
Feds: Chinese spies orchestrated hack that stole aviation secrets - okket
https://arstechnica.com/tech-policy/2018/10/feds-say-chinese-spies-and-their-hired-hackers-stole-aviation-secrets/
======
exnorrtel
I used to work at Nortel Networks along with 130,000 other people. Nortel went
bankrupt and now everyone who used to work there is fighting for their
pensions. Apparently a major contributor to their downfall was all of the IP
being stolen and sensitive information about deals going down otherwise
exfiltrated by Huawei[1]

People need to get serious about protecting the privacy of their
communications and data. Nobody cares until it is too late. Seems like this
kind of event might be the incentive people need to make the extra effort to
use products that encrypt their data in rest and in motion.

1: [https://www.afr.com/technology/web/security/how-chinese-
hack...](https://www.afr.com/technology/web/security/how-chinese-hack..).

I made this comment earlier on a story about China POPs in Canada and USA
nefariously re-routing traffic through China Telecom networks but that story
was marked as a dupe by the time I made my comment so no discussion ensued.

~~~
kodablah
> Apparently a major contributor to their downfall was all of the IP being
> stolen

If a company is heavily dependent upon existing IP then having it all stolen
will be a major contributor to their downfall. But so is that dependence. Hard
to make suggestions without appearing to victim blame, but companies need to
be able to survive even without secrets.

~~~
oh_sigh
Why? If you follow that standard, you are basically saying that no R&D should
ever be done, because you may just get it stolen and lose any kind of benefit
you would derive from doing the R&D in the first place.

~~~
kodablah
That's not what I'm saying. I'm saying don't build an overly large dependence
on past R&D where resting on those laurels threatens the whole company if
theft occurs.

~~~
DataWorker
Couldn’t the new R&D be stolen as well? It sounds like you don’t like Coca
Cola classic.

------
api_or_ipa
I love reading about the Chinese efforts in developing a modern turbofan
engine. For whatever reason, they just can't build a good medium- or high-
bypass turbofan in-house. They're latest WS-20 is basically a clone of the
CFM-56 and previously they spent decades developing the WS-6 and WS-10 that
never met expectations.

This is a big deal because the Comac 919 is ready to go but without a
powerplant, they're having to turn to Western sources for an engine. The same
thing happened with the J-10 project a decade ago and again recently with the
J-20. Without a reliable powerplant, you can't build good airplanes and you
can't easily reverse engineer a precision turbofan.

~~~
dllu
China also couldn't make a ballpoint pen until last year [1].

I imagine making a modern jet engine is somewhat more challenging than making
a ballpoint pen (both endeavours involve making high precision metal parts).

[1]
[https://www.washingtonpost.com/news/worldviews/wp/2017/01/18...](https://www.washingtonpost.com/news/worldviews/wp/2017/01/18/finally-
china-manufactures-a-ballpoint-pen-all-by-itself/)

~~~
stevenjohns
"Couldn't" is a bit unfair. The article seems to imply that it wasn't from a
lack of trying, but a lack of interest, and a company only took on the
challenge after the issue became considered an issue of national pride and
came to light.

The numbers given suggested that it cost just over $17 million to import the
pen tips to manufacture 38 billion pens. Which puts the cost per tip at
$0.00045/piece.

It's not hard to see why manufacturers wouldn't bother creating a process and
tooling for that if it already exists.

More importantly, the article put emphasis on the idea that once the
government complained about it, something was done quite quickly. Which is
completely different story to a military jet engine, which is being
researched, funded and developed by government-linked organizations.

~~~
dingaling
Indeed, a aviation company ( Miles Aircraft ) in my home town took a license
from Bic in the late _1940s_ to start manufacture of their roller-ball Biro
pen.

I have a hard time believing that China couldn't replicate that technology for
70 years.

------
jerf
When we were discussing the Bloomberg story, I replied a couple of times to
people hypothesizing maybe it was an American government conspiracy to turn
people against China. My reply is that we didn't need to make up such stories,
because we've got plenty of much better sourced ones already. For those who
were wondering, here's an example. It still isn't proof, of course, but I
think we can generally agree it's almost certainly better sourced than the
Bloomberg story, which is all I'm going for here.

