For years, NASA employees and research collaborators thought they were simply sharing software with colleagues. Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers. Thanks to the NASA Office of Inspector General (OIG) and federal partners, this long-running ruse was revealed—halting further spread of protected information to foreign adversaries.
To safeguard national security, the United States has established export controls that restrict the transfer of equipment, software, or technology to other countries. When NASA personnel fail to follow these regulatory mandates, even inadvertently, the OIG steps in to protect critical data, intellectual property, and defense-related articles.
To this end, the Office of Audits issues an annual letter to Congress summarizing NASA’s cooperative agreements with China, as well as recent reports related to the Agency’s information technology security. In parallel, the Office of Investigations pursues those who violate export controls and maintain inappropriate associations with foreign entities. In the last decade, OIG investigators have initiated more than 80 cases related to export control violations, totaling over $5.8 million in monetary impact.
Several years ago, the Office of Investigations Cyber Crimes Division (CCD) received a report that someone had created a Gmail account claiming to be an established aerospace professor who frequently collaborated with NASA. The impersonator was messaging colleagues requesting access to export-controlled software and source code, including aerospace engineering software developed and maintained by NASA.
As CCD continued to investigate, it became clear this was not an isolated incident. In fact, the impersonator—later identified as Chinese national Song Wu—had targeted dozens of U.S. professors, researchers, and engineers between January 2017 and December 2021. Some of the victims were from government entities such as NASA, the Air Force, the Navy, the Army, and the Federal Aviation Administration, while others were employed at major universities and private companies.
Song was an engineer at a Chinese state-owned aerospace and defense conglomerate that manufactures civilian and military aircraft. He and his unknown co-conspirators sought to obtain modeling software used for aerospace design and weapons development. They conducted extensive research on their targets, masquerading as real friends and colleagues in need of software copies or source code that could be used to rebuild or modify the applications. In some instances, the scheme worked and victims unwittingly violated export control laws by sharing this sensitive information.
In September of 2024, following a joint investigation by NASA OIG and the Federal Bureau of Investigation, Song was indicted on 14 counts of wire fraud and 14 counts of aggravated identity theft. He faces a maximum sentence of 20 years in prison for each count of wire fraud, and a two-year consecutive sentence if convicted of aggravated identity theft. He remains at large and there is a federal warrant for his arrest.
“Cases like this underscore the importance of complying with export controls and staying vigilant, even during everyday email exchanges,” said Ryan Pittman, the Special Agent in Charge of CCD. “At NASA OIG, it’s our job to protect the Agency’s cutting-edge technology and expose cyber criminals who attempt to steal it.”
As phishing campaigns continue to become more sophisticated, there are common clues that can betray scammers and expose their export fraud schemes. In Song’s case, he made multiple requests for the same software and did not justify why he needed it. Export control scammers also often suggest unusual payment methods (such as suspicious wire transfers); abruptly change the terms or source of payment; and use unconventional transfer methods to mask their identity and evade shipping restrictions.
By holding these bad actors accountable, the OIG protects NASA’s research and technology while preserving international agreements, economic interests, and national security.
If you suspect fraud or misconduct at NASA or its programs, contact OIG investigators via the hotline.
