The consequences have been enormous. Billions of dollars’ worth of intellectual property, US government policy secrets, and military technology are only a few examples of stolen secrets. Since 2003, 123 Chinese agents have been identified in the United States. How has China become so effective at espionage? For starters, Chinese politics are far more forgiving, since there is only one political party. If caught spying, China’s government can more easily recover politically than a liberal Western democracy with free press. As a result, they are willing to take exceptional risks. The United States, China’s usual target, is a free and open society, and the Chinese have found it remarkably easy to place thousands of spies right under US noses. Let’s take a closer look at how China has been spying on Western civilization.
10 Mosaic TheoryThe ‘Human Wave’
The mosaic theory describes an intelligence collection method wherein thousands of amateurs, or a “human wave,” are dispatched to collect small bits of information, be it corporate, academic, media, and so on. The collection technique also applies to discrete and seemingly harmless cyber penetrations. This information is purportedly pieced together later into a “mosaic” by more professional analysts. The theory is difficult to prove, since much of the information collected doesn’t necessarily qualify as espionage and is therefore not investigated. But if it’s true, as some experts believe it is, then the US and other rich nations are riddled with thousands of resident spies methodically collecting bits of seemingly innocuous information. However, some experts point out that this “human wave” isn’t necessarily organized or controlled by an all-powerful Chinese intelligence agency. Instead, China has created market incentives for spying, demanding exponential growth and technological advancements. The government encourages such investment via its publicly known “863 Program,” which provides funding to Chinese firms with very few strings attached. Firms often use this extra cash to conduct corporate espionage and get ahead of the game. Stratfor, a private intelligence firm, estimates that 70 percent of Chinese intelligence operations are not directed by professional intelligence agencies but rather by various commercial institutes, scientific agencies, and media outlets. Sratfor reports: “These entities often compete among themselves, sending agents out on the same missions as part of China’s mosaic approach to gathering intelligence.” Such a patient approach can take a long time, even years, to produce valuable intelligence, but it eventually pays off. In a 1999 Congressional hearing, a committee admitted that China had succeeded in acquiring WW-88 nuclear warhead designs over the course of two decades. A report by Senator Rudman described the operation as “very proficient in the art of seemingly innocuous elicitations of information.” And because each small piece of information gathered was innocuous by itself, US counterintelligence authorities found it extremely difficult to identify and prosecute the suspected spies. Intelligence professionals and other experts warn against putting too much faith in the mosaic theory, since it leads to a counterproductive mistrust of Chinese nationals and distracts from the activities of professional Chinese intelligence services. That is, perhaps, the entire point of China’s mosaic tactic—distraction.
9 Chen Di Yu
Chen di yu translates to “fish at the bottom of the ocean” and describes what Western intelligence agencies would refer to as a “sleeper agent” or a “seeding operation.” The concept is deeper than that, however, and in practice, reflects Chinese values of patience and methodical planning. Chen di yu can refer to either Chinese-born recruits, often trained specifically for their mission, or recruited foreign agents with access to sensitive information. In the first case, a Chinese national will emigrate to the US and dedicate their entire life, or at least most of it, to a specific mission. They will attempt to be hired by a targeted US company or government agency like the CIA and truly live the part for the foreseeable future. The case of Chi Mak is a telling example. In 2008, Chi Mak was arrested in Los Angeles for sending sensitive US Navy documents—filled with system information on ships, submarines, and weapon systems—to Chinese intelligence. He admitted in court that the operation had been planned in the 1970s, when Mak was trained in specific technical expertise that would allow him to begin a career in the US defense-industrial establishment. Also in 2008, authorities arrested Dongfan Chung, a Boeing engineer, for stealing space shuttle and rocket documents for Chinese intelligence. He, too, was given orders from Beijing dating as far back as 1979. There are dozens of other examples like this. As noted before, China doesn’t limit its operations to Chinese nationals. In one case, Chinese intelligence approached and recruited US college student Glenn Shriver while he was completing a semester abroad in China. Shriver was paid tens of thousands of dollars to apply to the US State Department and CIA, though he was not accepted to either one. He was arrested in 2010. As a result, the FBI even put out an instructional video to help US exchange students in China identify recruiting methods and techniques used by Chinese intelligence.
