The case of a Chinese entrepreneur accused of directing an effort to steal secrets about the Pentagon’s jet-fighter technology sheds new light on how foreign hackers cover their tracks, and why Canada feels it may be necessary to invade people’s privacy to stop them.
U.S officials have charged Beijing-based businessman Su Bin, an aerospace engineer with permanent residency status in Canada, of directing an espionage conspiracy in which he told two China-based hackers how to infiltrate the computer systems of Boeing Co. and other military contractors.
Documents filed as part of a U.S. bid to extradite the 48-year-old do not name the foreign hackers, but the case’s intercepted e-mails highlight the mechanics of modern espionage.
Court documents filed in the extradition case say the hackers created a global network of compromised computers that served as a traceless conveyor belt for stolen secrets.
“In order to avoid diplomatic and legal complications, surveillance work and intelligence collection are done outside China,” the court documents quote the hackers as saying in an e-mail exchange.
E-mails in the court filings show the two unnamed hackers frequently discussed best practices, including their strategy of relaying cyberattacks through a series of computers they infiltrated in several countries. Such infected computers are referred to by information technology experts as “hop points.”
“A hop point is used to conceal the true origin of commands being sent to a victim computer,” reads a U.S. government affidavit in the case.
The documents say the hackers set up a hop-point pathway involving computers in Singapore, Korea and, finally United States, so that the attacks would have appeared to have had a U.S. origin.
The documents say stolen data were similarly routed to servers in Hong Kong or Macao. Data allegedly passed from hand to hand after that: “The intelligence is always picked up and transferred to China in person.”
Such espionage is increasingly regarded as a threat to the West. So much so that spymasters in Canada and allied countries have been angling for greater latitude to look at some citizens’ communications patterns.
The hope, as it was with terrorism cases, is that having access to a large amount of data will turn up foreign adversaries. But it may be getting more difficult to obtain such big-picture views.
Earlier this summer, the Supreme Court said in a ruling that Canadians’ Internet activity is private. Since then, some communications companies have said they will demand warrants for any kind of information exchange with governments and intelligence agencies.
Mr. Su will out find on Wednesday in a Vancouver court whether he will get bail.