nito - Fotolia

US jails Chinese businessman in military hacking case

Two years after his arrest in Canada for cyber spying on US military aircraft, a Chinese businessman has been jailed by a US court for nearly four years

The US has jailed a Chinese national for nearly four years after he admitted conspiring to hack into the computer systems of major US defence contractors to steal military hardware secrets.

The 50-year-old man, Su Bin, was arrested while working in Canada in 2014 and extradited to the US to stand trial.

At the time, the US assistant attorney general for national security, John Carlin, said the case sent a strong message that stealing from the US and US companies has a significant cost.

“We can and will find these criminals and bring them to justice,” he said in a statement.

Su initially faced up to 30 years in jail, according to news service, but that was reduced to a maximum of five years and a fine of $250,000 after he agreed to enter a guilty plea in March 2016.

Su ran a Chinese aviation technology company with an office in Canada and was in the process of applying for Canadian citizenship when he was arrested.

The man, who used the aliases Stephen Su and Stephen Subin, is believed to have been working for “commercial gain” with a Chinese hacking group seeking data relating to military aircraft.

Read more about US-China cyber relations

Su admitted working with people in China between October 2008 and March 2014 to gain unauthorised access to computer networks in the US.

The targeted networks included some in California belonging to military contractor Boeing.

Su is believed to have helped the hacking group in China by advising them on what companies and files to target and translating the stolen data before emailing it to the group in China.

The stolen data included blueprints of F-35 and F-22 fighter jets and technical data relating to Boeing's C-17 military cargo plane.

A US district court judge in Los Angeles sentenced Su to 46 months in jail and fined him $10,000.

Accusations routine

The US has routinely accused hackers based in China of attacking US businesses and government agencies, while China has accused US hackers of targeting China.

In June 2013, whistleblower Edward Snowden said that the US had hacked hundreds of targets in China as part of more than 61,000 NSA hacking operations worldwide.

On 25 September 2015, US president Barack Obama and Chinese president Xi Jinping agreed that neither government would support the cyber theft of intellectual property.

One step forward, two steps back

The agreement appeared to be making progress, with reports that China had arrested a number of Chinese hackers at the request of the US. However, just one month later, the US security company CrowdStrike claimed that hackers linked to the Chinese government had attempted to hack into at least five US technology and two pharmaceutical companies.

CrowdStrike said the attacks came from several groups, including one previously identified as Deep Panda, and used attack software previously seen in attacks on US defence contractor VAE and health insurer Anthem.

A report published in July 2015 claimed the same Chinese hackers were behind the attacks on Anthem, United Airlines and the US Office of Personnel Management (OPM).

Since then, US authorities have expressed strong determination to pursue groups engaged in cyber espionage against US companies.

Read more on Hackers and cybercrime prevention