When they discovered what was going on, US authorities were shocked. A man named Xiang Li was selling high-end defense software from his home in Chengdu, China, to anyone who could pay the going price. It posed a serious threat to America’s national security.
Li and his website CRACK99 became the focus of an undercover US investigation in 2010, led by former US Navy intelligence officer and federal prosecutor David Locke Hall.
Eventually US prosecutors and agents learned that Li’s black market clients included an American engineer at NASA and a defense contract employee who worked on software for the radar system on Marine One, the helicopters used to fly the President of the United States.
When it was all said and done, Li became the only software pirate ever lured from China to the United States for prosecution, according to Hall. Prosecutors believe CRACK99 racked up a total of $100 million in sales out of an inventory worth $1 billion on the black market.
CRACK99 made US defense industry software easily available to rival nations like Russia and China, as well as to terrorist groups. American contractors who bought software from CRACK99 for use on defense projects exposed their otherwise secure computer systems to malware and spyware.
After an 18-month undercover sting operation, Hall and federal agents from Homeland Security Investigations and the Defense Criminal Investigation Service caught Li red-handed and hauled him back to the US for trial. He was convicted of conspiracy to commit wire fraud and conspiracy to commit criminal copyright infringement and sent to a federal prison in Fort Dix, New Jersey. Li was given a 12-year sentence in 2013 — described by Hall as the heaviest US criminal copyright infringement sentence ever imposed.
CNN spoke with Hall about the operation, which is featured in CNN’s Original Series “Declassified,” and is the subject of Hall’s book, “CRACK99, The Takedown of a $100 Million Chinese Software Pirate.”
The riskiest moment of the entire undercover operation, Hall said, took place at a hotel on the island of Saipan, a US territory located in the western Pacific, about 120 miles north of Guam. It was the first time Hall and a team of US undercover agents had come face to face with Li after months of dealing with him online. Once Li admitted he was the man who had sold the illegal software, they arrested him and put him in handcuffs.
Questions and answers below have been edited for clarity and length.
David Locke Hall: The riskiest moment is always contact with your target. Meeting with him — you don’t really know what he’s thinking. You have to have a plan for what to do if things go sideways.
CNN: Did you feel like he posed a physical threat to you and your team?
Hall: When you look at him, he doesn’t look very threatening. He was sort of pudgy, wearing a Hawaiian shirt. He doesn’t look like a hardened criminal. But looks can be deceiving. The fact he’s wearing a Hawaiian shirt doesn’t mean that he doesn’t have the potential to be dangerous.
CNN: After he was arrested, Li gave you and your team permission to search his hotel room. Xiang Li’s mother-in-law and son were there. How did you handle that?
Hall: Undercover operations are inherently dangerous. There’s always the possibility of violence so you want to make sure innocent third parties are kept separate and apart from that.