The Fake Researcher Who Stole America’s Top Space and Weapons Software

A massive security breach has rocked the U.S. space agency after it was revealed that NASA employees were tricked into handing over sensitive defense technology to a foreign agent. For years, engineers and researchers believed they were simply collaborating with fellow American scientists on routine projects. In reality, they were victims of a high-stakes “catfishing” scheme orchestrated by a Chinese national who spent years impersonating U.S. colleagues to steal proprietary software. The stolen data wasn’t just office files; it included advanced modeling tools used for designing aerospace vehicles and high-tech weaponry.

The man behind the curtain has been identified as Song Wu, an engineer who worked for a state-owned Chinese defense conglomerate. According to the U.S. government, Song didn’t use brute-force hacking to get what he wanted. Instead, he used “spear-phishing”—a method where an attacker does deep research on a target and creates a fake identity that seems perfectly trustworthy. By pretending to be a friend or a fellow engineer from a different department, he convinced brilliant NASA staff and military researchers that he was one of them. This allowed him to bypass traditional security because the victims thought they were just helping a “coworker” with a software request.

From NASA to the Navy: A Massive Web of Deceit and Export Fraud

The scale of this deception is breathtaking. It wasn’t just NASA that got hit; Song’s campaign targeted dozens of professors, researchers, and engineers across the United States. His reach extended into the Air Force, the Navy, the Army, and even the Federal Aviation Administration (FAA). In several cases, the trick worked. Highly specialized source code and design programs were emailed directly to accounts managed by Song, effectively bypassing strict U.S. export control laws. These laws are in place specifically to prevent high-end military technology from falling into the hands of foreign rivals, but Song’s personal touch made the victims forget their training.

The FBI has now added Song to its Most Wanted list, warning that the software he obtained has direct military applications. This specialized code can be used to develop advanced tactical missiles and to test how new weapons move through the air. Essentially, Song provided the Chinese military with a shortcut to advanced American technology, saving them years of research and millions of dollars. Despite being indicted on multiple counts of wire fraud and identity theft—which carry a potential 20-year prison sentence per count—Song remains at large, presumably protected by the very government that funded his mission.

Recognizing the Red Flags of an International Scam

In the wake of this disaster, the NASA Office of Inspector General is trying to teach its staff how to spot these fake colleagues before it’s too late. While Song was very good at his job, he did leave behind clues. For example, he would often ask for the same software multiple times and could never quite explain why he needed it for his “research.” He also frequently suggested strange payment methods or tried to mask his identity through unconventional transfer methods. These are classic signs of someone trying to evade shipping restrictions and export laws.

As phishing attacks become more personal and harder to identify, security experts are urging government employees and private contractors to be more skeptical than ever. A simple email from someone claiming to be a “friend” can lead to a massive national security crisis. This case serves as a grim reminder that in the world of modern espionage, a friendly conversation is often more dangerous than a sophisticated computer virus. The U.S. government is now racing to tighten its collaboration rules, but for the data already lost to Song and his team, the damage may already be done.