Su Bin is facing five years in prison for his role as ringleader in one of the most elaborate and daring hacking operations uncovered in North America.
The 50-year-old Chinese citizen, who also held permanent residency in Canada, pled guilty this week after more than two years of legal proceedings. He copped to funneling information, with the cooperation of Chinese military officials, back to Beijing.
Su's life in Canada did little to arouse suspicion. He had a wife and two kids. He ran his own business — Lode Technologies, based in Beijing, but with an office in Vancouver. Quietly, he was the center of an international hacking organization that stole highly sensitive information from some of the world's most powerful defense companies.
"Su Bin admitted to playing an important role in a conspiracy, originating in China, to illegally access sensitive military data, including data relating to military aircraft that are indispensable in keeping our military personnel safe," said Assistant Attorney General Carlin in a statement.
He was extradited from British Columbia last year, after unsuccessfully fighting his removal from Canada, and appeared in a California courtroom on Wednesday to enter his plea. His conviction could lead to his deportation back to China.
Su was the North American arm of a three-pronged organization. Two officers from the Chinese military looked after most of the technical aspects of the operation, while Su appeared to handle the business side of things. Neither of the two officers appear to be facing charges in their home country, and haven't been named by the American Justice Department or the FBI.
The scheme worked like this: one of the military officers would send phishing emails to individuals at the target companies, usually purporting to be from a colleague or someone else in the industry. Once getting the employee to a website under their control, they can link their own system and begin installing malware, which gives them remote access to the directories containing the trade secrets, and allow them to worm into other sections of the company's network.
Once they were in the systems, they would copy the file directories and send them to Su, who would direct the officers on which folders and files to grab, translate the files into Chinese, and produce reports about the technology and information stolen from the systems.
"The intelligence is always picked up and transferred to China in person."
Su "engaged in this conduct for the purpose of commercial gain, and specifically sought to profit from selling the data," his plea agreement reads. During the conspiracy, Su repeatedly sold this information to state-run Chinese companies for cash.
The FBI do not reveal just how much Su made, but some emails obtained from Su read that he was hoping for "big money" from the sales, but also contain emails between the three arguing about the sale of the data — "they are too stingy!" Su wrote to one of the officers of a major Chinese aircraft manufacturer.
One report reads that the "mission" had, over the course of a year, made "important contributions to our national defense scientific research development." In other reports, they write that the stolen information on the F-22 fighter jet will let them "rapidly catch up with US levels" and "stand easily on the giant's shoulders."
The data being stolen was proprietary to the defense companies and was strictly forbidden from being exported.
More than just technical data, the triumvirate also honed in on individuals.
In one 2009 email, with the subject line "Target," Su emailed one of the military officials the names, phone numbers, and positions of various American and European defense executives.
Other emails appear to contain technical data about aircraft, such as the Boeing's C-17 strategic transport aircraft. Another contains details on a flight test for another American military aircraft.
The C-17 is currently in use in a half-dozen other militaries, including Canada, Australia, the United Kingdom, India, and NATO's air force.
According to Su's indictment, he managed to steal 630,000 files from Boeing's system, totalling some 65 gigabytes of data, from 2010 onwards. A report prepared by the hackers reads that "experts inside China have a high opinion" about the data on the C-17, and that they "were the first ever seen in the country."
He also managed to grab volumes of data relating to the F-22 and F-35 fighter jets, both of which are made by Lockheed Martin. The latter of the two is facing stiff criticism amid a struggling procurement process involving both America and Canada.
The hackers also targeted the Taiwanese military, obtaining "military maneuvers, warfare operation plans, strategic targets, espionage activities and so forth," according to Su's emails.
The hackers' immodesty may have been part of their downfall. In 2011, one of the Chinese officers emailed the other, attaching a report running through the success of their operation. It serves as a virtual confession of the entire operation.
The report included a list of "past achievements," bragging that they had obtained access to one company's File Transfer Protocol (FTP) and stole 20 gigabytes of data from it.
It went on to say that their hack had "collected a large amount of information and mailboxes of that targeted relevant personnel," regarding a development project for unmanned aerial vehicles, or drones. "We have also obtained the password for the customer management system of the supplier," the email goes on. "And controlled the customer information of that company."
The report boasts that the three had gained the ability to control the website of a company that made the "missile developed jointly by India and Russia" but, at the time of the email, had yet to do so.
The operation was complex, and expensive. The team said that they had servers set up in the United States, Korea, Singapore, and elsewhere to serve as "hop points," which act as intermediaries to mask the attacking computer's IP address. The hackers also had work stations in Hong Kong and Macao, in order to "avoid diplomatic and legal complications.
"The intelligence is always picked up and transferred to China in person," the hackers wrote. It also added that they undertook increasingly-serious counter-reconnaissance work "to ensure the secure obtainment of intelligence." The report extensively details the sort of activities the hackers took to avoid detection. They note that this was not cheap.
Su's eventual indictment notes that he and his cohorts may have exaggerated the success of this effort to a degree, and even the FBI officers were skeptical that he had managed to steal as much information as he claimed. In his plea agreement, however, Su admits he did, in fact, obtain and sell secret data from those companies.
As part of the sentencing agreement, Su agreed to turn over all data he stole from the American contractors, and agreed to have the Canadian courts send all the information they had seized from Su to America.