This is not a NASA Website. You might learn something. It's YOUR space agency. Get involved. Take it back. Make it work - for YOU.
China

Former NASA/NIA Employee Arrested by FBI Trying to Leave U.S.

By Keith Cowing
NASA Watch
March 18, 2013
Filed under , ,

Wolf: Chinese National Potentially Involved In NASA Langley Security Violations
“Even more troubling, the investigative report identified how Mr. Jiang was allowed by NASA and NIA supervisors to take his work and volumes of other NASA research back to China for a period of time, as documented in an investigative report I received.”
Federal agents stop, arrest NASA Langley contractor on plane for China, Daily Press
“A former employee of a NASA Langley Research Center contractor was sitting on a Chinese-bound plane at Dulles International Airport on Saturday when federal agents came on board and asked to have a word with him. Federal prosecutors are now accusing that man, Bo Jiang, of lying to those federal investigators about what he had in his possession.”
Affidavit in Support of an Application for Criminal Complaint and Arrest Warrant
Criminal Complaint
Bo Jiang, LinkedIn
Research Scientist – National Institute of Aerospace
October 2012 – Present (6 months)Visual Information Processing Lab, NASA Langley Research Center
– NASA Aviation Safety Program, External Hazards Sensing and Mitigation:
— Developing a computational visual servo, which provides an active, automatic image enhancement,
— Researching on generic pattern recognition combining computer vision and neuroscience.

Research Assistant – University of Electronic Science and Technology of China
July 2004 – June 2007 (3 years)Chengdu, China
– Adaptive median filter for multi-layer noise reduction,
– Image recognition based on Neural Network and Gabor filter,
– Speech recognition based on Neural Network and Hidden Markov Model.

Frank Wolf’s Weekly Hearings on NASA and China, earlier post

Rep. Wolf To Reveal Major Development in NASA Security Violations
“Rep. Frank Wolf (R-VA), chairman of the House Appropriations subcommittee that funds NASA, will hold a press conference today to reveal a significant new development concerning a Chinese national allegedly involved in security violations at several NASA centers.”

NASA Watch founder, Explorers Club Fellow, ex-NASA, Away Teams, Journalist, Space & Astrobiology, Lapsed climber.

49 responses to “Former NASA/NIA Employee Arrested by FBI Trying to Leave U.S.”

  1. Andrew_M_Swallow says:
    0
    0

    Yuk!  These are horrible.

    1. Time to change all the login passwords at NASA Langley Research Center.2. Also appropriate ones at other NASA sites he may have visited and any company he talked to on the phone.3. NASA security to check that the passwords have been changed.

    • Ralphy999 says:
      0
      0

      Oh yes, that will help! Stop ’em right in their tracks. The Great Wall of NASA. “A Mighty Fortress Is Our Passwords”.

      • Andrew_M_Swallow says:
        0
        0

         Locking the door makes stealing harder.  New information is being made by NASA everyday.

      • Jim Oberg says:
        0
        0

        When I was assigned as ‘security officer’ for our division at the AF Weapons Lab in 1970, as all new lieutenants get to do, we access to workers’ personal files I quickly discovered that I could guess [after ten or twenty tries] about half of the passwords used in the SECRET and TOP SECRET office safes. After we quietly emptied a few of them out overnight and watched the consequent horror, the order to change passwords more often was enthusiastically followed. I only guessed two more passwords over the next two years. So yes, simple stuff such as proactive access control can be effective in diminishing accessibility. 

        • Ralphy999 says:
          0
          0

          You’re right James. One should always lock the front door to one’s house when one is away. Just because that will not stop a serious criminal, it doesn’t mean it’s is OK to give up and stop locking your front door.

          However, the accused Mr. Jiang would probably never consider such a brutal method of entry. He would ask to be invited in. 

          I have no idea whether Mr. Jiang committed a crime or not nor do I imply his guilt. I have no way of knowing.

          • Gonzo_Skeptic says:
            0
            0

            However, the accused Mr. Jiang would probably never consider such a brutal method of entry. He would ask to be invited in.

            No need for skullduggery or trickery.  The NASA manager gave him the key to the front door.

