Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/11/2018
05:50 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Chinese Intelligence Officer Under Arrest for Trade Secret Theft

Yanjun Xu attempted to steal data on advanced aviation technology that GE Aviation, among others, had spent billions developing.

US authorities have arrested a Chinese intelligence officer for attempting to steal trade secrets that would have helped China unfairly advance in the aviation and aerospace sectors.

The arrest comes amid numerous recent reports about an increase in cyber-enabled espionage involving China-backed actors. It suggests that little has changed in the three years since China signed an agreement with the US to refrain from backing such activity.

"This case is not an isolated incident," said John Demers, assistant attorney general for the US Department of Justice's National Security division, in a statement announcing the arrest. "It is part of an overall economic policy of developing China at American expense."

In charges announced Wednesday, the DoJ accused Yanjun Xu, an operative of China's Ministry of State Security (MSS), with economic espionage involving theft of trade secrets from GE Aviation and other leading US aviation companies.

The charges, filed in federal court in the Southern District of Ohio, allege that Yu and other unnamed conspirators working on behalf of the Chinese government systematically targeted companies inside and outside the US that are considered leaders in the aviation industry.

The alleged activity started in December 2013 and continued through April of this year, when Yu was arrested in Belgium after he traveled there to meet with an engineer from GE Aviation. Yu has since been extradited to the US, where he faces up to 15 years in federal prison if convicted on the espionage charges.

Court papers related to the case describe Yu as the deputy division director with the MSS's Jiangsu State Security Department. One of Yu's responsibilities in that role was to obtain technical information, including trade secrets from aviation and aerospace companies around the world.

In carrying out that mission, Yu would often use aliases and represent himself as being associated with the Jiangsu Science & Technology Promotion Association (JAST). He would target expert engineers at aviation companies and recruit them to travel to China to ostensibly deliver university presentations on aviation technology-related topics.

Going After GE Aviation's Material Design Technology
One of the engineers Yu targeted worked at GE Aviation. Yu contacted the individual in March 2017 and invited the engineer to deliver a presentation at China's leading Nanjing University of Aeronautics and Astronautics (NUAA). In discussing what to present, Yu instructed the engineer to give a report on certain key GE Aviation engine structure design analysis and manufacturing technology.

On one occasion, the engineer travelled to China and gave a presentation at NUAA, for which the engineer was later reimbursed $3,500 for travel and other expenses.

In subsequent communications with the same engineer, Yu tried to extract much more detailed information, including some highly proprietary information on the composite materials used in GE Aviation's fan blades and fan blade encasements. GE Aviation is the only company using the technology, which it spent billions of dollars in developing, the court papers said.

Though the engineer explicitly informed Yu that the information he was seeking involved commercial secrets, Yu persisted in asking for the information. He instructed the engineer on how to send him a copy of the file directory on the engineer's GE-issued computer. The engineer followed Yu's instructions for sorting and saving the file directory, resulting in a complete menu of all the files on the engineer's system. The engineer then sent the file to Yu, as instructed, but it was heavily edited to remove all sensitive information – and with GE Aviation's knowledge and approval.

The court documents also show that Yu targeted at least two other unnamed US aviation companies. The information he sought to obtain from these companies included materials related to electric landing gear and electric jet braking and data pertaining to a technology for aerial refueling of military aircraft.

Yu's arrest is sure to focus attention once again on China's state-backed espionage activity, an issue that the US government has previously raised at the highest levels. Yu is, in fact, the second Chinese citizen to be recently arrested. In September, law enforcement in Chicago arrested Ji Chaoqun on charges related to a conspiracy to steal information by recruiting Chinese nationals working as engineers and scientists for US firms, including military contractors.

In 2015, former President Barack Obama and Chinese counterpart Xi Jinping signed a much touted cyber agreement aimed at reducing some of the mounting tensions over the issue. The agreement calls for appropriate norms for state behavior in cyberspace and for both sides to refrain from knowingly supporting or conducting cyber-enabled theft of intellectual property.

The agreement came months after Obama issued an executive order that gave the US Treasury Department the authority to freeze all US-based property and assets of persons and entities that engage in cyber espionage on behalf of another country.

Three years later, little has changed. A recent report from CrowdStrike showed a sharp uptick in targeted intrusion attempts by China-backed actors against US companies in industries including defense, biotech, and pharmaceuticals. China-based entities, in fact, were behind 40 of the 70 or so targeted intrusions in the first half of this year that CrowdStrike was able to attribute.

"China is back as the most prolific nation-state actor conducting industrial espionage via cyber and non-cyber means," said Dmitri Alperovitch, co-founder and CTO of CrowdStrike, in a statement. "We believe China poses a long-term and strategic threat to the global economy, and today's arrest of a senior MSS officer responsible for industrial espionage is an important deterrence tool."  

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
timwessels
50%
50%
timwessels,
User Rank: Strategist
10/17/2018 | 10:21:06 PM
Espionage the old fashioned way
Well, in an era when everyone is working to defend against electronic intrusion into private networks to steal intellectual property, a Chinese military intelligence officer was apprehended in Belgium and extradited to the US to face charges for conducting old-school espionage. To do this means finding someone who works in an industry where you want to steal a company's intellectual property for your own commercial purposes. Groom them by inviting them to conferences in China to deliver technical presentations and meet with Chinese engineers, etc. Stay in touch with them and begin asking more pointed questions about how certain designs or processes you are interested in and see if they will eventually tell you or give you what you want to know. I think back in the day it was called "social engineering" and it doesn't look like it has gone completely out of style.

 
Why AI Will Create Far More Jobs Than It Replaces
John DiLullo, CEO, Lastline,  5/14/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11809
PUBLISHED: 2019-05-20
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
CVE-2019-12198
PUBLISHED: 2019-05-20
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.
CVE-2019-12185
PUBLISHED: 2019-05-20
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web r...
CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.