8 Corporate Espionage
As far back as 1998, US businesses ranked China as the top economic and espionage threat in a Fortune survey. The situation is even worse today. The Chinese government puts intense pressure on both private and state-owned firms to compete on a global scale. While the professional Chinese intelligence services, the Ministry of State Security (MSS) and the Military Intelligence Department (MID), focus on stealing military and political secrets, the government turns a blind eye and even provides funding for economic espionage. The 863 Program, mentioned earlier, is one such example of seemingly innocuous funding that is being used to steal intellectual property. There are endless examples of corporate espionage originating from China. In January 2016, 60 Minutes aired an account of a Chinese state-owned wind turbine company that bribed a susceptible employee from American Superconductor to gain proprietary source code. American Superconductor almost went out of business as a result, losing billions of dollars in sales. Even worse, when American Superconductor executives attempted to sue the culprits for $1.2 billion, Chinese hackers were found to be breaking into company files in an attempt to uncover the firm’s legal strategy. A particularly bold strategy favored by the Chinese is simply buying US companies with access to high-end technology. China National Aero-Technology Import & Export Corp. (CATIC) and Huawei are two such examples, and CATIC has direct ties to the People’s Liberation Army (PLA). CATIC bought US defense technology firm Mamco Manufacturing in 1990, and Huawei has attempted to buy various US tech firms, including 3com and Symantec. Members of Congress have raised concerns over Huawei’s continuing push to dominate the US telecommunication market, citing concerns that Huawei’s close ties with the Chinese government would allow exploitation of US networks. The Chinese also favor the method of purchasing front companies in the US as a way to illegally export US technology back to China. The FBI has estimated that over 3,000 companies have been fronts set up for Chinese spies. Economic espionage originates from both the Chinese government and private actors but mostly the latter. In a list of Chinese economic espionage cases released by the FBI, only four individuals (out of 29) who were successfully prosecuted for economic espionage–related crimes between 2008 and 2010 were involved with Chinese intelligence agencies. One of the most capable hacking units, knows as Unit 61398, is part of the PLA and specializes in attacking US firms from all economic sectors. US security firm Mandiant recently exposed their activities in a shocking report.
7 Academics And Scholars
Academics and scholars can engage in certain activities that are ideal for espionage. They move freely between academic institutions and research circles, travel frequently, and can even engage government officials under the guise of research. Chinese intelligence officers know this and have been known to infiltrate academic circles in order to gain access to potential recruits in the US. In some cases, the intelligence service will co-opt a Chinese academic or scientist, usually from the Chinese Student and Scholar Association, to spot potential recruits. Once the US target, a researcher, academic, or journalist, is identified, they will be given invitations to conferences or universities in China that are controlled by the MSS or MID. From there, Chinese agents begin to build a relationship with the target, offering incentives to remain in contact. As the relationship develops, the target will be asked for more and more sensitive information. If done correctly, the target is usually unaware that they are committing espionage. In other cases, a professional MSS intelligence officer may simply pose as an academic, scientist, or researcher. They will collect small bits of information from various academic gatherings that will eventually lead to a larger understanding of an unsolved puzzle. Remember the case of Chi Mak? His investigation led the FBI to one of his professionally trained handlers, Pu Pei Liang, who worked at the University of Guangzhou in China. His position allowed him to travel unnoticed to the US to meet with Chi Mak. A number of other known Chinese spies have an academic or research background as well—Peter Lee, Gwo-Bao Min, Bo Jiang, Hua Jun Zhao, and so on.
6 Chinese Journalists
Posing as the media in order to collect intelligence is usually espionage taboo. US policy outlaws it except for very unique circumstances, even requiring presidential approval. China, on the other hand, doesn’t play by the same rules as Western intelligence agencies, nor does it concern itself with the reputation of its journalists. Watch this video on YouTube China has historically used the New China News Agency, now known as Xinhua, as its favored cover for espionage. There is good reason for this: Journalists can move about in plain sight, ask intrusive questions, and investigate people, places, and governments in the open. It’s all part of their job. In the intelligence world, this is known as a good “cover.” Countries like the US avoid this tactic out of respect for freedom of the press; if everyone assumed that US journalists were spies, then they wouldn’t get the access they need to cover stories of importance. China couldn’t care less about journalistic integrity, because “freedom of the press” is a laughable concept in China. Xinhua isn’t just used as a cover, however. It also serves as a sort of open-source intelligence agency for government officials, translating and aggregating foreign news to produce specialized publications for high-level officials. (This part isn’t illegal, of course.) Former Chinese diplomat Chen Yonglin exposed the activities of Xinhua in 2005. His scathing accusations painted a picture of Chinese journalists reporting directly to the MSS or MID, all with a distinct and secret mission. Their mission was not just limited to spying, but also dispersing propaganda and pro–Communist Party news coverage. A Canadian journalist named Mark Bourrie exposed similar practices in 2012. Discussing his prior employment with Xinhua, Bourrie stated, “They tried to get me [ . . . ] to write a report for the Chinese government on the Dalai Lama using my press credentials as a way of getting access I wouldn’t otherwise have. [ . . . ] We were there under false pretenses, pretending to be journalists but acting as government agents.”
5 Diplomats
Diplomatic cover is an all too common method among global spy agencies for hiding spies in plain sight, and the Chinese are no different. The advantage of posing as a diplomat is the ability to rub elbows with policy makers, military officials, and even business leaders. Relationships can be developed, and targets for recruitment are quickly identified. This has been happening for years. In 1987, two Chinese military attaches were deported for attempting to buy secrets from an NSA employee, who also happened to be an FBI double agent. Senior US Defense Intelligence Agency analyst Ronald Montaperto was caught in 2006 using his regular liaison meetings with Chinese military attaches as a way to pass information to them. In 2011, Russians arrested Tun Sheniyun for attempting to steal sensitive information on the S-300 anti-aircraft system. Sheniyun was working for official Chinese diplomats as a translator. In 2012, the Japanese accused Li Chunguang, a first secretary in the Chinese embassy in Tokyo, for attempting to obtain secret documents related to military technology. China has also used diplomats to affect political change in the US, a method known in intelligence circles as “covert action.” During the 1996 election season, Beijing allegedly funneled millions of dollars into Democratic political campaigns. This plan, which US intelligence estimated cost around $1 million, was approved at the highest levels in Beijing and placed under the control of the MSS. The goal of the program would have been more favorable political treatment of China.
