China obtained more than 50 terabytes of data from U.S. defense and government networks,
Notably the Joint Strike Fighter’s stealth radar and engine secrets, through cyber espionage, according to newly disclosed National Security Agency documents.
A NSA briefing slide labeled "Top Secret" and headlined "Chinese Exfiltrate Sensitive Military Data," states that the Chinese have stolen a massive amount of data from U.S. government and private contractors.
The document was made public by the German magazine Der Spiegel in a two articles detailing how NSA in the mid-2000s was capable of conducting global cyber intelligence-gathering by tapping into the networks of foreign intelligence services and stealing the data they were collecting from others.
The unique capability of spying on the spies was described in a series of documents that were stolen in 2013 by former NSA contractor Edward Snowden, currently a fugitive in Russia.
For the F-35, according to NSA the Chinese were able to obtain digital design information on several different types of radar modules used by the fighter.
Northrop Grumman, the jet’s manufacturer, built the AN/APG-81 active, electronically scanned array radar for the F-35. The high-tech radar uses small, solid-state transmitter and receiver modules that allow the jet to avoid detection by enemy radar, a key stealth feature.
Another Northrop radar on the F-35 is the AN/AAS-37 electro-optical distributed aperture system the company says provides pilots with "unique protective sphere around the aircraft for missile warning, navigation support, and night operations," according to Northrop’s website.
On F-35 engine schematics, the Chinese stole data on the methods used by the turbine to cool gases, along with leading and trailing edge engine treatments and engine heat reduction data—also key elements of its stealth design.
By learning the secrets, the Chinese were able to include the design and technology in Beijing’s new stealth jet, the J-20. The secret also could allow Chinese air defenses to target the F-35 in a future conflict.
The NSA estimated in the briefing slide that the Chinese had conducted more than 30,000 cyber attacks as part of the massive defense industrial espionage, and that more than 500 attacks were "significant intrusions in DoD systems."
More than 1,600 network computers were penetrated and at least 600,000 user accounts were compromised, the undated slide stated, noting that the damage from the Chinese cyber spying was assessed to be more than $100 million, mainly in costs for rebuilding networks.
Other losses to Chinese cyber spies included the air refueling schedules of the U.S. Pacific Command, the military command that would be engaged in any future conflict with China.
The refueling schedules could reveal to the Chinese how Pacific Air Forces conduct operations in wartime and how they are supported in military operations over long distances of the Pacific.
China also stole data on the U.S. Transportation Command’s Single Mobility System. The network system is used by Transcom to plan missions for sending military troops and equipment by aircraft, ship, road, and rail in military operations.
Knowing details contained in the database could allow the Chinese to disrupt or sabotage Transcom’s critical support missions during a conflict or crisis.
The NSA also revealed that the Air Force’s networks were infiltrated by Chinese hackers, an attack that resulted in the loss of 33,000 records for general and field grade officers.
Navy losses to Chinese hackers included data on missile navigation and tracking system, nuclear submarine and anti-aircraft missile design and over 300,000 user identification and passwords.
The Chinese also obtained sensitive science and technology data controlled for export from U.S. networks, including International Traffic and Arms Restrictions (ITAR) secrets, and contractor research and development.
In all, the NSA concluded that the Chinese compromised key weapons systems including the F-35, the B-2 bomber, the F-22 fighter-bomber, the Space Based Laser, and other systems.
The amount of stolen data was "the equivalent of five Libraries of Congress (50 terabytes)," the NSA said. A terabyte is 1,000 gigabytes.
The slide appeared to be part of a briefing for the NSA’s "Sigint Development" division on how to prevent foreign spies from inserting malicious software into the weapons design process.
The slide indicated that the NSA planned to use Signals Intelligence-enabled countermeasures to counter enemy network intrusions.
A separate NSA document outlined a Chinese cyber spying operation code-named "Byzantine Hades" that included 12 coded subcategories. These included "Byzantine Candor," a subgroup concentrated on the Defense Department, commercial oil deals, and current geopolitical and economic events.
Other elements of the operation included cyber spying on Congress, weapons contractors, the National Aeronautics and Space Administration, and the Energy Department, which is in charge of building nuclear weapons and developing advanced technology.
The "Byzantine Foothold" subgroup was used to target Transcom and the Pacific Command as well as defense contractors.
In "Byzantine Candor" cyber attacks, the Chinese used Facebook as a command and control point for planting malware. One NSA slide showed that victims who unwittingly accessed a Facebook page through an email would end up with their computers under the remote control of the Chinese.
The report said that in late October 2009 the NSA was able to penetrate a Chinese hacking "virtual machine" that was linked to the 3rd Department of the People’s Liberation Army General Staff Department, the Chinese NSA known as "3PLA."
The Justice Department last May indicted five PLA hackers for their roles in a major cyber espionage operation against American companies and a labor union.
A third NSA document revealed that NSA and its Tailored Access Operations unit, which conduct cyber attacks, engages in "remote subversion." Those include foreign network penetrations, "on-net" access operations, and software implantation.
The Der Spiegel documents were partially redacted, an indication the news organization coordinated publication of the documents with authorities.
The Washington Free Beacon disclosed in March that Chinese cyber espionage against the F-35 was so successful that U.S. intelligence agencies believe that the stolen secrets were used to build China’s new J-20 stealth jet.
The cyber spying was carried out by a Chinese military unit called the Technical Reconnaissance Bureau, located in the Chengdu province.
