Xiang Li (hacker)
Xiang Li (Chinese: 李翔) is a Chinese computer hacker. He is serving a twelve-year sentence in federal prison in the United States.[1][2]
Career
From Chengdu, he operated "CRACK99", a website that sold stolen software globally from 2008 until his arrest by U.S. authorities in 2011. During that time, he sold over $100 million in industrial-grade software, the access controls of which had been circumvented by software cracking. The software had civilian and military applications, including aerospace and aviation simulation and design, communications systems design, electromagnetic simulation, explosives simulation, intelligence analysis, precision tooling, oil field management, and manufacturing plant design.[3]
Operation, arrest and prosecution
Investigation
One of the software titles for sale on CRACK99 was "Satellite Tool Kit 8.0" ("STK"), now known as Systems Tool Kit, designed by Analytical Graphics Incorporated (AGI) to enable the U.S. military to simulate missile launches and flight trajectories of aircraft and satellites. AGI brought this fact to the attention of U.S. Department of Homeland Security Investigations in December 2009. A team of prosecutors and agents from the Department of Justice, Homeland Security and the Defense Criminal Investigative Service initiated an undercover investigation in 2010. As part of that investigation, federal agents purchased STK software from the CRACK99 website, as well as other advanced software used in spacecraft design and programmable logic devices.[3]:Chapter 1
Lurement and arrest in Saipan
U.S. undercover agents posed as criminals who were reselling software obtained from CRACK99. Li and the agents engaged in lengthy email and Skype conversations about increasing sales by expanding the U.S. market. Ultimately, Li agreed to meet the agents in Saipan to discuss future business opportunities. On June 6, 2011, Li met with undercover agents in Saipan. Li provided agents with 20 gigabytes of proprietary data hacked from a defense contractor.
"It's the database," explained Li, "I was thinking [it] would be difficult to pass through the custom." This data included military and civilian aircraft image models, a software module containing data associated with the International Space Station, and a high resolution, 3-dimensional imaging program.[3]:Chapter 11
Li further advised the undercover agents: "Don’' just sell it … randomly! … Only the familiar and reliable customers… The products…are pretty…um…like confidential. [Don’t]… go and tell other people."
The agents asked if Xiang Li could get software in addition to what he had listed on CRACK99. "I mean as long as [you] can tell me the name," Li said, "I could find a way to get it ...." Xiang Li asked the agents: "I want to ask a question. … Will [your] customers be able to find me? Will [they] be also contacting me? …. Will [the customers] be able to locate me?"
Shortly thereafter, Li was arrested, waived his right to remain silent, and confessed to his crimes.[3]
Conviction
A federal grand jury indicted Li on multiple federal charges involving the sale of more than $100 million in stolen software. The $100 million figure was based on the results from search warrants executed on Xiang Li's email accounts, which revealed about 600 illegal transactions between April 2008 and August 2010. In January 2013, the federal district court in Delaware accepted Li's guilty plea to one count each of conspiracy to commit criminal copyright infringement and conspiracy to commit wire fraud, exposing him to a maximum of 25 years of incarceration.[4]
In June 2013, the court held a sentencing hearing. Li contended that software piracy was "prevalent" in China, opining that "[p]robably ten million people in China are doing things illegally with software." The U.S. government agreed that cyber theft is prevalent in China,[5] but contended that the prevalence of Chinese piracy is not a defense, and pointed the court to a report estimating that China's illegal software market reached $9 billion in 2011, out of a total market of nearly $12 billion, thus setting a piracy rate of 77 percent.[6] The government emphasized the advanced nature of the software sold by Li and the fact that many of the software products had military applications.[5]
The court noted the extensive amount of crime that the defendant was engaged in, finding: "This was nothing less than a crime spree, and it was brazen."[7] The court found that the software was "highly sophisticated" and "ended up with individuals and sometimes in countries that are not authorized to have those software materials".[3] The court sentenced Li to 12 years in prison, the longest criminal copyright sentence ever imposed.[1] The Xiang Li case was featured in the CNN series Declassified.
American customers
Li sold software worth over $600,000 to Dr. Ronald Best, the “Chief Scientist” of a U.S. defense contractor involved in applications such as radio communication, radar, and microwave technology. Best used the cracked software to design components for Patriot missiles and radar for Marine One (the President's helicopter) and the Army's Blackhawk helicopter.[8][9]
Another U.S. customer was Cosburn Wedderburn, who purchased over $1,000,000 in stolen software. At the time, Wedderburn was a NASA engineer.[10]
References
- "Chinese Citizen Sentenced to 12 Years in Prison for Cyber-Theft and Piracy of over $100 Million in Sensitive Software and Proprietary Data". Justice.gov. 2015-07-14. Retrieved 8 December 2018.
- "Crack 99 admin gets 12 years in jail for $100 million of software piracy". Geek.com. 2013-06-12. Retrieved 2019-06-23.
- "CRACK99". Books.wwnorton.com. Retrieved 8 December 2018.
- "FOR THE DISTRICT OF DELAWARE UNITED STATES OF AMERICA, Plaintiff, Cr. A. No. 10-112-LPS v. XIANGLI, Defendant" (PDF). Ice.gov. Retrieved 8 December 2018.
- "GOVERNMENT'S SENTENCING MEMORANDUM" (PDF). Content.govdelivery.com. Retrieved 8 December 2018.
- Sentencing Transcript at 46, United States v. Xiang Li, 10-112-LPS pp. 57, 60
- "Chief Scientist Of Government Contractor Sentenced To One Year In Prison For Conspiring To Obtain Pirated Software From Chinese And Russian Cybercriminals". Justice.gov. 14 July 2015. Retrieved 8 December 2018.
- "Chinese Citizen Sentenced To 12 Years In Prison For Cyber-Theft And Piracy Of Over $100 Million In Sensitive Software And Proprietary Data". Justice.gov. 14 July 2015. Retrieved 8 December 2018.
- "U.S. Attorney's Office - U.S. Department of Justice". Justice.gov. Retrieved 8 December 2018.