What's new

Building China's Comac C919 airplane involved a lot of hacking, report says

F-22Raptor

ELITE MEMBER
Joined
Jun 19, 2014
Messages
16,980
Reaction score
3
Country
United States
Location
United States
A report published today shines a light on one of China's most ambitious hacking operations known to date, one that involved Ministry of State Security officers, the country's underground hacking scene, legitimate security researchers, and insiders at companies all over the world.

The aim of this hacking operation was to acquire intellectual property to narrow China's technological gap in the aviation industry, and especially to help Comac, a Chinese state-owned aerospace manufacturer, build its own airliner, the C919 airplane, to compete with industry rivals like Airbus and Boeing.

A Crowdstrike report published today shows how this coordinated multi-year hacking campaign systematically went after the foreign companies that supplied components for the C919 airplane.


The end goal, Crowdstrike claims, was to acquire the needed intellectual property to manufacture all of the C919's components inside China.

Crowdstrike claims that the Ministry of State Security (MSS) tasked the Jiangsu Bureau (MSS JSSD) to carry out these attacks.

The Jiangsu Bureau, in turn, tasked two lead officers to coordinate these efforts. One was in charge of the actual hacking team, while the second was tasked with recruiting insiders working at aviation and aerospace companies.


The hacking team targeted companies between 2010 and 2015, and successfully breached C919 suppliers like Ametek, Honeywell, Safran, Capstone Turbine, GE, and others.

But unlike in other Chinese hacks, where China used cyber-operatives from military units, for these hacks, the MSS took another approach, recruiting local hackers and security researchers.

According to Crowdstrike and a Department of Justice indictment, responsible for carrying out the actual intrusions were hackers that the MSS JSSD recruited from China's local underground hacking scene. Crowdstrike says that some of the team members had a shady history going back as far as 2004.


These hackers were tasked with finding a way inside target networks, where they'd usually deploy malware such as Sakula, PlugX, and Winnti, which they'd use to search for proprietary information and exfiltrate it to remote servers.

In the vast majority of cases, the hackers used a custom piece of malware that was specifically developed for these intrusions. Named Sakula, this malware was developed by a legitimate security researcher named Yu Pingan.

In the rare occasions when the hacking team couldn't find a way inside a target, a second MSS JSSD officer would intervene and recruit a Chinese national working for the target company, and use him to plant Sakula on the victim's network, usually via USB drives.


The group, which Crowdstrike said it tracked as Turbine Panda, was extremely successful. The US cyber-security firm points out that in 2016, after almost six years of non-stop hacking of foreign aviation companies, the Aero Engine Corporation of China (AECC) launched the CJ-1000AX engine, which was set to be used in the upcoming C919 airplane, and replace an engine that had been previously manufactured by a foreign contractor.

Industry reporting points out that the CJ-1000AX displays multiple similarities [1, 2] to the LEAP-1C and LEAP-X engines produced by CFM International, a joint venture between US-based GE Aviation and French aerospace firm Safran, and the foreign contractor that supplied turbine engines for the C919.

US crackdown
But while the MSS JSSD's hacking efforts might have gone unnoticed, hackers made a mistake when they overstepped and went after targets a little too big -- such as healthcare provider Anthem and the US Office of Personnel Management.

Those intrusions yielded a lot of useful information for recruiting future insiders, but they also brought the full attention of the US government bearing down on their operation. It didn't take too long after that for the US to start piecing the puzzle together.

The first ones to go were the insiders since they were the easiest ones to track down and had no protection from the Chinese government since they were operating on foreign soil.

After that came Yu, the creator of the Sakula malware, who was arrested while attending at a security conference in Los Angeles, and subsequently charged for his involvement in the Anthem and OPM hacks.


Yu's arrest triggered a massive ripple in China's infosec scene. The Chinese government responded by prohibiting Chinese researchers from participating at foreign security conferences, fearing that US authorities might get their hands on other "assets."

Initially, this seemed an odd thing to do, but a subsequent Recorded Future investigationshowed how the MSS had deep ties to the Chinese cyber-security research scene, and how the agency was secretly hoarding and delaying vulnerabilities found by Chinese security researchers, many of which were being weaponized by its hackers before being publicly disclosed.

But the biggest hit to Turbine Panda came in late 2018 when western officials arrested Xu Yanjun, the MSS JSSD officer in charge of recruiting insiders at foreign companies.

The arrest of a high-ranking Chinese intelligence officer was the first of its kind, and the biggest intelligence asset transfer since the Cold War, besides Snowden's flight to Russia. Now, US officials are hoping that Xu collaborates for a reduced sentence.