~~~
duxup
It wouldn't seem necessary to fabricate such elaborate stories because:

1\. Most Americans aren't paying attention / don't respond to them.

2\. We clearly have a situation where POTUS if he wanted could just make up a
story and get people's attention.

On the other hand stories like this would fit in nicely with state run /
controlled media as the feed could simply be placed where you know it would
get attention (if only because it is exists largely by itself).

------
justicezyx
As an ethical Chinese myself, I'd like to reiterate that this type event is
government-backed. And I am confident that HNers respect the boundary between
Chinese people and the government.

I do want to point out that general Chinese people in mainland China view
these type of activities negatively as well. It should not be thought as the
general people endorse such activities, they were mostly made unaware of
these, as always.

~~~
PakG1
As a foreigner living in China, I can say that the populace is like many other
countries. You have your normal people who don't really keep track of what's
going on, you have your informed people who have informed opinions and realize
that the world is a complicated place, and then you have your crazies who are
filled with distrust of other nations and conspiracy theories in the name of
nationalism and patriotism. There are some people who view these activities as
negative, and there are some people who view these activities as positive, and
there are some people who never even think about it. We must acknowledge there
are many in China who do endorse these activities too, just as there are
people in the US who feel bombing North Korea is the right thing to do. There
is no need to make things look nicer than they are, just as there is no need
to make things look worse than they are.

And ironically, let's face it, every country is doing something in the spy
game, China is not alone in using underhanded methods to steal secrets and
intelligence. And each country can easily spout their justifications too.

~~~
mulmen
I'm not sure what your point is in your last two sentences. Should the US not
defend its interests against foreign powers?

~~~
thereare5lights
OP is saying that the US doesn't have the moral high ground and anyone
spouting off about how badly China is acting is just being asinine since we do
the exact same thing to everyone (and if we weren't then our intelligence
agencies need to get off their asses and do it).

~~~
paulie_a
There is a fine line in spycraft. Stealing secrets from companies for
commercial gain is just pathetic. Can't innovate, just hack it and steal it.

~~~
marcosdumay
When was it that the NSA was caught stealing lists of clients from Embraer and
giving them to Boeing? I can't remember if it was 2015 or 2016...

~~~
xur17
I hadn't heard of this before, but now I'm curious - do you have any more
details on this?

~~~
marcosdumay
It was in 2013. And the international press seems to be much more focused on
Petrobras, where the NSA stole a lot of data than Embraer where it just stole
some emails.

Here's a link:

[https://www.theguardian.com/world/2013/sep/09/nsa-spying-
bra...](https://www.theguardian.com/world/2013/sep/09/nsa-spying-brazil-oil-
petrobras)

------
thrower123
Turnabout is fair game, to some extent. Look at the history of European
porcelain, or tea. There's a fascinating documentary on CuriosityStream about
Robert Fortune, who essentially committed industrial espionage for the East
India Company and obtained samples and processes to kickstart tea production
outside of China.

[https://curiositystream.com/video/1746/tea-war-the-
adventure...](https://curiositystream.com/video/1746/tea-war-the-adventures-
of-robert-fortune)

------
TACIXAT
It is a really interesting shift from throwing spies out of the country to
criminally indicting them. I wonder if we will see similar indictments brought
against US agents in the future.

~~~
nradov
Nothing has shifted. Spies without diplomatic immunity have always been
criminally prosecuted. Often they're held in prison for a while, then quietly
repatriated in return for one of our spies or some other political concession.

~~~
zip1234
China doesn't do that: [https://www.businessinsider.com/how-china-found-cia-
spies-le...](https://www.businessinsider.com/how-china-found-cia-spies-
leak-2018-8)

~~~
everybodyknows
Those spies were apparently Chinese nationals, so Beijing would have
considered them traitors. In the West that draws a long prison sentence. China
and Russia are less gentle.

------
tareqak
I have a serious question: why don't governments impose sanctions on other
governments that hack them when there is sufficient proof?

~~~
moltar
Because that would be hypocritical. Most likely all large governments try to
hack other governments.

