Skip to main content

The Globe and Mail

China denies role in cyberhack that stole U.S. military aircraft secrets

Su Bin, shown in an image from court documents. In September, a Canadian judge ordered Mr. Su extradited, but he remains in Vancouver pending an appeal to be heard later this year.

Beijing's foreign ministry is denying that Chinese soldiers engaged in a cyberespionage campaign that stole secrets related to U.S. military aircraft.

The remarks were made Friday, after The Globe and Mail reported this week that U.S. prosecutors believe two Chinese military officers aided a Chinese citizen residing in Vancouver with a hacking scheme. The three suspects are alleged to have plundered engineering documents related to F-35s, F-22s and C-17s, which the Pentagon has been building in partnership with contractors such as Lockheed Martin and Boeing Co.

At a time when Prime Minister Justin Trudeau is pledging to strengthen bilateral relations with Beijing, the allegations have the potential to exacerbate Canada's long-standing security concerns over China. Mr. Trudeau, whose long-term goal is to establish a free-trade arrangement with Beijing, is expected to lead a high-level trade mission to China in March.

Story continues below advertisement

The allegations of state-backed cyberespionage were made in a U.S. Department of Justice document; The Globe and Mail obtained it after making an application to British Columbia Supreme Court, which is overseeing an extradition proceeding started in June, 2014, when 50-year-old Chinese aviation entrepreneur Su Bin was arrested in his adopted city.

Unlike the original documents that were published for public consumption against Mr. Su, the USDOJ "book of record" filed in the Vancouver court explicitly alleges that two "Chinese military officers" had key roles in the scheme. In the original charging documents, they were referred to publicly only as two people in China "affiliated with multiple organizations and entities."

Governments, intelligence agencies and multinational corporations in the West frequently accuse Chinese entities – including the People's Liberation Army and independent arm's-length hackers – of the rampant theft of military secrets and commercial intellectual property. Yet, such allegations are rarely made in specific cases, given how they can be very hard to prove and also rankle relations with what is now the world's biggest economy.

China publicly denies its agents engage in any kind of cyberespionage – including in the ongoing case against Mr. Su. "Chinese government agencies and military object to and never conduct any kind of network-hacking operation," a foreign ministry spokesman, Hong Lei, told a press conference in Beijing on Friday. He described accounts of Chinese military officers being involved in the Su Bin case as being groundless and fabricated. He added that China is watching Mr. Su's case closely and demands "that Canada abide by the terms of the agreements of consular affairs between China and Canada and guarantee the legal rights of Chinese citizens."

Last September, the extradition case against Mr. Su was found to be strong enough to warrant sending him from Canada to the United States for prosecution. He remains in Vancouver, however, as he appeals.

The evidence is almost wholly drawn from e-mail exchanges that Mr. Su allegedly had on his Gmail and Hotmail accounts with the two individuals in China. The U.S. Federal Bureau of Investigation alleges these exchanges show he helped focus the energies of the two Chinese "co-conspirators" by telling them which people, databases and documents to target.

"The e-mail records also demonstrate that 'Co-con1' and 'Co-con2' were Chinese military officers," according to the documents.

Story continues below advertisement

They add: "On Oct. 30, 2012, Co-con1 sent an e-mail attaching an image that was a photo of his Chinese military identification showing his photograph, name, rank, military unit, and year and month of birth." They go on to say that U.S. detectives also know the identity of "Co-con2" and that they have a photograph of him and another person "both wearing Chinese military uniforms."

U.S. prosecution documents say the gravity of Mr. Su's alleged crimes is severe, given that he is believed to have given hacking advice "to a foreign power, and specifically to Co-con1 and Co-con2 as Chinese military officers located in China."

This is not the first time Chinese cyberespionage has been an issue in Canada.

In the summer of 2014, former Conservative prime minister Stephen Harper publicly alleged China had hacked the Canadian government's cutting-edge science agency, the National Research Council.

This rebuke broke with Ottawa's long-standing protocol not to name names in the world of cyberespionage. Documents obtained by The Globe earlier in 2014, for example, show that Canadian spymasters were urged not to publicly point fingers at China when asked questions such as "What was the impact of the alleged Chinese cyberattacks against TBS [Treasury Board Secretariat] and the Department of Finance in early 2011?"

On Friday, the Chinese embassy in Ottawa sent a letter to The Globe, echoing the remarks made by the foreign ministry official in Beijing. It was sent in the name of Counsellor Yang Yundong, who was not available for an interview.

Story continues below advertisement

"The alleged involvement of Chinese soldiers in the theft of U.S. military secrets is a groundless accusation made with ulterior motives," the message said.

The co-conspirators

Prosecution “books of record,” recently released by a Vancouver court to The Globe and Mail, make explicit Chinese military ties that were not publicly alleged when a rare cyberespionage prosecution was launched in 2014. Two Chinese government soldiers stand accused of being part of a hacking conspiracy allegedly carried out by a Chinese resident of Canada, as part of a scheme to steal secrets relating to components of F-35s and other American war jets.

  1. The e-mail records also demonstrate that Co-con1 and Co-con2 were Chinese military officers. For example:
    1. On October 20, 2012, Co-con1 sent an email attaching an image that was a photo of his Chinese military identification showing his photograph, name, rank, military unit, and year and month of birth.
    2. On March 19, 2012, Co-con2 received an e-mail with a copy of his own Hong Kong identification showing his name, date of birth, and photograph. On June 28, 2012, Co-con1 sent an e-mail to himself with the subject line of "Boss" attaching a photograph. That photograph show both Co-con2 (the person was the same person that appeared in the Hong Kong identification card) and another person both wearing Chinese military uniforms.
    3. The "C-17 Report" referred to in the ROC at paragraph 14, which Co-con1 sent Co-con2 on August 13, 2012, included, among the other statements noted in paragraph 14(a), the statement that "we" made "important contributions tp our national defense scientific research development."3
— Record of the case for prosecution, August 21, 2014 (p. 45).
Certification of Record of the Case for Prosecution (PDF)
Report an error Licensing Options
About the Author
National security reporter

Focusing on Canadian matters during the past decade, Colin Freeze has reported extensively on the interplay between government, police, spy services, and the judiciary. Colin has twice been to Afghanistan to be embedded with the Canadian military. More


The Globe invites you to share your views. Please stay on topic and be respectful to everyone. For more information on our commenting policies and how our community-based moderation works, please read our Community Guidelines and our Terms and Conditions.

We’ve made some technical updates to our commenting software. If you are experiencing any issues posting comments, simply log out and log back in.

Discussion loading… ✨