Chinese cyber-spies accused of stealing IP on US fighter jet

The Chinese government allegedly stole the designs of a new US fighter jet, according to the latest leaked documents from NSA whistle-blower Edward Snowden.

China's Shenyang J-31 Falcon Eagle fifth-generation fighter copies major design elements from the F-35
China's Shenyang J-31 Falcon Eagle fifth-generation fighter copies major design elements from the F-35

The German newspaper Der Spiegel, which has close links to Snowden, claims in a new report that China stole up to 50 terabytes of data on the F-35 fighter jet, which is the most expensive defence project in US history.

The stolen information is said to have included radar systems data, engine schematics, heat contour maps and the designs to cool exhaust gases.

The stealth aircraft is manufactured by US-based Lockheed Martin and cost around US$ 400 billion (£230 billion) to develop, during which time it was dogged by delays and unforeseen costs.

Australia has ordered 72 of the jets, and could potentially raise this order to more than a hundred in future. Most of these are due to come into service in 2020, with the US and British militaries (and Royal Air Force) other major customers of the jet. Australian and British private companies are believed to have been involved in manufacturing the aircraft.

This news won't come as a huge surprise, not least given China's prowess in cyber-space (and previous reports in relation to intellectual property), but also considering The Washington Post reported in 2013 that Chinese hackers had accessed sensitive documents about numerous US weapons, including the F-35 fighter jet. This breach – which apparently happened in 2007 – saved China “25 years of research and development” according to US military officials cited in the Post's article.

Responding to the news, Australia's foreign minister Julie Bishop told Sky News that the report does “highlight the challenges of cyber-attacks” but added she was “confident the United States has measures to ensure its intellectual property is protected.”

Andrew Mabbitt, security consultant at MWR InfoSecurity, told SCMagazineUK.com in an email that it's no surprise nation-states would be interested in stealing IP, considering how expensive and time-consuming research and development (R&D) can be.

“With the cost of research and development being in the hundreds of billions of pounds and taking numerous years, it's no wonder that companies and nation states would be interested in launching cyber-attacks to steal intellectual property for a fraction of the price and time,” said Mabbitt.

“It is worth noting that despite all of the reporting around the prevalence of cyber-attacks, relatively few actual cases get reported. This case was found in the Snowden leaks and is the tip of the iceberg. Attacks are happening to all sizes of business and in most, if not all, industries.”

He added: “Protecting the information can be difficult as well, as a highly complex, multi-party project such as the F35 will require a high level of collaboration by a number of different organisations. Compromise of one of those organisations will allow access to whatever information that company has access to and may be used as a foothold to other organisations. For example, the widely-reported attack on the retailer Target was believed to have been conducted through a link from a supplier.”

Trey Ford, global security strategist at Rapid 7, said that this is the latest example that there's a varied mix of cyber-criminals – and not all of them are looking for the ‘low-hanging fruit'.

“We often discuss how opportunistic cyber criminals tend to be on the lookout for an easy score such as accessing consumer data that they can easily sell via abundant black-markets,” he said in an email to SC.

“This latest report on the alleged theft of military intellectual property is yet another reminder that attackers and their motives are highly varied, everyone is a target, and protecting assets remains an enormous challenge. Many countries may find that the cost of a cyber-espionage programme pales in comparison to the value of such a programme, when they believe they can access the valuable research and development projects of the military industrial complex, like the plans for the $400bn F-35 Joint Strike Fighter as built by Lockheed Martin.”

He continued: “Make no mistake, this data is targeted by a very thoughtful and very motivated adversary.  It highlights the challenge faced by both industry and governments - we must improve our ability to thwart not only opportunistic attackers but those who are sophisticated, motivated and persistent.”