Song Wu, a Chinese national who works for a huge Chinese state-owned defense conglomerate, was indicted in the Northern District of Georgia on Monday for plotting to hack U.S. government agencies, including NASA, the Army, Navy, Air Force and the Federal Aviation Administration (FAA).
Indictment Accused The scam involves sending “spear phishing emails” to employees of the targeted institutions, private contractors, and “staff members of major research universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana, and Ohio.”
“Spear phishing” is the dark art of sending highly realistic looking emails to victims, often embellished with compelling personal and professional details. If the victim opens an attachment in one of these emails or clicks on a link to a website it contains, the victim's computer becomes infected with malware. Some spear phishing attacks don't use malware, but simply trick victims into revealing passwords or other valuable data.
Spear phishing attacks are carefully targeted and require considerable effort, as hackers must craft emails that look like genuine messages from the victim's friends, family, or colleagues.
According to the Department of Justice (DOJ), Song's emails “appeared to the targeted victims to have been sent by colleagues, associates, friends, or others in the research or engineering community.”
“Hello, [victim’s name]”I emailed Steven a copy of the NASCART-GT code but haven't heard back so far. I guess he's too busy. Can you help me send it to him?” read one example of a phishing email, but the original text contained a spelling mistake.
“Hello, [victim’s name] “Sorry for bothering you so early in the morning. If you have time please send me a copy of the DAC software. FYI I need it urgently so please let me know,” another message read.
Over the course of several years, Song is accused of trying to trick his victims into sending him confidential “source code and software” related to fields such as aerospace engineering and computational fluid dynamics.
“This specialized software may be used for industrial and military applications, including the development of advanced tactical missiles and the aerodynamic design and evaluation of weapons,” the indictment said.
For example, computational fluid dynamics is used by aerospace engineers, Model The airflow around the flying surface of an aircraft or missile.
According to IndictmentSome of Song's spear-phishing attacks were successful, and the Justice Department did not say specifically what software Song stole or from whom.
The Justice Department described Song as a 39-year-old employee of the Aviation Industry Corporation of China (AVIC), a Beijing-based aerospace and defense company owned by the Chinese government. The indictment repeatedly says Song “aided and abetted by unknown persons.”
“AVIC manufactures commercial and military aircraft and is one of the world's largest defense contractors,” the indictment said.
Song's case is being handled by a multi-agency Disruptive Technology Strike Force. Established The Departments of Justice, Commerce, FBI, and Homeland Security will Investigate export violations, smuggling, and information theft by Russia, China, North Korea, and Iran;
Song is the 34th defendant indicted through the Strike Force's operations since its inception. He was charged with 14 counts each of wire fraud and aggravated identity theft, which carry a maximum possible sentence of 20 years in prison for each wire fraud count. He also faces a minimum possible sentence of two years in prison for each identity theft count. Because he conducted his spear phishing attacks from China, according to the indictment, it is unlikely he will be arrested or summoned to appear in a U.S. court.
“Efforts to obtain our nation's valuable research software pose a serious threat to our national security, but this indictment demonstrates that national borders are no barrier to prosecuting bad actors who threaten our national security,” U.S. Attorney Ryan K. Buchanan said Monday.