        • dogstar29 says:
          0
          0

          I agree that passwords should not be easily guessed. The essential question is how long did it take you to discover each individual password? If it was ten or twenty tries then changing the password every 60 days would provide  _absolutely_ no protection against it being guessed. In fact, changing passwords every 60 days for ten years as NASA requires (60 different passwords on each system with different password requirements on different systems) makes it virtually impossible for the average user to remember a password _unless_ it can be easily guessed. 
          Probably the valuable corrective action you provided was not that the passwords should be changed at fixed intervals, but rather that they should not be easy to guess based on knowledge of personal data.As long as the password isn’t trivial to guess, brute forcing passwords can be prevented by reasonable limitations on the number of incorrect passwords that can be entered per hour, day and week. This makes it impossible to guess all or even most possible passwords in the life of the user while allowing a reasonable number of mistakes, which will be very rare if the password isn’t changed.The problem with NASA policy is not the desire for security, it is lack of understanding by policymakers of either the actual methods used in most IT exploits, the human factors limitations of the users, and the fact that  human factors cannot be altered by management edict.

        • Eli Rabett says:
          0
          0

           There is a Feynman story something like this
          http://www.mikepope.com/blo

  2. John Gardi says:
    0
    0

    Folks:

    Witch hunt!

    tinker

    • Gonzo_Skeptic says:
      0
      0

      Witch hunt!

      The real witches are the NASA managers who arbitrarily circumvented and violated rules for access to information.  Once someone is behind the network firewall, the sky is the limit.

      • John Gardi says:
        0
        0

        Gonzo:

        This does nothing but bring Rep. Wolf prominence while punishing NASA for ‘not playing ball’ on other matters like commercial crew. Since he’s losing that argument in a big way, he’s lashing out at them any way he can devise. His researchers probably told him that ‘China bashing’ was a ‘hot button issue’, so he just had to figure out how to incorporate that into his committee work somehow.

        What Mr. Wolf doesn’t get is that instead of trying to prevent China for getting American technology, he should be focusing on America utilizing that technology to the fullest of American ingenuity (which he obviously has lost faith in). He could be helping create an environment where everybody benefits, not just his constituents.

        America’s technology is falling behind because of the actions and attitudes of lawmakers like Mr. Wolf. Nothing is gained by his personal vendetta on NASA except to stifle lost opportunities.

        For instance, since when did becoming a successful immigrant entrepreneur like Elon Musk become being an upstart, a rouge player, instead of one of the finest examples of the ‘American Way’ we’ve seen in years?

        Yeah… witch hunt is the proper phrase here.

        tinker

        • Gonzo_Skeptic says:
          0
          0

          I agree that Mr. Wolf has a big grudge against NASA for various reasons. 

          However, NASA managers play right into his hands by violating network access rules for foreign nationals (not just Chinese foreign nationals).  Since a lot of ITAR sensitive information is stored behind firewalls that should not be accessed by foreign persons, allowing unauthorized access IS a big deal.  ITAR is the law whether you or I like it or not.

          I deal with ITAR every day, and it really is a significant burden on programs, but I do it because it’s part of my legal and contractual obligation.

          And it bothers me that all the information I took the trouble to mark and protect as ITAR sensitive can be quickly accessed by unauthorized persons because some NASA managers think their project’s needs are more important than the law.

          • Jim Oberg says:
            0
            0

            Amen to “And it bothers me that all the information I took the trouble to mark and protect as ITAR sensitive can be quickly accessed by unauthorized persons because some NASA managers think their project’s needs are more important than the law.”

            In the mid-1990s I saw at JSC how workers and managers with their own agendas — make the world friendlier through space cooperation — routinely circumvented export controls to make nice-nice with Russian colleagues. If Russia expressed concern at ‘hostile’ actions such as FBI interviews with NASA employees on site, it was easy enough to be nice, and forbid the FBI access to NASA employees. If Russians said that they objected if anybody on the US side with ‘too much’ insight into the Russian space program or Russian culture got involved in joint projects, since their expertise showed they must have been spies, NASA managers made sure to select teams for their LACK of outside knowledge of such subjects. The attitude that they were ethically superior to [and thus not bound by] US law and security regulations seemed pretty widespread to me. 

    • chriswilson68 says:
      0
      0

      “Witch hunt!”

      I don’t think we as the public have enough information to decide whether this is a witch hunt or not.  It all depends on what data they found on him.  It will all come out at trial.

      Frank Wolf may be inclined to say anything he likes without evidence, but the people at the FBI are professionals and there are serious negative consequences for them if they arrest someone without sufficient evidence.

      • dogstar29 says:
        0
        0

        I am not aware that there are any repercussions for the individual agent for false arrest. Wen Ho Lee, a scientist at Los Alamos who was arrested and imprisoned on suspicion of espionage was eventually awarded $1.6M in civil damages but so far as I know there were no negative consequences for the agents involved.
        http://en.wikipedia.org/wik

        The FBI has an excellent reputation overall but there have been other cases where a member of Congress has apparently been able to trigger an investigation or arrest without the same level of scrutiny a member of the public would face.