4 College Students
Chinese intelligence services take advantage of the roughly 15,000 Chinese students who arrive in the US each year. Intelligence agencies debrief these young academics when they return to China, collecting information on specific academic fields and research. The primary goal, however, is to keep the students in place and nurture their careers in specialized fields of study. Over time, amateur Chinese agents have spread throughout US industries, sending back small, but valuable, pieces of information. Recruits are usually contacted before they enter the US and are either coerced by the Chinese government or recruited willingly by appealing to their Chinese national identity. Lu Dong, a former Chinese agent and now an outspoken critic of the Chinese regime, says that most of these low-level operations are run through United Front Work Department and the Overseas Chinese Affairs Office, as opposed to the professional spy agencies like the MSS or MID. Because of the vast number of potential spies and the relatively benign information stolen (usually corporate secrets), it is nearly impossible to identify or track them, especially with limited resources.
3 Cyber Attacks
Cyber attacks are perhaps the most publicized crimes that originate from China. The NSA reported that China has hacked major US firms and government agencies almost 700 times over a five-year period. Despite recent assurances from Chinese President Xi Jinping that the government would stop these incidents, the attacks have hardly slowed. Cybersecurity company CrowdStrike documented seven cyber attacks originating from China in the first three weeks after the agreement. To be fair, many of the attacks may not have originated from state-controlled agencies. As noted before, Chinese firms are under extreme pressure to compete within the global economy, and they often turn to corporate espionage in order to do so. Operation Iron Tiger is a particularly troubling instance, originating from a Chinese hacking group known as “Threat Group 3390” or “Emissary Panda,” which doesn’t appear to be affiliated with the government. They have stolen trillions of bytes of data from defense contractors, intelligence agencies, FBI-based partners, and private entities in the electric, aerospace, intelligence, telecommunications, energy, and nuclear engineering industries. It’s possible that they sell this data to the highest bidder among Chinese tech firms. Even the popular Chinese computer manufacturer Lenovo has repeatedly been caught installing spyware on its computers. More and more, security experts are concerned that malware is being installed on the factory floor, as computer hardware is increasingly manufactured in East Asia. The Chinese government isn’t completely off the hook, either. Mandiant recently exposed a secretive unit inside the Chinese military. Known as Unit 61398, it is a military cyber unit that specializes in stealing secrets online, usually from US technology firms. A group such as this may have been behind the 2008 breach of Department of Defense (DoD) computer systems, when an infected thumb drive uploaded malicious software on computer networks run by US Central Command. The DoD no longer allows any USB drives to be plugged into computers.
2 Your Hotel Room
These days, both private firms and government agencies whose employees travel through China assume the worst with respect to personal privacy. Hidden listening devices in hotel rooms, key-logger malware installed when a guest isn’t looking, and even physical surveillance teams are all a strong possibility, experts say. While the average tourist may not need to worry, many businesses have strict operating procedures when traveling to China. Employees may be required to leave all personal electronics at home and instead bring clean and disposable laptops and cell phones to China. Some companies even physically shred computers after their workers return from China. Employees are taught to disable microphones and cameras, remove phone batteries, and even store passwords on a USB drive so that passwords can be copied and pasted instead of typed. The Chinese are apparently so adept at installing key-logger malware that passwords should never be typed. Listening devices or even cameras inside a hotel room are commonly used in hotels where foreigners frequently stay. The data gathered can be used later on to blackmail victims and thus coerce them to spy for the Chinese. In 2015, 20 foreign tourists found this out the hard way when they were arrested by Chinese authorities for “watching terror videos” in their hotel room. It begs the question: How did they know what was going on in the hotel room?
1 Little Blue Men
One of China’s boldest acts this past decade has been the construction of man-made islands in the South China Sea. Governments across the Pacific are concerned with China’s audacity, calling it an illegal land grab, and the United States fears that international shipping routes may be compromised as a result. But even more curious is the method China has used to defend its claims—fishing boats. The PLA has employed regular fisherman into the “maritime militia” since 1949. Some experts have dubbed them “the little blue men,” after the Russian “little green men” involved in the invasion of Crimea. They act as barriers to foreign vessels, frustrating efforts to get close to the islands or collect intelligence. These vessels not only conduct this sort of irregular warfare, but they can also collect intelligence more effectively than a large and obvious Chinese Navy vessel. Special electronic surveillance equipment may be placed on such vessels, and there is little that foreign vessels can do about it under international maritime law. Reed is a struggling writer and full-time pirate.