The Evolution of Espionage: Beijing’s Red Spider Web
Publication: China Brief Volume: 8 Issue: 15
By:
The fall of the Soviet Union and the end of the Cold War had a profound impact not only on how security and intelligence professionals viewed the world of espionage but also on the motivations of the players and the targets of their espionage activities. Global rivalries centered on technology development and intellectual capital replaced the old divides of East versus West and Communism versus Capitalism as the primary driver of the new espionage war; in this globalized competitive economy the battlefield has widened to include private companies and corporate spies.
During the height of the Cold War no other nation could match the desire and ability of the Soviet Union’s KGB to steal American corporate and military secrets, particularly technology secrets. That has since changed, however. In today’s information age, the People’s Republic of China (PRC) has replaced and even improved upon the KGB methods of industrial espionage to the point that the PRC now presents one of the most capable threat to U.S. technology leadership and by extension its national security.
What We Know, and Don’t Know
What we know thus far about China’s espionage activities against U.S. weapons laboratories and other technology development programs is cause enough for concern. The U.S. intelligence community’s official damage assessment of Chinese espionage targeting America’s nuclear technology secrets tells us this much:
What we know:
• China obtained by espionage classified U.S. nuclear weapons information that probably accelerated its program to develop future nuclear weapons. This collection program allowed China to focus successfully on critical paths and avoid less promising approaches to nuclear weapon designs.
• China obtained at least basic design information on several modern U.S. nuclear reentry vehicles, including the Trident II (W88).
• China also obtained information on a variety of U.S. weapon design concepts and weaponization features, including those of the neutron bomb.
What we don’t know:
• We cannot determine the full extent of weapon information obtained. For example, we do not know whether any weapon design documentation or blueprints were acquired.
• We believe it is more likely that the Chinese used U.S. design information to inform their own program than to replicate U.S. weapon designs.
Yet there is much more to China’s quest for U.S. technology. China has obtained a major advantage that the former KGB did not enjoy during the Cold War: unprecedented access to American academic institutions and industry. At any given time there are more than 100,000 PRC nationals in the United States attending universities and working throughout U.S. industries. It is important to note here that these individuals are not assumed to be spies, but given their status as PRC nationals they remain at higher risks of being a major component of the PRC’s nebulous industrial intelligence collection operation. In fact, there are very few professional PRC intelligence operatives actively working on collecting U.S. technology secrets compared to the number of PRC civilians who are actively recruited (either by appealing to their sense of patriotism or through other more coercive means) to routinely gather technology secrets and deliver those secrets to the PRC. Thus, the PRC employs a wide range of people and organizations to serve as its “white glove,” and do its dirty work abroad, including scientists, students, business executives and even phony front companies or acquired subsidiaries of U.S. companies as evidenced by a string of recent high profile cases.
Beijing’s 16-Character Policy
Nowhere is the nexus of the military-industrial complex in the PRC more evident than in the codification of the 1997 “16-Character Policy,” which makes it official PRC policy to deliberately intertwine state-run and commercial organizations for casting a cloud of ambiguity over PRC military modernization. In their literal translation, the 16 characters mean as follows:
Jun-min jiehe (Combine the military and civil);
Ping-zhan jiehe (Combine peace and war);
Jun-pin youxian (Give priority to military products);
Yi min yan jun (Let the civil support the military).
The 16-Character Policy is important because of what it does for the strategic development of the PRC’s industrial and economic espionage program: it provides commercial cover for military industrial companies to acquire dual-use technology through purchase or joint-venture business dealings, and at the same time for trained spies who work directly for the PRC’s military establishment, whose operational mandate is then to gain access to and steal the high-tech tools and systems developed by the United States and its Western allies [1].
The two primary PRC organizations involved in actively collecting U.S. technological secrets are the Ministry of State Security (MSS) and the Military Intelligence Department (MID) of the People’s Liberation Army (PLA). The MSS, now headed by Minister Geng Huichang (Xinhua News Agency, August 30, 2007), relies upon professionals, such as research scientists and others employed outside of intelligence circles, to collect information of intelligence value. In fact, some research organizations and other non-intelligence arms of the PRC government direct their own autonomous collection programs [2].
According to FBI estimates there are currently more than 3,000 corporations operating in the United States that have ties to the PRC and its government technology collection program. Many are U.S.-based subsidiaries of Chinese-owned companies; while in the past they were relatively easy to identify, recent studies indicate that many have changed their names in an effort to distance themselves from their PRC owners (Wall Street Journal, August 10, 2005).