  3. Ralphy999 says:
    0
    0

    I am shocked, shocked I tell you. WHo woulda thunk it? I didn’t think this could happen. And also Mr. Musk is way too paranoid for refusing to use the US patent system.

    Mr. Wolf needs to shush up and quit making accusations.

  4. Jonathan A. Goff says:
    0
    0

    I’m a little confused here. ITAR has an exemption carved out for information developed during openly publishable fundamental research performed at institutes of higher learning. As I understand their situation, NIA probably qualifies as an institute of higher learning. Here’s an excerpt I found after a quick googling:

    “Information is also in the public domain if it is made generally
    available to the public “through unlimited distribution at a conference,
    meeting, seminar, trade show or exhibition, generally accessible to the
    public in the United States” or “through fundamental research in
    science and engineering at accredited institutions of higher learning in
    the U.S., where the resulting information is ordinarily published and
    shared broadly in the scientific community.” 22 CFR 120.11(6), (8)”

    That’s from http://osp.mit.edu/complian

    Admittedly, as the MIT site points out, there is a lot of ambiguity in the wording of the law, but from my experience the way MIT interprets it seems to be the standard approach at most schools (and also the approach the DoD and NASA likely take).

    I just hope at the end of the day, that they have real evidence of criminal intent and wrongdoing on the part of this guy, and not just that he accidentally crossed some ambiguously-defined line.

    How they handle this could potentially have a really chilling and strongly negative impact on how university research in aerospace fields is conducted in this country. I hope they think this through carefully and that this isn’t just a witchhunt.

    ~Jon

  5. Gonzo_Skeptic says:
    0
    0

    Hasn’t Mr. Wolf heard about the internet?

    If all this guy was stealing was information, he  could have easily encrypted it and sent it somewhere.  No need to physically move it.

    I think the primary issue is that he was allowed access to information he should not have had access to in the first place.

    Also, if Wolf wants foreign nationals working on NASA programs, he should start with JPL, which is run by CalTech.  In my experience, CalTech has a serious attitude problem when you question them about whether or not the person you are speaking to is a foreign national.

    • chriswilson68 says:
      0
      0

      “If all this guy was stealing was information, he  could have easily
      encrypted it and sent it somewhere.  No need to physically move it.”

      He might have feared that if he sent it over the network he would have been found out more easily, whether that was a correct fear or not.  You never know for sure what the NSA is watching.  With a memory stick he might have felt more in control.

      • Steve Whitfield says:
        0
        0

        Also, China, to the best of my knowledge, is the only country to have defied the end-to-end nature of the internet by admittedly monitoring and censoring its content.  Possibly a Chinese national might assume that other countries do so as well, despite what he may have been told.  For that matter, how do any of us know for sure?  Are we to believe everything we’re told?  If one, or many, countries were monitoring, and maybe even censoring, internet content, who could tell?  Is any agency anywhere actually looking for this?

        • Gonzo_Skeptic says:
          0
          0

          Given the volume of traffic on the internet, I would think a few GB of encrypted information would be virtually impossible to detect.

      • Gonzo_Skeptic says:
        0
        0

        I think when we finally learn what was on those memory devices, it will be something ridiculous and harmless like 500 GB of porn.

        And why bother to steal the laptop? The Chinese make them for us.

        • dogstar29 says:
          0
          0

          There is no documentation to suggest Jiang ever stole a laptop. The two laptops with him at the time of his arrest were apparently his personal property. There is an assertion in the FBI statement that he took a NASA laptop with him on a previous trip to China. There is no documentation to suggest that he did not have permission to do so, or that it was not properly returned. There is an assertion that the laptop contained “sensitive information”. There is no documentation as to what that information was or why it was “sensitive”. 

          Obviously if Mr. Jiang were a spy intent on stealing information on his laptop, he would not need to take his laptop to China in order to do so. I should also note that NASA did not even release the name of a NASA employee who lost a laptop containing names and social security numbers, so if this is a violation of law its enforcement seems spotty to say the least.

      • dogstar29 says:
        0
        0

        Had Jiang been an actual spy he would have encrypted the data and sent it from the public library. There is so far no evidence that his laptops contained any data that was classified, proprietary, confidential or specifically marked as restricted. The problem with ITAR is that essentially any information of any kind is restricted unless it is specifically identified as unrestricted, even if it has been freely available on the internet for years. ITAR means International Traffic in Arms. It doesn’t mean “official secrets act”. Its application to information has been a classic case of mission creep.

