Xiang Li, age 36, of Chengdu, China, was sentenced to 12 years in prison today for conspiracy to commit wire fraud and criminal copyright infringement based on cyber-theft and online piracy of over $100 million worth of sensitive, industrial-grade software and confidential data stolen from the internal server of a cleared defense contractor.
Between April 2008 and June 2011, Xiang Li engaged in over 700 transactions through which he distributed over $100 million pirated software to over 400 customers located in at least 28 states and over 60 foreign countries. These software products were owned by approximately 200 different American software manufacturers, ranging from large corporations to small businesses. Xiang Li also sold 20 gigabytes of confidential and proprietary data obtained from the internal computer network of at least one ‘cleared defense contractor.’
The tightly controlled and very valuable software products that Xiang Li sold and distributed online are industrial-grade, digital tools used to design myriad products essential to the daily life, health and safety of the public, and to U.S. national security. For example, the software is used in a wide range of applications including aerospace simulation and design, defense, electronics, energy, engineering, explosive simulation, intelligence gathering, manufacturing, mining, space exploration, mathematics, storm water management, explosive simulation, and manufacturing plant design.
Xiang Lis customers included those in embargoed countries in the Middle East, employees of foreign governments, and federal government employees and contractors holding security clearances in the United States.
The investigation revealed that Xiang Li was part of a larger cybercrime organization based in China. Through emails sent to various customers, Xiang Li described himself as being part of ‘an international organization created to crack’ software. When another customer asked Li who cracked the software, Li replied: ‘Experts crack, Chinese people Sorry can not reveal more.’
The investigation revealed that Chinese and Russian software ‘crackers loosely organize into ‘Fan Groups’ and crack software by disabling the access/dissemination controls. The ‘Fan Groups’ then make the hacked software available on web forums or other online portals. ‘Middle men,’ such as Xiang Li, obtain the cracked software from forums, websites, and file transfer protocol sites. These ‘middle men’ operate websites that advertise the sale of cracked software products and distribute that software through the Internet. The ‘middle men’ specialize in, and guide customers through, the complex technical installation process. Without ‘middle men’ like Xiang Li, complex, industrial-grade software that has been cracked is often inoperable and non-transferable. (Source: U.S. Department of Justice)