrested Ji Chaoqun on charges related to a conspiracy to steal information by recruiting Chinese nationals working as engineers and scientists for US firms, including military contractors.
In 2015, former President Barack Obama and Chinese counterpart Xi Jinping signed a much touted cyber agreement aimed at reducing some of the mounting tensions over the issue. The agreement calls for appropriate norms for state behavior in cyberspace and for both sides to refrain from knowingly supporting or conducting cyber-enabled theft of intellectual property.
The agreement came months after Obama issued an executive order that gave the US Treasury Department the authority to freeze all US-based property and assets of persons and entities that engage in cyber espionage on behalf of another country.
Three years later, little has changed. A recent report from CrowdStrike showed a sharp uptick in targeted intrusion attempts by China-backed actors against US companies in industries including defense, biotech, and pharmaceuticals. China-based entities, in fact, were behind 40 of the 70 or so targeted intrusions in the first half of this year that CrowdStrike was able to attribute.
"China is back as the most prolific nation-state actor conducting industrial espionage via cyber and non-cyber means," said Dmitri Alperovitch, co-founder and CTO of CrowdStrike, in a statement. "We believe China poses a long-term and strategic threat to the global economy, and today's arrest of a senior MSS officer responsible for industrial espionage is an important deterrence tool."
- Report: China's Intelligence Apparatus Linked to Previously Unconnected Threat Groups
- Iran 'the New China' as a Pervasive Nation-State Hacking Threat
- Lesser Skilled Cybercriminals Adopt Nation-State Hacking Methods
- 8 Nation-State Hacking Groups to Watch in 2018
Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.