Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/11/2018
05:50 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Chinese Intelligence Officer Under Arrest for Trade Secret Theft

Yanjun Xu attempted to steal data on advanced aviation technology that GE Aviation, among others, had spent billions developing.

US authorities have arrested a Chinese intelligence officer for attempting to steal trade secrets that would have helped China unfairly advance in the aviation and aerospace sectors.

The arrest comes amid numerous recent reports about an increase in cyber-enabled espionage involving China-backed actors. It suggests that little has changed in the three years since China signed an agreement with the US to refrain from backing such activity.

"This case is not an isolated incident," said John Demers, assistant attorney general for the US Department of Justice's National Security division, in a statement announcing the arrest. "It is part of an overall economic policy of developing China at American expense."

In charges announced Wednesday, the DoJ accused Yanjun Xu, an operative of China's Ministry of State Security (MSS), with economic espionage involving theft of trade secrets from GE Aviation and other leading US aviation companies.

The charges, filed in federal court in the Southern District of Ohio, allege that Yu and other unnamed conspirators working on behalf of the Chinese government systematically targeted companies inside and outside the US that are considered leaders in the aviation industry.

The alleged activity started in December 2013 and continued through April of this year, when Yu was arrested in Belgium after he traveled there to meet with an engineer from GE Aviation. Yu has since been extradited to the US, where he faces up to 15 years in federal prison if convicted on the espionage charges.

Court papers related to the case describe Yu as the deputy division director with the MSS's Jiangsu State Security Department. One of Yu's responsibilities in that role was to obtain technical information, including trade secrets from aviation and aerospace companies around the world.

In carrying out that mission, Yu would often use aliases and represent himself as being associated with the Jiangsu Science & Technology Promotion Association (JAST). He would target expert engineers at aviation companies and recruit them to travel to China to ostensibly deliver university presentations on aviation technology-related topics.

Going After GE Aviation's Material Design Technology
One of the engineers Yu targeted worked at GE Aviation. Yu contacted the individual in March 2017 and invited the engineer to deliver a presentation at China's leading Nanjing University of Aeronautics and Astronautics (NUAA). In discussing what to present, Yu instructed the engineer to give a report on certain key GE Aviation engine structure design analysis and manufacturing technology.

On one occasion, the engineer travelled to China and gave a presentation at NUAA, for which the engineer was later reimbursed $3,500 for travel and other expenses.

In subsequent communications with the same engineer, Yu tried to extract much more detailed information, including some highly proprietary information on the composite materials used in GE Aviation's fan blades and fan blade encasements. GE Aviation is the only company using the technology, which it spent billions of dollars in developing, the court papers said.

Though the engineer explicitly informed Yu that the information he was seeking involved commercial secrets, Yu persisted in asking for the information. He instructed the engineer on how to send him a copy of the file directory on the engineer's GE-issued computer. The engineer followed Yu's instructions for sorting and saving the file directory, resulting in a complete menu of all the files on the engineer's system. The engineer then sent the file to Yu, as instructed, but it was heavily edited to remove all sensitive information – and with GE Aviation's knowledge and approval.

The court documents also show that Yu targeted at least two other unnamed US aviation companies. The information he sought to obtain from these companies included materials related to electric landing gear and electric jet braking and data pertaining to a technology for aerial refueling of military aircraft.

Yu's arrest is sure to focus attention once again on China's state-backed espionage activity, an issue that the US government has previously raised at the highest levels. Yu is, in fact, the second Chinese citizen to be recently arrested. In September, law enforcement in Chicago arrested Ji Chaoqun on charges related to a conspiracy to steal information by recruiting Chinese nationals working as engineers and scientists for US firms, including military contractors.

In 2015, former President Barack Obama and Chinese counterpart Xi Jinping signed a much touted cyber agreement aimed at reducing some of the mounting tensions over the issue. The agreement calls for appropriate norms for state behavior in cyberspace and for both sides to refrain from knowingly supporting or conducting cyber-enabled theft of intellectual property.

The agreement came months after Obama issued an executive order that gave the US Treasury Department the authority to freeze all US-based property and assets of persons and entities that engage in cyber espionage on behalf of another country.

Three years later, little has changed. A recent report from CrowdStrike showed a sharp uptick in targeted intrusion attempts by China-backed actors against US companies in industries including defense, biotech, and pharmaceuticals. China-based entities, in fact, were behind 40 of the 70 or so targeted intrusions in the first half of this year that CrowdStrike was able to attribute.

"China is back as the most prolific nation-state actor conducting industrial espionage via cyber and non-cyber means," said Dmitri Alperovitch, co-founder and CTO of CrowdStrike, in a statement. "We believe China poses a long-term and strategic threat to the global economy, and today's arrest of a senior MSS officer responsible for industrial espionage is an important deterrence tool."  

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
timwessels
50%
50%
timwessels,
User Rank: Strategist
10/17/2018 | 10:21:06 PM
Espionage the old fashioned way
Well, in an era when everyone is working to defend against electronic intrusion into private networks to steal intellectual property, a Chinese military intelligence officer was apprehended in Belgium and extradited to the US to face charges for conducting old-school espionage. To do this means finding someone who works in an industry where you want to steal a company's intellectual property for your own commercial purposes. Groom them by inviting them to conferences in China to deliver technical presentations and meet with Chinese engineers, etc. Stay in touch with them and begin asking more pointed questions about how certain designs or processes you are interested in and see if they will eventually tell you or give you what you want to know. I think back in the day it was called "social engineering" and it doesn't look like it has gone completely out of style.

 
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12420
PUBLISHED: 2019-12-12
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
CVE-2019-16774
PUBLISHED: 2019-12-12
In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver.
CVE-2018-11805
PUBLISHED: 2019-12-12
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf ...
CVE-2019-5061
PUBLISHED: 2019-12-12
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table att...
CVE-2019-5062
PUBLISHED: 2019-12-12
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of...