    • 2004MN4 says:
      0
      0

      “In my experience, CalTech has a serious attitude problem when you question them about whether or not the person you are speaking to is a foreign national.”

      Yeah, we tend to get offended by that crap out here.  We resent having to pass up on talented people who were born into the wrong nationality and ethnicity and settle for second best.  We tend to think that someone born in China can be just as trustworthy as someone born in Virginia.      We also are smart enough to know that Tsien’s logarithm tables (or the modern equivalent) are not national security risks and we resent having to deal with bureaucrats who don’t know that.  We work daily with people from all over the world who are trustworthy, know their stuff, hardworking, and are now patriotic Americans.   We work hard on hard problems and we want the best people even if they are Chinese, Indian, or Middle Eastern.

  6. JimNobles says:
    0
    0

    I’m no fan of Rep. Wolf but if Mr. Jiang was on the plane and didn’t tell the officers about the extra laptop, sim card and etc. when they asked then that doesn’t look good.

    • Gonzo_Skeptic says:
      0
      0

      the extra laptop, sim card and etc. when they asked then that doesn’t look good.

      If this guy stole anything and shipped it to China, he did it before this incident.  If there is any information in that laptop or sim card or etc. that could not be easily sent over the internet, I will be surprised.

      Why try to steal the whole barn when the horse inside is so much more portable?

    • dogstar29 says:
      0
      0

      Perhaps you were never in a foreign country have never had a powerful politician label you as an American spy, even though you were just a former graduate student trying to do a good job for your employers, who had invited you to work for them because they thought you were a capable scientist. Being from a foreign country, you might be afraid the secret police would come knocking on your door. You would panic and through your things in a bag and try to get out of the country. Sitting on the plane, finally feeling safe, the secret police would ask to have “a word” with you, and ask for all the electronic devices you had. Of course if you were really a spy you would have encrypted the data and sent it over the internet from the local library. But you’re not. You are sweating, wondering if you will ever see your family. They would not warn you that they would use anything you said against you. They would not warn you that if you forgot a memory stick (even if you named several devices, the first ones that came into your head) you would be imprisoned. They would certainly not warn you that you had the right to have an attorney present before answering questions. Having been declared a spy by the government, you have no such rights. Even in America.
       

  7. Kevin Parkin says:
    0
    0

    http://chantilly.patch.com/

    Rep. Wolf, would you support physical/network Penetration Testing?  Essay writing is all well and good, but it’s not reality, doesn’t change behavior, and nobody reads the essays.

  8. Andrew B says:
    0
    0

    Perhaps this is why ntrs.nasa.gov is down.  

  9. SpaceMunkie says:
    0
    0

    can someone explain to me how a foreign national (never mind a hostile national) gets a job working for NASA when every job posting says that citizenship is required? My Canadian buddy would love to know.

    • Ralphy999 says:
      0
      0

      Tell your buddy to apply for a graduate education at one of the universities that make up the National Institute of Aerospace which is a partner of the Langley center. He will be put to work right away.

      • MIhammock says:
        0
        0

         or any of the other umpteen universities (like MIT) that NASA farms work out to…they are all staffed by chinese nationals doing the work.

      • Robin Seibel says:
        0
        0

        Note that universities have to adhere to the same ITAR restrictions, so certain research projects are not available to foreign nationals.

    • Stuart J. Gray says:
      0
      0

      I was once denied a clearance to work on a classified program while the son of the Iraqi defense minister had a clearance. He had an Iraqi Dinar pinned to his office wall with his father’s picture on it….go figure…

    • dogstar29 says:
      0
      0

      Your friend can apply with almost any non-defense US company, and if he is hired he can probably get a green card. All major US universities recruit foreign students as they bring in tuition and not many Americans are interested in the really difficult subjects.

  10. dogstar29 says:
    0
    0

    Perhaps we should gather the facts before we jump to conclusions. Was any of the information on Bo Jiang’s laptops and memory sticks classified? Given that even the cafeteria menus are ITAR restricted, was any unclassified information he had actually unavailable from other sources and critical to national security? It sounds like he did valuable work in China before coming to the US. Did the US steal this information from China? 

    Don’t get me wrong; lying to federal agents is a serious crime. But they do not have to read you your rights and it’s easy to get in deep trouble without realizing it; just ask Martha Stewart. As to leaving the country, there is nothing illegal about doing so and if I had Frank Wolf telling the entire world I was a criminal I might feel a bit unwelcome as well. 