China’s Red Spider Web
China’s espionage efforts targeting proprietary technologies developed in the United States stretch back decades. But China’s spy craft has evolved rapidly and now presents a serious challenge that many in the West are unprepared to counter. For example, recent cases investigated by the FBI have involved entire families of naturalized American citizens from China, prompting the Bureau to take out a Chinese-language advertisement in San Francisco Bay area newspapers urging Chinese Americans to report suspicious activity. In addition, China has clearly taken a long-term view of espionage against the U.S. technology industry, handling some agents for decades.
One of the most recent cases, for example, involves a former Boeing engineer who now stands accused of giving China proprietary information about several U.S. aerospace programs, including the space shuttle. The affidavit in the case alleges that Chinese intelligence officials first approached Dongfan “Greg” Chung of Orange, Calif., with intelligence collection requirements in 1979. Chung was arrested on February 11, 2008 and was scheduled to be sentenced this month.
At the same time Chung was arrested and accused of stealing proprietary Boeing information, Chinese businessmen Tai Shen Kuo and Yu Xin Kang, were arrested and charged with cultivating several U.S. defense officials, one of whom passed information on projected U.S. military sales to Taiwan for the next five years.
Many PRC domestic intelligence activities are directed against foreign businessmen or technical experts. The data elicited from unsuspecting persons or collected by technical surveillance means is used by Chinese state-run or private enterprises. Prominent Beijing hotels, such as the Palace Hotel, the Great Wall Hotel, and the Xiang Shan Hotel, are known to monitor the activities of their clientele.
Chinese government-owned companies have also been involved in schemes to steal the intellectual property of U.S. companies. They have done this using the corporate equivalent of sleeper cells—foreign executives hired by U.S. companies on work visas, as well as naturalized American citizens who then establish U.S. companies for the purpose of gaining access to the proprietary data of other U.S. firms.
Military
One notable case in 1993 involved a man named Bin Wu, who was convicted of transferring restricted night vision technologies developed in the United States to his MSS superiors in the PRC. Wu, a pro-Western professor who once taught in China, had been given the option by the MSS of either helping them acquire sensitive technologies or going to jail for supporting the Tiananmen Square uprising. He chose freedom and was instructed to travel to the United States and establish himself as a legitimate businessman.
Wu founded several front companies in the Norfolk, Virginia, area. He then actively solicited information from various U.S. companies and made many outright purchases of advanced technologies, including night vision equipment. The technologies were then shipped to the PRC.
U.S. investigations into Chinese espionage show that Wu was part of a much larger community of PRC sleeper cells. Many were not professional spies. Rather, they were simply business professionals or academics who were managed by MSS agents and given collection requirements based largely on the U.S. military critical technology list. In fact, during the 1990s these sleeper cells were used to establish front companies that would eventually target the Aegis missile system. In particular, the PRC seems to have been interested in acquiring the proprietary software that formed the basis of the command and control system for the Aegis [3].
Business and Intellectual Property
On May 3, 2001, the U.S. Department of Justice arrested and charged two Chinese nationals and a naturalized Chinese-American citizen with conspiring with a Chinese state-owned company to steal proprietary source code and software from Lucent Technologies Inc. As of this writing there has been no court decision in the case. However, according to the federal indictment, Hai Lin and Kai Xu, both of whom were employed at Lucent as “Distinguished Members” of the company’s technical staff, colluded with Yong-Qing Cheng, a naturalized American citizen and vice president of a U.S. optical networking company, to form a new business based in Beijing using stolen Lucent technology.
The criminal complaint filed against the three executives alleges that they approached a Chinese state-owned company named Datang Telecom Technology Co., seeking to establish a joint venture, which they stated in an e-mail would become the “Cisco of China.” Lin, Xu and Cheng then formed a company called ComTriad Technologies Inc., and with $1.2 million in funding from Datang, the two companies formed DTNET—a joint venture approved by Datang’s board of directors. There was just one problem: the internet-based voice and data services product that Lin, Xu and Cheng were developing on behalf of the new venture (dubbed the CLX 1000) was based entirely on the proprietary software in Lucent’s PathStar Server, a product that earned Lucent more than $100 million during the previous year. It also was the very same technology that Lin and Xu had been working on while employed by Lucent.
Justice Department prosecutors allege that FBI searches of the computers used by the defendants reveal that on January 21, 2001, Lin sent an e-mail to a representative of Datang advising that the “bare src”—allegedly referring to a portion of the PathStar source code—had been transferred to the ComTriad password-protected Web site, and that more source code would follow.