~~~
gilrain
Exactly, and, as we all know, hypocritical crimes are treated very seriously
by very toothful U.N.

------
codedokode
> ....a hacking group calling itself the Syrian Electronic Army hacked an
> Australian domain registrar

> In early December 2013, prosecutors said, members of the conspiracy used the
> same tactic to hack the Australian registrar again, this time to hijack
> domain names of one of the targeted technology companies.

What's with that registrar, don't they learn from their own mistakes?

~~~
Haydos585x2
It's Melbourne IT. A terrible company that somehow still gets large contracts
despite ripping clients off at every step. I'm sure their entire staff is
underpaid 457s.

~~~
plugger
I used to be an underpaid 457 for nearly a decade until I got PR. Just because
someone is an immigrant on a work visa doesn't mean they're incompetent. And
organisational culture is a top down process, not a bottom up one. So blaming
the workers seems misplaced when it is most likely a management issue (who
probably _aren 't_ 457 holders). That would probably be more accurate.

------
jorblumesea
As much as I think the tariffs are not the right solution, something needs to
be done to punish Chinese aggression towards the West. They've been playing
very dirty without any real consequences. Trade should not be conducted
through industrial espionage or intelligence agencies as a standard approach.

The blurred line between Chinese intelligence and Chinese businesses is a
dangerous one as it can turn IP theft into a real escalation.

~~~
nraynaud
Remember that the CIA did worse (like droning children in Yemen), be careful
what you wish for.

~~~
TheRealWatson
I thought the topic was world trade.

~~~
nraynaud
The topic is exposing spying operations in a bigger narrative of victimhood.

------
creaghpatr
>Besides using spear phishing, watering holes, malware, and domain hijackings,
prosecutors said, the defendants also recruited employees of some of the
targeted companies to infect corporate networks and provide intelligence about
investigations.

This lines up with having a Chinese spy in California Senator Diane
Feinstein's office: Being both a California Senator and a 'Gang of Eight'
intelligence member, the Chinese could be alerted early on about potential
investigations or indictments.

[https://www.sfchronicle.com/bayarea/matier-
ross/article/Sen-...](https://www.sfchronicle.com/bayarea/matier-
ross/article/Sen-Feinstein-had-a-Chinese-connection-she-13121441.php)

We've seen several indictments of Chinese nationals since this story broke.

Edit: Actually the previous indictment I had in mind was the original arrest
of the agent, this is just building on that case:
[http://www.atimes.com/article/chinese-agent-indicted-in-
jet-...](http://www.atimes.com/article/chinese-agent-indicted-in-jet-engine-
espionage-case/)

~~~
learc83
> This lines up with having a Chinese spy in California Senator Diane
> Feinstein's office

That's not really an accurate description of what happened. Here's Feinstein's
statement:

"Five years ago the FBI informed me it had concerns that an administrative
member of my California staff was potentially being sought out by the Chinese
government to provide information. He was not a mole or a spy, but someone who
a foreign intelligence service thought it could recruit.

The FBI reviewed the matter, shared its concerns with me and the employee
immediately left my office. He never had access to classified or sensitive
information or legislative matters. The FBI never informed me of any
compromise of national security information."

Nothing in your article or any other reputable sources I've read conflict with
that statement.

From your article:

'“He didn’t even know what was happening — that he was being recruited,” says
our source. “He just thought it was some friend.”

The FBI apparently concluded the driver hadn’t revealed anything of substance.

“They interviewed him, and Dianne forced him to retire, and that was the end
of it,” says our source.'

~~~
mehrdadn
Confused, why is this downvoted? Is it wrong?

Update: Funny, now the comment is upvoted and my question is downvoted :-)

~~~
creaghpatr
Sort of, it's extremely misleading. It suggests that there is no evidence of
espionage because charges were never pressed, but consider:

>According to four former intelligence officials, in the 2000s, a staffer in
Senator Dianne Feinstein’s San Francisco field office was reporting back to
the MSS. While this person, who was a liaison to the local Chinese community,
was fired, charges were never filed against him. (One former official reasoned
this was because the staffer was providing political intelligence and not
classified information—making prosecution far more difficult.) The suspected
informant was “run” by officials based at China’s San Francisco Consulate,
said another former intelligence official. The spy’s handler “probably got an
award back in China” for his work, noted this former official, dryly.

