The inside story of catching a cyberpirate

(CNN)When they discovered what was going on, US authorities were shocked. A man named Xiang Li was selling high-end defense software from his home in Chengdu, China, to anyone who could pay the going price. It posed a serious threat to America's national security.

Li and his website CRACK99 became the focus of an undercover US investigation in 2010, led by former US Navy intelligence officer and federal prosecutor David Locke Hall.
Eventually US prosecutors and agents learned that Li's black market clients included an American engineer at NASA and a defense contract employee who worked on software for the radar system on Marine One, the helicopters used to fly the President of the United States.
When it was all said and done, Li became the only software pirate ever lured from China to the United States for prosecution, according to Hall. Prosecutors believe CRACK99 racked up a total of $100 million in sales out of an inventory worth $1 billion on the black market.
Cyber-pirate didn't 'care who his customers were'
crack99 takedown declassified ron_00011827

    JUST WATCHED

    Cyber-pirate didn't 'care who his customers were'

MUST WATCH

Cyber-pirate didn't 'care who his customers were' 01:06
CRACK99 made US defense industry software easily available to rival nations like Russia and China, as well as to terrorist groups. American contractors who bought software from CRACK99 for use on defense projects exposed their otherwise secure computer systems to malware and spyware.
    After an 18-month undercover sting operation, Hall and federal agents from Homeland Security Investigations and the Defense Criminal Investigation Service caught Li red-handed and hauled him back to the US for trial. He was convicted of conspiracy to commit wire fraud and conspiracy to commit criminal copyright infringement and sent to a federal prison in Fort Dix, New Jersey. Li was given a 12-year sentence in 2013 -- described by Hall as the heaviest US criminal copyright infringement sentence ever imposed.
    CNN spoke with Hall about the operation, which is featured in CNN's Original Series "Declassified," and is the subject of Hall's book, "CRACK99, The Takedown of a $100 Million Chinese Software Pirate."
    The riskiest moment of the entire undercover operation, Hall said, took place at a hotel on the island of Saipan, a US territory located in the western Pacific, about 120 miles north of Guam. It was the first time Hall and a team of US undercover agents had come face to face with Li after months of dealing with him online. Once Li admitted he was the man who had sold the illegal software, they arrested him and put him in handcuffs.
    Questions and answers below have been edited for clarity and length.
    David Locke Hall: The riskiest moment is always contact with your target. Meeting with him -- you don't really know what he's thinking. You have to have a plan for what to do if things go sideways.
    CNN: Did you feel like he posed a physical threat to you and your team?
    Hall: When you look at him, he doesn't look very threatening. He was sort of pudgy, wearing a Hawaiian shirt. He doesn't look like a hardened criminal. But looks can be deceiving. The fact he's wearing a Hawaiian shirt doesn't mean that he doesn't have the potential to be dangerous.
    CNN: After he was arrested, Li gave you and your team permission to search his hotel room. Xiang Li's mother-in-law and son were there. How did you handle that?
    Hall: Undercover operations are inherently dangerous. There's always the possibility of violence so you want to make sure innocent third parties are kept separate and apart from that.
    Li's clients included a contractor who worked on radar software for Marine One, seen here.
    I did not feel sorry for Xiang Li at that moment but I did feel sorry for his son and I think the agents did as well -- and his mother-in-law -- because they had nothing to do with this.
    You can imagine from their point of view they're going on this mini-vacation to Saipan to go swimming and have some laughs and next thing you know dad is arrested.
    We were trying to minimize the extent to which this could be traumatic for the son. So I took him downstairs to get an ice cream cone.
    Law enforcement officers are people and you do have to harden yourself from what you do for a living. You are inflicting pain on people -- which personally I don't find pleasant -- but you're doing it for a reason.
    It's a bad day for the son because he's going to be without his father for a number of years.
    You're not going to make everything better with an ice cream cone, but it's, at least, something.
    CNN: Saipan had a personal significance for you. Could you describe that?
    Hall: It was an interesting coincidence that we were conducting this undercover operation on Saipan, which is an island where my father fought during World War II.
    As it happened, the hotel where Xiang Li was staying was right on Green Beach, which was the code name for the beach where my father landed with the US Marines. It was my dad's third out of five combat landings and it was a vicious, brutal battle with thousands of casualties.
    It occurred to me that my father and I were both at that place in hopes of advancing the security interests of the United States. Between the two of us, his contributions were much more significant but at least our motivations were the same.
    Hall arrested Li near this beach in Saipan where his father fought during World War II.
    CNN: Although you captured and successfully prosecuted Li, what was the biggest disappointment surrounding the case?
    Hall: I was never particularly satisfied with our answer to the question of how Xiang Li actually got this software.
    CNN: What's your opinion on how the US might improve its cybersecurity in ways that might reduce cyberpiracy?
    Hall: The US government tends to draw a bright line distinction between espionage and trade secret theft. Trade secret theft is often not viewed as significant as espionage.
    This is a mistake.
    That's not how our adversaries think about it. China in particular clearly views the theft of US technology and private US economic data as having equal importance to military secrets. As a whole, the government is not acting in a way that is commensurate with the threat.
    There needs to be an overarching national cyberstrategy.
    All these different aspects of cyberthreat need to be integrated and thought about deeply as a whole, because in any future war, the cyberworld will be a theater of operation.