All three men were arrested on May 3, 2001 at their homes in New Jersey. When FBI agents searched their houses they seized large quantities of the component parts of the PathStar Access Server, including software and hardware, as well as schematic drawings and other technical documents related to the PathStar Access Server marked “proprietary” and “confidential.” Among other things, the agents seized a modified PathStar machine from Lin’s basement.
In a superseding indictment announced by prosecutors on April 11, 2002, the damage caused by this alleged economic espionage case goes well beyond Lucent. According to prosecutors, several other companies had licensed portions of their proprietary technology to Lucent for use in the PathStar Access Server. Those companies included Telenetworks, a business unit of Next Level Communications, headquartered in Rohnert Park, California; NetPlane Systems, Inc. (formerly Harris & Jeffries, Inc.), a wholly-owned subsidiary of Mindspeed Technologies, Inc., headquartered in Dedham, Massachusetts; Hughes Software Systems, Ltd., a division of Hughes Network Systems, Inc., headquartered in Gurgaon, India; and ZiaTech Corporation, a wholly-owned subsidiary of Intel Corporation, headquartered in San Luis Obispo, California.
As is evident from the above case, individual acts of economic espionage can impact multiple companies. That was certainly the case in November 2001, when FBI agents arrested two San Jose-based businessmen as they were about to board a plane to China carrying suitcases full of trade secret documents totaling more than 8,800 pages and $10,000 in equipment that they had allegedly stole from four U.S. high-tech companies.
When FBI agents arrested Fei Ye and Ming Zhong, they discovered microchip blueprints and computer-aided design scripts from Sun Microsystems Inc., NEC Electronics Corp., Transmeta Corp. and Trident Microsystems Inc. Both once worked at Transmeta and Trident. Likewise, Fei Ye also worked at Sun and NEC. Prosecutors alleged that both men, originally from China, planned to use the stolen technologies to start a microprocessor company with the assistance of the Chinese government.
According to the indictment filed on December 4, 2002 in a U.S. District Court in the Northern District of California, Ye and Zhong established Supervision Inc. (a.k.a Hangzhou Zhongtian Microsystems Company Ltd., and a.k.a Zhongtian Microsystems Corp.) to sell microprocessors in China. They also allegedly sought the direct assistance of the Chinese government and stated in their corporate charter that their company would assist China in its ability to develop super-integrated circuit design, and form a powerful capability to compete with worldwide leaders in the field of integrated circuit design [4].
Although the indictment does not charge any government entity of China, it does suggest that there was considerable interest in and potential support from the Chinese government. A “panel of experts,” for example, found that the Supervision project had “important significance” for China’s high-level embedded CPU development program and integrated circuit industry, and recommended that “every government department implement and provide energetic support.”
Conclusion
These cases show that while America is preoccupied with the Global War on Terrorism, a quiet global espionage war is being waged by the PRC. And in many ways, the Chinese espionage threat holds greater overall importance and should be an immediate priority for U.S. foreign policy. Unlike radical terrorist groups, who have been pushed into a corner and are far less capable of coordinated action on a global scale, China’s espionage program is well-funded and its foot soldiers number in the thousands. More important, its targets are not well-defended government facilities and iconic structures, but poorly defended commercial technology secrets that feed America’s economic and military advantage. Taken alone, these bits of information often appear harmless, but when viewed within the context of data collected over the course of years, and sometimes decades, those bits quickly become diamonds in the rough.
Notes
1. U.S. House of Representatives, “The Cox Report: The Unanimous and Bipartisan Report of the House Select Committee on U.S. National Security and Military Commercial Concerns with the People’s Republic of China,” (Washington DC: Regnery Publishing, Inc., 1999), 13.
2. Ibid., 19.
3. This is according to case documents in the case against Chi Mak, who stole secrets belonging to L-3 Communications. This has also been confirmed in a statement by Joel Brenner, the top counterintelligence official in the office of Director of National Intelligence, to a reporter for Bloomberg News, https://www.bloomberg.com/apps/news?pid=20601087&sid=ab2PiDl1qW9Q&refer=home
4. United States of America V. Fei Ye and Ming Zhong, U.S. District Court, Northern District of California, San Jose Division, Dec. 4, 2002, p. 3.
*Note to China Brief readers. Although this article has no indigenous sources we felt that it was important enough article to be published in China Brief and wanted to share this analysis with our readers.