However, Crowdstrike points out that "the reality is that many of the other cyber operators that made up Turbine Panda operations will likely never see a jail cell."

China has yet to extradite any citizen charged with cyber-related crimes.


In the meantime, Turbine Panda appears to have seized most of its operations, most likely crippled due to the arrests, but other Chinese cyber-espionage groups have taken over, such as Emissary Panda, Nightshade Panda, Sneaky Panda, Gothic Panda, Anchor Panda, and many more.

Attacks on foreign aviation firms are expected to continue for the foreseeable future, mainly because Comac's C919 jet isn't the success that the Chinese government expected (see 07:20 mark in the video below), and a fully Chinese airliner is still years away. Efforts are currently underway for building the airliner's next iteration, the C929 model.


For years it's been reported that China has been building its economical might on the back of other countries and its foreign competitors.

The full Crowdstrike report gives a glimpse at how China has been using hackers to do so, although they are not the only component.

The Beijing government itself has played even a bigger role. Historically, they've dangled carrots in the face of foreign companies, promising access to China's booming internal market. Foreign companies have seen themselves forced into joint ventures, only to be forced out later by their former partners after local companies grew with the help of state subsidies and the know-how acquired from the partnership.

In this process, Chinese hackers often helped with "forced technology transfer," breaching business partners and stealing their intellectual property, allowing the Chinese state-owned companies to put out high-end competing products in record time and at very low prices.

And in all of this, the aviation industry has been only one part of the puzzle. Similar hacking efforts have also targeted many other industry verticals, from the maritime industry to hardware manufacturing, and from academic research to biotechnology.

https://www.zdnet.com/article/build...rplane-involved-a-lot-of-hacking-report-says/
 
.
A report published today shines a light on one of China's most ambitious hacking operations known to date, one that involved Ministry of State Security officers, the country's underground hacking scene, legitimate security researchers, and insiders at companies all over the world.

The aim of this hacking operation was to acquire intellectual property to narrow China's technological gap in the aviation industry, and especially to help Comac, a Chinese state-owned aerospace manufacturer, build its own airliner, the C919 airplane, to compete with industry rivals like Airbus and Boeing.

A Crowdstrike report published today shows how this coordinated multi-year hacking campaign systematically went after the foreign companies that supplied components for the C919 airplane.


The end goal, Crowdstrike claims, was to acquire the needed intellectual property to manufacture all of the C919's components inside China.

Crowdstrike claims that the Ministry of State Security (MSS) tasked the Jiangsu Bureau (MSS JSSD) to carry out these attacks.

The Jiangsu Bureau, in turn, tasked two lead officers to coordinate these efforts. One was in charge of the actual hacking team, while the second was tasked with recruiting insiders working at aviation and aerospace companies.


The hacking team targeted companies between 2010 and 2015, and successfully breached C919 suppliers like Ametek, Honeywell, Safran, Capstone Turbine, GE, and others.

But unlike in other Chinese hacks, where China used cyber-operatives from military units, for these hacks, the MSS took another approach, recruiting local hackers and security researchers.

According to Crowdstrike and a Department of Justice indictment, responsible for carrying out the actual intrusions were hackers that the MSS JSSD recruited from China's local underground hacking scene. Crowdstrike says that some of the team members had a shady history going back as far as 2004.


These hackers were tasked with finding a way inside target networks, where they'd usually deploy malware such as Sakula, PlugX, and Winnti, which they'd use to search for proprietary information and exfiltrate it to remote servers.

In the vast majority of cases, the hackers used a custom piece of malware that was specifically developed for these intrusions. Named Sakula, this malware was developed by a legitimate security researcher named Yu Pingan.

In the rare occasions when the hacking team couldn't find a way inside a target, a second MSS JSSD officer would intervene and recruit a Chinese national working for the target company, and use him to plant Sakula on the victim's network, usually via USB drives.


The group, which Crowdstrike said it tracked as Turbine Panda, was extremely successful. The US cyber-security firm points out that in 2016, after almost six years of non-stop hacking of foreign aviation companies, the Aero Engine Corporation of China (AECC) launched the CJ-1000AX engine, which was set to be used in the upcoming C919 airplane, and replace an engine that had been previously manufactured by a foreign contractor.

Industry reporting points out that the CJ-1000AX displays multiple similarities [1, 2] to the LEAP-1C and LEAP-X engines produced by CFM International, a joint venture between US-based GE Aviation and French aerospace firm Safran, and the foreign contractor that supplied turbine engines for the C919.