Photo comparisons of the F-35 and J-20 revealed remarkable similarities between the two aircraft.
Chinese Foreign Ministry spokesman Hong Lei dismissed the documents’ disclosures that China stole F-35 secrets.
"The so-called evidence that has been used to launch groundless accusations against China is completely unjustified," Hong told reporters Jan. 19.
A Chinese spy is extradited to the U.S. after stealing technology secrets
In a first, federal agents lured a Chinese government spy to Belgium, where authorities transferred him this week to the United States for prosecution on economic espionage charges, U.S. officials said Wednesday.
Yanjun Xu, a senior officer with China’s Ministry of State Security (MSS), is accused of seeking to steal trade secrets from leading aviation firms, top Justice Department officials said. His capture helps vindicate law enforcement officials who have faced criticism in recent years that indictments of foreign operatives are unlikely to result in the defendants setting foot in a courtroom.
Current and former officials said Xu’s extradition is apparently the first time a Chinese government spy has been brought to the United States to face charges.
The announcement comes as the Trump administration has significantly escalated its rhetoric against China amid a trade war and general worsening of relations between the world powers. Last week Vice President Pence accused Chinese security agencies of masterminding the “wholesale theft of American technology.”
Justice Department officials said the indictment is the latest example of China seeking to develop its economy at the expense of American firms and know-how. Though China has often used computer hacking to filch secrets, this case relied on traditional espionage techniques, including the attempted recruitment of corporate insiders.
In 2018, many Venezuelans fled a crumbling economy. The man critics blame for the crisis, President Nicolás Maduro, is slated to rule for six more years. (Jason Aldag/The Washington Post)
“No one begrudges a nation that generates the most innovative ideas and from them develops the best technology,” Assistant Attorney General for National Security John Demers said. “But we cannot tolerate a nation stealing our firepower and the fruits of our brainpower. We will not tolerate a nation that reaps what it does not sow.”
Xu, also known as Qu Hui and Zhang Hui, was charged with conspiring and attempting to commit economic espionage and steal trade secrets from multiple U.S. aviation and aerospace companies. The indictment and complaint were unsealed Wednesday — the same day Xu appeared in federal court in Cincinnati.
“This case shows that federal law enforcement agencies cannot only detect and disrupt espionage, but can also catch its perpetrators,” said U.S. Attorney for the Southern District of Ohio Benjamin C. Glassman.
The MSS is a civilian spy agency responsible for counterintelligence, foreign intelligence and domestic political security. It was implicated in the hack of a U.S. Navy contractor developing undersea warfare capabilities, including secret plans to build a supersonic anti-ship missile for use on U.S. submarines by 2020.
Xu is a deputy division director with the Jiangsu Province Ministry of State Security, a provincial arm of the MSS.
“If not the first, this is an exceptionally rare achievement — that you’re able to catch an espionage operative and have them extradited to the United States,” said John Carlin, a former assistant attorney general for national security. “It significantly raises the stakes for China and is a part of the deterrence program that some people thought would never be possible.”
Beginning in December 2013 and continuing until his April 1 arrest in Belgium, Xu targeted experts working for aeronautics companies inside and outside the United States, including Cincinnati-based GE Aviation, officials said. GE Aviation has spent decades developing its unique jet engines and fan blades.
Xu recruited experts to travel to China, often under the guise of asking them to deliver a university presentation and passing himself off as an official with the Jiangsu Science and Technology Promotion Association.
Xu often exchanged information with individuals at Nanjing University of Aeronautics and Astronautics, one of the top engineering schools in China, which has significant influence over the country’s aerospace industry, according to court documents.
GE Aviation cooperated with the FBI early on in the investigation, which dates back more than a year, officials said. A spokesman for GE said Xu targeted a former employee, characterizing the impact as minimal “thanks to early detection.”
According to the indictment, in March 2017 a deputy director at the university, described as an unindicted co-conspirator, began emailing with an engineer at GE Aviation and asked him to come to China for an “exchange.” In May and June of 2017, the engineer went to China, met Xu, who claimed to be from the science and technology association. The engineer put five corporate documents on his personal laptop, which he brought to the presentation, according to WCPO, an ABC News affiliate in Cincinnati, citing an FBI affidavit for a search warrant in the case.
In February, Xu began discussing with the engineer the possibility of meeting in Europe during one of the engineer’s business trips, the indictment said. Xu asked the engineer to create a directory of files on his work computer and send a copy to him. Impressed, Xu in March asked the engineer if it was possible to “dump” the material from his laptop to a thumb drive when the two met in Belgium, the indictment said.
Belgian authorities cooperated with the investigation, U.S. officials said.
Xu’s case is linked to the arrest last month of Ji Chaoqun, 27, a Chinese citizen living in Chicago, according to individuals familiar with the matter. Ji was accused of passing information on eight Americans to Chinese intelligence officers for possible recruitment.
Ji targeted individuals in science and tech industries, seven of whom worked for or recently retired from U.S. defense contractors. All were naturalized U.S. citizens born in Taiwan or China.
Ji arrived in the United States in 2013 to study electrical engineering at the Illinois Institute of Technology in Chicago, and in 2016 enlisted in the U.S. Army Reserve under a special program to recruit foreigners whose skills are seen as vital to the national interest.
Wbat Chinese agents can't get from America, they will steal from Russia.
And already have!
But Russian won't do anything about that, China is the #1 ally.