Xiang Li (hacker)

Early Life

Xiang Li was born in Chengdu, China in 1979. He continued to operate from Chengdu throughout his criminal activities.

Career

Beginning in 2008, Li operated a website known as CRACK99, which sold stolen, cracked software to customers around the world. The software he distributed had been stripped of its access controls through software cracking techniques and spanned a wide range of high-value industrial and government applications. Categories included aerospace and aviation simulation and design, communications systems design, electromagnetic simulation, explosives simulation, intelligence analysis, precision tooling, oil field management, and manufacturing plant design. Over the course of his operation, Li conducted approximately 600 illegal transactions, accumulating more than $100 million in stolen software sales.

Investigation and Arrest

One of the software titles listed on CRACK99 was Satellite Tool Kit 8.0 (STK), a product developed by Analytical Graphics Incorporated (AGI) used by the U.S. military to simulate missile launches and the flight trajectories of aircraft and satellites. AGI alerted U.S. Department of Homeland Security Investigations to the listing in December 2009. A joint undercover investigation was subsequently launched in 2010 by the Department of Justice, Homeland Security, and the Defense Criminal Investigative Service. Federal agents purchased STK and other advanced software from CRACK99 as part of the operation.

Undercover agents posed as criminals reselling software sourced from CRACK99 and engaged Li in extended email and Skype communications about expanding sales in the U.S. market. Li agreed to meet the agents in Saipan to discuss future business. On June 6, 2011, Li met with the undercover agents and provided them with 20 gigabytes of proprietary data allegedly hacked from a defense contractor. The data included military and civilian aircraft image models, a software module containing data associated with the International Space Station, and a high-resolution three-dimensional imaging program. Li was arrested shortly after the meeting and, after waiving his right to remain silent, confessed to his crimes.

Conviction and Sentencing

A federal grand jury indicted Li on multiple federal charges. In January 2013, the federal district court in Delaware accepted his guilty plea to one count each of conspiracy to commit criminal copyright infringement and conspiracy to commit wire fraud, offenses carrying a combined maximum of 25 years of incarceration.

At a sentencing hearing held in June 2013, Li argued that software piracy was widespread in China, estimating that millions of people in the country engaged in similar conduct. The U.S. government acknowledged the prevalence of software piracy in China — citing a report that placed the country's illegal software market at $9 billion out of a total market of nearly $12 billion in 2011, a piracy rate of approximately 77 percent — but argued that prevalence did not constitute a legal defense. The government also emphasized the advanced, military-applicable nature of the software Li had distributed.

The court characterized Li's conduct as "nothing less than a crime spree" that was "brazen," and found that the highly sophisticated software had reached individuals and countries not authorized to possess it. Li was sentenced to 12 years in federal prison, which was reported as the longest criminal copyright sentence ever imposed. The case was later featured in the CNN documentary series Declassified.

Notable Customers

Among Li's American customers was Dr. Ronald Best, identified as the Chief Scientist of a U.S. defense contractor working in radio communication, radar, and microwave technology. Best purchased more than $600,000 worth of cracked software from Li and used it to design components for Patriot missiles and radar systems for Marine One and the U.S. Army's Blackhawk helicopter. Another customer, Cosburn Wedderburn, purchased over $1 million in stolen software from CRACK99 while employed as a NASA engineer.