Chinese citizen sentenced to 12 years in prison for cyber-theft and piracy of over $100 million in sensitive software and proprietary data


WILMINGTON, DE – Xiang Li, age 36, of Chengdu, China, was sentenced to 12 years in prison today for conspiracy to commit wire fraud and criminal copyright infringement based on cyber-theft and online piracy of over $100 million worth of sensitive, industrial-grade software and confidential data stolen from the internal server of a cleared defense contractor. Li will be deported to China pending his release from prison.

According to statements made at the sentencing hearing and documents filed in court, in December 2009, the U.S. Department of Homeland Security, Homeland Security Investigations, identified a website located at that was advertising thousands of software titles at a fraction of their retail value. The investigation revealed that Xiang Li operated this website and a series of other websites that sold pirated, industrial-grade software in which the access and copy controls had been “cracked,” or circumvented.

Between April 2008 and June 2011, Xiang Li engaged in over 700 transactions through which he distributed over $100 million pirated software to over 400 customers located in at least 28 states and over 60 foreign countries. These software products were owned by approximately 200 different American software manufacturers, ranging from large corporations to small businesses. Xiang Li also sold 20 gigabytes of confidential and proprietary data obtained from the internal computer network of at least one “cleared defense contractor.”

The tightly controlled and very valuable software products that Xiang Li sold and distributed online are industrial-grade, digital tools used to design myriad products essential to the daily life, health and safety of the public, and to U.S. national security. For example, the software is used in a wide range of applications including aerospace simulation and design, defense, electronics, energy, engineering, explosive simulation, intelligence gathering, manufacturing, mining, space exploration, mathematics, storm water management, explosive simulation, and manufacturing plant design.

Xiang Li’s customers included those in embargoed countries in the Middle East, employees of foreign governments, and federal government employees and contractors holding security clearances in the United States. More than one-third of the unlawful purchases were made by individuals within the United States, including small business owners, government contractors, students, inventors, and engineers. For instance, Xiang Li sold twelve cracked software programs worth over $1.2 million to Cosburn Wedderburn, who was then a NASA electronics engineer working at NASA’s Goddard Space Flight Center, in Greenbelt, Maryland. Wedderburn uploaded this cracked software to a NASA computer network and used it to perform on a side contract he negotiated to design a thermal simulation project for China-based Huawei Technologies, Inc.

Xiang Li also sold ten cracked software programs worth over $600,000 to Dr. Wronald Best, the “Chief Scientist” of a Kentucky-based government contractor that services the U.S. and foreign militaries and law enforcement with a variety of applications such as radio transmissions, radar usage, microwave technology, and vacuum tubes used in military helicopters. Dr. Best used the cracked software to design components for Patriot missiles and the radar systems of the “Marine One” Presidential helicopter and the Army’s Black Hawk helicopter.

Between January 2010 and June 2011, undercover agents made a series of purchases of pirated software worth hundreds of thousands of dollars from Xiang Li’s CRACK99 website. The investigation culminated in a face-to-face meeting between Xiang Li and undercover agents on the Island of Saipan, in June 2011. Xiang Li agreed to travel from China to Saipan to deliver pirated software, design packaging, and 20 gigabytes of proprietary data from a U.S. software company (a cleared defense contractor) to undercover agents posing as would-be co-conspirators willing to assist Li with distribution of counterfeit software in the United States. The undercover agents arrested Xiang Li on June 7, 2011, after he delivered the stolen intellectual property to them at a Saipan hotel. Xiang Li was transported to the District of Delaware, where he has remained in custody since June 2011.

The investigation revealed that Xiang Li was part of a larger cybercrime organization based in China. Through emails sent to various customers, Xiang Li described himself as being part of “an international organization created to crack” software. When another customer asked Li who cracked the software, Li replied: “Experts crack, Chinese people Sorry can not reveal more.”

The investigation revealed that Chinese and Russian software “crackers” loosely organize into “Fan Groups” and crack software by disabling the access/dissemination controls. The “Fan Groups” then make the hacked software available on web forums or other online portals. “Middle men,” such as Xiang Li, obtain the cracked software from forums, websites, and file transfer protocol sites. These “middle men” operate websites that advertise the sale of cracked software products and distribute that software through the Internet. The “middle men” specialize in, and guide customers through, the complex technical installation process. Without “middle men” like Xiang Li, complex, industrial-grade software that has been cracked is often inoperable and non-transferable.

This case is being investigated by the United States Department of Homeland Security, Homeland Security Investigations, and the Defense Criminal Investigative Service. This case is being prosecuted by Assistant United States Attorneys David L. Hall and Edward J. McAndrew.