US crackdown
But while the MSS JSSD's hacking efforts might have gone unnoticed, hackers made a mistake when they overstepped and went after targets a little too big -- such as healthcare provider Anthem and the US Office of Personnel Management.

Those intrusions yielded a lot of useful information for recruiting future insiders, but they also brought the full attention of the US government bearing down on their operation. It didn't take too long after that for the US to start piecing the puzzle together.

The first ones to go were the insiders since they were the easiest ones to track down and had no protection from the Chinese government since they were operating on foreign soil.

After that came Yu, the creator of the Sakula malware, who was arrested while attending at a security conference in Los Angeles, and subsequently charged for his involvement in the Anthem and OPM hacks.


Yu's arrest triggered a massive ripple in China's infosec scene. The Chinese government responded by prohibiting Chinese researchers from participating at foreign security conferences, fearing that US authorities might get their hands on other "assets."

Initially, this seemed an odd thing to do, but a subsequent Recorded Future investigationshowed how the MSS had deep ties to the Chinese cyber-security research scene, and how the agency was secretly hoarding and delaying vulnerabilities found by Chinese security researchers, many of which were being weaponized by its hackers before being publicly disclosed.

But the biggest hit to Turbine Panda came in late 2018 when western officials arrested Xu Yanjun, the MSS JSSD officer in charge of recruiting insiders at foreign companies.

The arrest of a high-ranking Chinese intelligence officer was the first of its kind, and the biggest intelligence asset transfer since the Cold War, besides Snowden's flight to Russia. Now, US officials are hoping that Xu collaborates for a reduced sentence.

However, Crowdstrike points out that "the reality is that many of the other cyber operators that made up Turbine Panda operations will likely never see a jail cell."

China has yet to extradite any citizen charged with cyber-related crimes.


In the meantime, Turbine Panda appears to have seized most of its operations, most likely crippled due to the arrests, but other Chinese cyber-espionage groups have taken over, such as Emissary Panda, Nightshade Panda, Sneaky Panda, Gothic Panda, Anchor Panda, and many more.

Attacks on foreign aviation firms are expected to continue for the foreseeable future, mainly because Comac's C919 jet isn't the success that the Chinese government expected (see 07:20 mark in the video below), and a fully Chinese airliner is still years away. Efforts are currently underway for building the airliner's next iteration, the C929 model.


For years it's been reported that China has been building its economical might on the back of other countries and its foreign competitors.

The full Crowdstrike report gives a glimpse at how China has been using hackers to do so, although they are not the only component.

The Beijing government itself has played even a bigger role. Historically, they've dangled carrots in the face of foreign companies, promising access to China's booming internal market. Foreign companies have seen themselves forced into joint ventures, only to be forced out later by their former partners after local companies grew with the help of state subsidies and the know-how acquired from the partnership.

In this process, Chinese hackers often helped with "forced technology transfer," breaching business partners and stealing their intellectual property, allowing the Chinese state-owned companies to put out high-end competing products in record time and at very low prices.

And in all of this, the aviation industry has been only one part of the puzzle. Similar hacking efforts have also targeted many other industry verticals, from the maritime industry to hardware manufacturing, and from academic research to biotechnology.

https://www.zdnet.com/article/build...rplane-involved-a-lot-of-hacking-report-says/
Typical dumb Chinese. They need to grab some western aero engineers and get their help to get this technology. Think Wernher Braun. Think big.
 
.
This is another pathetic propaganda by west. If China wants, it has the biggest aviation industry consisting dozens of airlines with thousands of Airbuses and Boeings so China can easily take apart one of the airplanes and its engines, reverse engineer, melt the material, pass through the spectrum analysers to find out the compositions... China had very robust reverse engineering techniques decades ago... so today they are much more advanced. And China produces all the raw materials required for engine production
 
. . .
This is another pathetic propaganda by west. If China wants, it has the biggest aviation industry consisting dozens of airlines with thousands of Airbuses and Boeings so China can easily take apart one of the airplanes and its engines, reverse engineer, melt the material, pass through the spectrum analysers to find out the compositions... China had very robust reverse engineering techniques decades ago... so today they are much more advanced. And China produces all the raw materials required for engine production
That is a stupid argument, and I say that kindly.

