Su Bin, a Chinese national accused of hacking into the network of defense contractor Boeing, was denied bail during a preliminary hearing in British Columbia Supreme Court on July 23, according to media reports.
Canadian authorities arrested Su, the 48-year-old owner of Beijing-based Lode Technologies, on June 28 in response to a criminal complaint filed by the U.S. Department of Justice. Unsealed in early July, the 50-page complaint and affidavit accuses Su, also known as Stephen Su or Stephen Subin, of working with two Chinese nationals to target technology firms in the United States and Europe, with an aim at selling the information stolen by the hackers.
The complaint links Su to two uncharged co-conspirators, dubbed UC1 and UC2, who appeared to work together to compromise technology companies and steal data. In early 2009, the group began to target Boeing and seek information on a variety of projects, including an advanced air transport known as the C-17, with Su allegedly helping his partners target the most valuable technology at a variety of firms.
“Su directed UC1 on who and what to target and UC1 later claimed to have successfully exfiltrated data from that target,” Noel Neeman, a special agent of the FBI, wrote in a complaint.
The affidavit includes email messages between Su and his partners that demonstrate the great lengths that the group went through to avoid implicating the Chinese government in its hacking operations.
“In order to avoid diplomatic and legal complications, surveillance work and intelligence collection are done outside China,” UC1 reported to UC2 in a translated email partially included in the complaint. “The collected intelligence will be sent first by an intelligence officer via a pre-ordered temporary server placed outside China or via a jump server which is placed in a third country before it finally gets to the surrounding regions/area or a workstation located in Hong Kong or Macau.”
Other email messages included in the affidavit seem to indicate that a much larger group exists in China to support the operation.
“After a few months’ hard work and untiring efforts, through internal coordination [we] for the first time broke through the internal network of the Boeing Company in January 2010,” UC1 reported to UC2 in an email partially included in the complaint that suggests that UC1 actually worked within a group of hackers.
The United States has taken a hardline stance on Chinese economic cyber-spying. In May, the U.S. indicted five Chinese military personnel for hacking into U.S. corporate systems. At the same time, however, the U.S. government has attempted to reach out and develop international norms for cross-border hacking.
The United States considers cyber-operations that appear to target businesses for economic gain as crime, not a legitimate national security issue.
“That’s an economic problem as well as a bilateral problem, and that kind of behavior risks undermining the support for the U.S.-China relationship among the U.S. and international business community,” Assistant Secretary of State Daniel Russel told the Associated Press in June. “It’s a problem we believe the Chinese must and can address.”
Su’s company, Lode Technologies, is an aviation technology firm based in Beijing, China, with an office in British Columbia.