    Let’s find out what the story is before we jump to conclusions.

    • Steve Whitfield says:
      0
      0

      Nicely put.  Innocent until proven guilty; I hope that will be remembered, whatever the final outcome, because the whole world will be watching.

      Another thing I haven’t seen mentioned — The Chinese scientists and engineers are not Cro-Magnons.  They are probably, on average, as smart and as capable as those in any other country.  So instead of laptops and memory sticks full of data and designs, all they’d really need is basic concepts to be able to recreate a lot of other country’s technologies and improvements.  When you get into some of the military stuff all you really need is the operating frequencies in order to disable your opponents’ electronics.

      If these guys are smart enough to know what to “acquire,” then they’re quite likely smart enough to figure out how to get the necessary stuff into a small package (maybe in a prearranged code), and without getting caught.

      And that creates another thought — if there really is spying and stealing going on, and if this guy was seemingly so easily caught, then maybe he’s the distraction, capturing everyone’s attention, while the real thief is still here sending stuff “home” by email or web page source code.  Or, maybe Wolf himself is the spy! and this is his way of avoiding suspicion.  Right; enough silliness; back to work…

      • Andrew_M_Swallow says:
        0
        0

         Another thing I haven’t seen mentioned — The Chinese scientists and
        engineers are not Cro-Magnons.  They are probably, on average, as smart
        and as capable as those in any other country.  So instead of laptops and
        memory sticks full of data and designs, all they’d really need is basic
        concepts to be able to recreate a lot of other country’s technologies
        and improvements.  When you get into some of the military stuff all you
        really need is the operating frequencies in order to disable your
        opponents’ electronics.

        To attack a radio you may only need the frequencies it works on but to copy it you need a full set of blue prints including the parts list.  Chinese industry, like the Japanese before them, are Hi-Tech copiers.

      • Veri1138 says:
        0
        0

        It is not as simple as you put it. Technical intelligence is, well, very technical. It is a long stretch from knowing the basic research to actually putting it to use. For instance, the Chinese know some technical information regarding modern Russian jet engines for use in fighters. They even have sample provided by Russian arms exporters. The problem is that they are still unable to create a jet engine that lasts as long as the OEM jet engine.

        If what you say were true, China would be fully capable of putting a man on the Moon. Since your rationalization is a fallacy, they are not. And neither can they build more reliable, longer lasting jet engines despite even having the damn things.

  11. James Lundblad says:
    0
    0

    I think this would make an interesting movie: http://en.wikipedia.org/wik

    Complete with subtitles: http://www.youtube.com/watc

  12. no1special2013 says:
    0
    0

    You know none of this surprises me at all and this is just the tip of the ice berg. NASA’s “culture” is its own worst enemy because everyone uses the “culture” to excuse all the bad behavior = security violations because they are to lazy or inconvenienced to follow what our own NPR’s say. Then when you conduct functional reviews to ensure compliance, the Centers either complain about how things aren’t vulnerable, don’t want to follow the NPR because it “changes their business processes”, or some other lame excuses. Maybe this is or isn’t serious, but it better be a wake up call to people to take things more seriously.

    • Veri1138 says:
      0
      0

      Your post reminded me about a Los Alamos incident a few years back. Local police raided a cocaine trailer home and discovered volumes of classified information.

  13. John Gardi says:
    0
    0

    Folks:

    A few tip on passwords from an old… hand.

    I don’t know any of my online passwords, not a single one. They are all random alpha numeric strings as long as the password allows (or 20 digits, whichever comes first). These long, random passwords will help protect your online accounts from being hacked if the provider’s user files get stolen. I write those down on paper and secure those copies in the usual manner. Then I get my portable web browser to remember the passwords and put the browser on an encrypted SD card or USB stick which is locked with a 20 digit alpha numeric password that I do remember. But hear’s the sneaky part, the Stick has another password only 6 characters long. If the other simple password is used another pristine web browser runs that has no passwords at all. It also destroys the browser with the passwords. Plausible deniability. What I end up with is my web browser with all my passwords, bookmarks, history, fonts and addons that I can use on any computer without leaving a trace. If I lose the SD card, no big deal because Nobody could crack it.

    Do I personally need that kind of security? Let’s just say, not any more, but old habits die hard and I’m a ‘practice what you preach’ kinda folk. The lesson here is that ‘best practices’ don’t have to be hard for the average user. You don’t have to make their lives a misery to have adequate security. The tips I describe above can work for a department or agency, not just the individual. It’s scalable. I know this for a fact.

    tinker