Every jet you buy is serially tracked because you agreed to that tracking. Each track event is sent to the manufacturer for many purposes, from maintenance to upgrades. If you take a jet down for maintenance, you agreed to let the manufacturer know why and how long. Any event that is longer than previously recorded by other airlines will trigger an alert, not for any thing malevolent but to monitor trend because if that trend shows a particular maintenance action takes longer and longer, that could indicate a deeper problem.

I could go on and on but essentially -- you do not know what you are talking about. Something we seen all too often on this forum whenever people tries to suck up to China. :rolleyes:
 
.
That is a stupid argument, and I say that kindly.

Every jet you buy is serially tracked because you agreed to that tracking. Each track event is sent to the manufacturer for many purposes, from maintenance to upgrades. If you take a jet down for maintenance, you agreed to let the manufacturer know why and how long. Any event that is longer than previously recorded by other airlines will trigger an alert, not for any thing malevolent but to monitor trend because if that trend shows a particular maintenance action takes longer and longer, that could indicate a deeper problem.

I could go on and on but essentially -- you do not know what you are talking about. Something we seen all too often on this forum whenever people tries to suck up to China. :rolleyes:
Your comment was valid for 80's and 90's ... but now you need to update your software..you're running a two decades old OS on your brain... may be you can't update to the new version due to the hardware limitations :cheesy:
 
Last edited:
.
In similar way, no engineer can agree that airplane can slice into world trade center, and the sliced section got glued back after the parts of jet are across all the way.
 
. .
Your comment was valid for 80's and 90's ... but now you need to update your software..you're running a two decades old OS on your brain... may be you can't update to the new version due to the hardware limitations :cheesy:
Wrong, again...

It does not matter what era. Anything you do to any jet, even if you bought (not lease), you agreed for that action to be tracked. You changed a simple pitot tube? Tracked. You changed an engine? Tracked. So for you to say that China can simply disassembled and 'melt' down parts for reverse engineering was just asinine.

But hey...You got 'Thanked' for your sucking up. That is all that mattered, right? Facts and truth be damned in the service of China. :enjoy:
 
.
On one hand I don't blame China.
Remember, the west smuggled out tea and silk out of China to learn how to make those products.
You can almost call that an ancient form of hacking

However, I don't think stealing IP on a state level is a good thing. China should hire western engineers, pay them properly and develop their own technology.
 
.
Wrong, again...

It does not matter what era. Anything you do to any jet, even if you bought (not lease), you agreed for that action to be tracked. You changed a simple pitot tube? Tracked. You changed an engine? Tracked. So for you to say that China can simply disassembled and 'melt' down parts for reverse engineering was just asinine.

But hey...You got 'Thanked' for your sucking up. That is all that mattered, right? Facts and truth be damned in the service of China. :enjoy:
I don't give damn about thanks and ratings.. I say what I think is right... thinking that there's no way is just plain stupid. And here you're saying that hacking into Boeing and Airbus factories and databases is easier for China than to reverse engineer one of thousands the jetliners in their possession... how logical is that?
 
.
I don't give damn about thanks and ratings..
Sure you do. All suck-ups lives on approvals of their targets. :rolleyes:

I say what I think is right...
And if you are proven wrong? Never mind. That was a rhetorical question.

thinking that there's no way is just plain stupid. And here you're saying that hacking into Boeing and Airbus factories and databases is easier for China than to reverse engineer one of thousands the jetliners in their possession... how logical is that?
Very logical in the sense that clandestine intelligence usually leave little to no traces. And even when there are forensic evidences, the perpetrator(s) can simply deny/disavow. Remember Stuxnet?

Am not saying that China have done literally nothing to the jets in their possession. For me to say that, given my experience in aviation in/out of the military, it would be as stupid as your post 3. Of course Chinese engineers have examined Boeing and Airbus products and the manufacturers anticipated that kind of activities by China. They are not stupid. They know they would taken for suckers to some degrees.

Take the pitot probe, for example. A Chinese maintenance personnel could fake up a clogged airway to remove the probe, then a Chinese engineer could take precise dimension measurement for use on the C919. That is industrial and intellectual espionage. Changing the probe takes at best 3 hrs, including testing the entire pitot/static and Central Air Data Computer (CADC) system.

Dimension measurements are the first data collection of any physical objects in industrial espionage.

I know and understand this shit far better than you do. :lol:
 
.
I know and understand this shit far better than you do. :lol:

whats wrong with you white folks goin around talkin trash like that doe
mufuggin honkeys goin around talkin shit against my homies man i aint gonna have some cracka *** doin that
 
. .

Latest posts

Pakistan Affairs Latest Posts

Country Latest Posts

Back
Top Bottom