Hall - CRACK99 : the takedown of a $100 million Chinese software pirate

Copyright 2015 by David Locke Hall

All rights reserved

First Edition

For information about permission to reproduce selections from this book,

write to Permissions, W. W. Norton & Company, Inc.,

500 Fifth Avenue, New York, NY 10110

For information about special discounts for bulk purchases,
please contact W. W. Norton Special Sales
at specialsales@wwnorton.com or 800-233-4830

Book design by Dana Sloan

Production manager: Devon Zahn

The Library of Congress has cataloged the printed edition as follows:

Hall, David Locke, author.

CRACK99 : the takedown of a $100 million Chinese software pirate /

David Locke Hall. First edition.

pages cm

Includes bibliographical references.

ISBN 978-0-393-24954-5 (hardcover)

1. Computer crimesUnited StatesCase studies. 2. Hacking
ChinaCase studies. 3. Software piracyChinaCase studies.

4. Criminal investigationUnited StatesCase studies. 5. National

securityUnited StatesCase studies. I. Title.

HV6773.2.H355 2015

364.16'8dc23

2015022463

ISBN 978-0-393-24955-2 (e-book)

W. W. Norton & Company, Inc.

500 Fifth Avenue, New York, N.Y. 10110

www.wwnorton.com

W. W. Norton & Company Ltd.

Castle House, 75/76 Wells Street, London W1T 3QT

For my family

There is a tide in the affairs of men,

Which taken at the flood, leads on to fortune.

Omitted, all the voyage of their life is bound in shallows and in miseries.

On such a full sea are we now afloat.

And we must take the current when it serves, or lose our ventures.

WILLIAM SHAKESPEARE,

Julius Caesar, Act 4, Scene 3

No maze all is surprised True deal

XIANG LI

www.crack99.com

Contents

THE DAY AFTER TOMORROW.

The Chinese BZK-005 drone executes a slow leftward turn during its routine patrol of the airspace above a string of uninhabited islands in the East China Sea, northeast of Taiwan. The Chinese call them the Diaoyu Islands. The Japanese do not; they call them the Senkaku Islands, illustrating an important point: when it comes to this territory, the Chinese and the Japanese dont agree on anything. Each country claims ownership, and asserts exclusive sovereignty, no doubt because of the islands rumored oil and gas reserves, which have yet to be exploited.

The BZK-005 is a long-range unmanned aerial vehicle used in multiple mission sets, including surveillance. When the data link from the BZK-005 to the Peoples Liberation Army base on the Chinese mainland fails, no one gets excited; this has happened before, and it will be corrected shortly. This time, however, things are different. Although a squad of technicians swarms into the control room, no one can identify a problem with the data link. It has simply ceased to exist. There is a reason for this: the BZK-005 has ceased to exist. This is what happens when a Chinese BZK-005 is hit by a Sidewinder from a Japanese F-15 fighter.

Peoples Liberation Army Air Force J-16 fighters launch in response and quickly engage with the Japanese F-15s. If there were a way to watch this from a safe distance, it would look something like an air showonly deadly. The dogfighting is intense, littering the East China Sea with burning aircraft and burning airmen. It lasts as long as the fuel does, ending in a draw.

The USS George Washington, CVN 73, and her battle group are on patrol in the Philippine Sea. The carrier receives a flash message directing her northwest toward the disputed island chain. Two F-18 Hornets launch as aviators fill the ready room. Awaiting the intel brief, they mill about speculating on the situation and spreading the latest scuttlebutt. The room smells of burnt coffee and aviation fuel. The Chinese government issues a stern warning to the United States: stay out of it, or suffer the consequences. The threat is ignored, and the George Washington continues steaming northwest. Chinese J-16 fighters intercept her and are escorted out of the operating area by U.S. Navy F-18s. All is well until a salvo of Chinese antisatellite missiles is launched against the U.S. Navys Fleet Satellite Communications System, isolating the George Washington.

WAR! scream the headlines.

This would be a bad day by any measure. But it would be particularly galling to learn that the technology employed by the Chinese during this bad dayfrom the drones to the antisatellite missiles to the fighter radarwas produced in the United States, that the ability of the Chinese to neutralize the U.S. Navy was enabled by the crown jewels of U.S. enterprise stolen by Chinese cybercriminals.

The United States is the victim of the greatest transfer of wealth in history. Digital thieves overseasparticularly in Chinaare systematically stealing U.S. intellectual property, largely without adverse consequences. The value of the information and technology being stolen each year is staggering: hundreds of billions of dollars.

Xiang Li was part of this Chinese cybercrime collective and the most prolific Chinese cyber pirate ever caught. From his bastion in Chengdu, China, he operated CRACK99, a website that from 2008 until the time of his arrest in 2011 sold powerful advanced industrial-grade software, the access controls to which had been circumventedor cracked. The stolen software was worth more than $100 million and covered a lot of technological ground: aerospace and aviation simulation and design, communications systems design, electromagnetic simulation, explosive simulation, intelligence analysis, precision tooling, oil field management, and manufacturing plant design.

Cyber pirates like Xiang Li complement the Chinese governments national strategy to steal U.S. technology. One of the thousands of software titles for sale on CRACK99 was Satellite Tool Kit (STK) 8.0, designed by Analytical Graphics Incorporated to enable the U.S. military and aerospace industry to simulate missile launches and flight trajectoriesand to track objects in flight, such as missiles, aircraft (manned and unmanned), and satellites. Moreover, Chinese hackers have reportedly stolen radar software for the $1.4 trillion F-35 stealth joint strike fighter, a fifth-generation tactical fighter still in the testing phase, employing the most advanced U.S. stealth technology. These thefts call into question the ability of the F-35 to remain stealthy in a future conflict with China. Chinese hackers have also reportedly stolen software relating to other military platforms, such as the Global Hawk high-resolution surveillance drone, the UH-60 Black Hawk helicopter, and missile defense systems, including Patriot, Aegis, and Terminal High Altitude Area Defense (THAAD). Some of these digital crimes are sponsored directly by the Chinese government; otherslike Xiang Lisare motivated by money. Either way, the Chinese are stealing U.S. technology to their strategic advantage, shifting the balance of power away from the United States.

The potential consequences are epic. So what is the U.S. government doing about it?

CRACK99

SPECIAL AGENT MIKE RONAYNE AND I sat in a blacked-out Chevy Tahoe outside the arrivals terminal. It was four a.m. and dark as ebony, except for the sickly amber exterior lighting. The humidity was stifling, only occasionally relieved by a welcome puff of sea breeze. We would have been nursing cups of strong black coffee, except that we didnt have any. On the Pacific island of Saipan, there arent a lot of options at four a.m., coffee-wise.

If this guy doesnt show up, Ronayne began.

I know, I interrupted. We were all alone on this one.

Ronaynes cell phone rang. It was Brendan Cullen, another special agent from Homeland Security Investigations (HSI). He was posted in the immigration bay, watching passengers deplane the flight from Chengdu, China.