[https://www.politico.com/magazine/story/2018/07/27/silicon-v...](https://www.politico.com/magazine/story/2018/07/27/silicon-
valley-spies-china-russia-219071)

~~~
learc83
Here's the rest of what that article says about the topic. I'm not sure why it
brings up the topic 2x in the same article. It looks like this paragraph is a
revision of the first.

"Former intelligence officials told me that Chinese intelligence once
recruited a staff member at a California office of U.S. Senator Dianne
Feinstein, and the source reported back to China about local politics. (A
spokesperson for Feinstein said the office doesn’t comment on personnel
matters or investigations, but noted that _no Feinstein staffer in California
has ever had a security clearance._ )"

None of that contradicts what your first article said, that the staffer didn't
know he was being recruited. He was talking about local politics to someone
who worked for the Chinese government who was pumping him for information.

The rest is just speculation on the part of someone the reporter talked to
about how he could have theoretically committed a crime despite not being
prosecuted.

~~~
dsfyu404ed
>He was talking about local politics to someone who worked for the Chinese
government.

Everyone in the government contractor industry (or government itself) gets
annual training on spotting these sorts of leaks. Just discussing any stuff
(even if you don't work with classified things) you're doing at work with a
foreign national is touchy enough that many people avoid doing it all
together. Everyone who works for the federal government or a company that
works for the federal government is well aware of this. This isn't an innocent
mistake. It's highly unlikely that this guy didn't know what he was doing was
questionable.

~~~
learc83
This guy wasn't working in the defense industry, and he wasn't in a sensitive
enough position to warrant any kind of clearance.

I'm sure someone talked to him about it, but it's unlikely he got any sort of
serious training.

He supposedly talked to someone who worked their way into his life _over
several years_ about non-sensitive, non-classified material related to local
politics. I imagine he would have been more careful/aware if the "friend" was
asking about classified information, or if his "friend" hadn't done it very
slowly.

------
jmartrican
I hear in the news stories about companies being highjacked by hackers, where
the hackers encrypt said companies' data and demand a ransom. If that is
possible, then wouldn't it be possible for US backed hackers to do the same to
the Chinese backed organizations that stole American IP?

It seems ineffective to just publicly indict Chinese hackers that are in
China. The indictments are public, so the likelihood that said hackers come to
the US are nill. Seems more effective to erase the trade secrets, or any other
data, from these organizations.

~~~
phyller
That would raise a variety of other serious issues. Besides the ethical
problem that just because someone else does something bad, doesn't make it ok
for you to do that bad thing.

I could list several important reasons why "hacking back" would be a bad idea,
but I'll just stick to the pragmatic "people who live in glass houses
shouldn't throw stones". We have a much larger surface area and much more to
lose if we get into that kind of tit-for-tat. Instead, the US is building a
case that China is an aggressor, and is responding in other ways that will
apply more pressure. For example, tariffs on Chinese exports.

------
mo3gut
If the "spies" really did "steal" (i.e. copy) an engine design then it seems
like a good thing for the world in general. They have helped spread useful
knowledge.

Sure, it's bad for the would-be rent-seekers whose plans have been threatened.
Why should anyone else care about them?

Thanks China, and keep up the good work!

~~~
phyller
By "rent-seekers" you mean organizations that have spent billions of dollars
to research and prove the tech? As the current top comment represents, if
company A spends billions of dollars creating a technology, then company B
steals it, company B can sell it for less because they don't have to pay the
R&D overhead. Company A falters or dies. The company that actually knew how to
advance the field and create new tech suffered. Is that good for the world?

The way it is supposed to work is, company A researches a tech, company b also
researches a tech, the best one wins (or more likely they split the market),
the competition induces more advances, and eventually the old tech becomes
cheap (or free) and widely available as it is supplanted by even newer, better
tech.

And yea I know our patent system is broken, etc. But I don't understand how
you can have a general principle that the people who created something don't
have the right to benefit off of it.

