How Chinese intelligence operateshttps://worldview.stratfor.com/article/sting-operation-lifts-lid-chinese-espionage
The case was unprecedented: On Oct. 10, Belgium extradited a Chinese intelligence officer to the United States after an Ohio court had indicted the operative on charges of "economic espionage involving theft of trade secrets from leading U.S. aviation companies." Belgian authorities arrested Xu Yanjun, a deputy division director of the Sixth Bureau of China's Ministry of State Security (MSS) in Jiangsu, on April 1 in Brussels, based on an arrest warrant issued in connection with a U.S. criminal complaint. Once Belgian authorities extradited Xu to the United States on Oct. 10, American authorities unsealed the indictment and the initial criminal complaint.
The Big Picture
The Chinese government recognizes that the economic model it has followed for the past three decades is unsustainable. At the same time, its shift to a new model will require a great deal of technical development. Because the consequences of failure in this transformation are huge, Beijing and Chinese companies are experiencing a great deal of pressure to acquire the necessary technologies. Finding that it is often quicker and cheaper to steal technology than it is to develop it, Chinese entities have begun aggressively engaging in industrial espionage — and they are not the only ones.
See China in Transition
The arrest of a Chinese operative in a third country, followed by his subsequent extradition to the United States, lays bare the threat of industrial espionage. At the same time, the release of the complaint and indictment also provides a rare and interesting glimpse at China's tradecraft, as well as some insight into the dynamics of industrial espionage tactics in human intelligence recruitment. Much of that process is now conducted online, in contrast to the old days, when it required face-to-face interaction to spot, develop and pitch an agent. More prosaically, the case sends a clear signal to Beijing that Washington and its allies are serious about addressing the constant threat of Chinese industrial espionage and are willing to take decisive action.
China's Shopping List
Like all espionage cases, the Xu case began with a shopping list of information that Chinese authorities have directed the Ministry of State Security to collect. In the case of Chinese intelligence agencies like the MSS, this list includes not only intelligence pertaining to political and military developments in countries of interest but also technologies that China wishes to acquire from foreign companies. Beijing has frequently demonstrated its brazenness in its attempts to obtain such technology. One such case is the Science and Technology Ministry's long-running National High-Tech Research and Development Program, also known as the 863 Program. The program provided guidance and funding for the acquisition or development of technology related to information, biology, agriculture, manufacturing, energy and other fields that would have a "significant impact on enhancing China's overall national strengths." But even if the ministry's website spoke about the domestic development of such technologies, practicalities have long dictated that it is much cheaper and faster to simply acquire them — by hook or by crook, if need be.
More recently, the Chinese government announced a 10-year development plan called "Made in China 2025" in May 2015 to target cutting-edge technologies — namely, aerospace and aviation equipment, new materials, next-generation information technology, high-end numerical control machinery and robotics, maritime engineering equipment and high-tech maritime vessel manufacturing, advanced rail equipment, energy-saving and new-vehicle technology, electrical equipment, biomedicine and high-tech medical devices, as well as agricultural technology, machinery and equipment.
This chart shows the process by which intelligence operatives seek to recruit assets.
The Drive to Recruit an Asset
As my colleague Matthew Bey has noted elsewhere, China's policy of mandating technology transfers in joint ventures with U.S. firms is one contentious means by which it acquires its desired technology. But as seen in the Xu case, another controversial method is espionage. According to the indictment, Xu attempted to steal designs for composite jet engine component technology (which China needs to wean itself from Russia) from "Company A," which media reports have identified as Ohio-based GE Aviation — which would make sense given that the case involves the U.S. Attorney's Office for the Southern District of Ohio.
As part of the initial spotting phase of the human intelligence recruitment process, Xu likely worked to assemble a list of people who have access to the desired information before assessing which individuals might be most receptive to recruitment. Then, when he had identified a potential target, Xu allegedly worked with the deputy director of the Nanjing University of Aeronautics and Astronautics (NUAA) to invite "Employee 1," an engineer at Company A, to participate in an exchange at the university. Xu is alleged to have even sent an email to Employee 1 posing as "Co-conspirator 1."
Employee 1 accepted the offer and traveled to China to give his presentation at NUAA on June 2, 2017. The university reimbursed the engineer for his travel expenses and gave him a $3,500 cash speaker's fee. During the trip, NUAA's deputy director, who is listed as Co-conspirator 1 in the indictment, introduced Employee 1 to Xu, who was operating under the cover name Qu Hui and claimed to be from the Jiangsu Science and Technology Promotion Association (JAST), an NUAA affiliate. Xu took Employee 1 out for meals before and after the presentation and informed the American engineer that JAST had provided the speaker's fee. Xu soon proceeded to the development phase of the human intelligence recruitment process, as he maintained contact with the engineer after the latter returned to the United States.
In their continuing correspondence, Xu pressed Employee 1 for technical data while holding out the carrot of another speaking engagement in China and another cash payment. When Xu requested patently sensitive information — signifying the shift to the pitching phase of the human intelligence recruitment process — Employee 1 said he categorically could not send such information from his company computer, prompting the Chinese operative to encourage him to send it via another email account. Xu also discussed how he and Employee 1 could establish a continuing relationship, hinting at a deal to exchange information for cash.
Xu continued to communicate with the engineer and press him to send more sensitive information. Employee 1 sent him a copy of a company presentation featuring the company logo, as well as a warning that it was proprietary information, which Xu received enthusiastically. Later, Xu sent Employee 1 a list of desired information, asking the American engineer to indicate which topics he was familiar with. Employee 1 responded, saying some of the topics were company trade secrets, to which Xu countered that they could discuss the matter in person.
Xu also asked Employee 1 to provide a copy of the file directory of the hard drive of his company-issued laptop. Employee 1 duly provided a copy, but only after the company had sanitized it and approved it for release — suggesting that Employee 1 had notified his company and U.S. authorities much earlier in the process and that they were all stringing Xu along.
By acquiring the company presentation and file directory, Xu appears to have believed that he had successfully recruited Employee 1, leading him to request more from the American engineer: the entire contents of the hard drive of his company-issued laptop. Since the employee would not be permitted to bring his laptop to China, the pair arranged to meet in Europe during a trip Employee 1 had previously scheduled. But instead of heading to Brussels to collect a treasure trove of intelligence, Xu walked straight into a sting operation.
Instead of heading to Brussels to collect a treasure trove of intelligence, Xu walked straight into a sting operation.
The Newest Trends in Industrial Espionage
Intelligence agencies have long viewed technical conferences as rich hunting grounds for recruiting agents with access to technical intelligence. Beyond merely visiting conferences organized by others, agencies such as China's State Security Ministry often host conferences and technical exchange programs using cover organizations, including universities, trade associations and think tanks. In addition to inviting groups to attend conferences, operatives will frequently invite people of interest to make individual visits to the cover organizations. Chinese intelligence, for instance, recruited Kevin Mallory after the Shanghai Academy of Social Sciences invited the former CIA officer to travel to China to provide his perspective on current issues in exchange for compensation. U.S. authorities eventually caught up with Mallory, who was convicted of espionage in June.
While the Chinese intelligence services are working overtime in their efforts to acquire the technologies outlined in the "Made in China 2025" program, they are not alone. Russia has compiled its own list of 77 foreign technologies that it wishes to develop domestically rather than acquire from foreign sources. Under President Vladimir Putin — a former KGB officer — Russian intelligence agencies have become aggressive at pursuing industrial espionage in addition to their hacking, traditional espionage, disinformation and assassination operations.
Of course, it is also critical to remember that it is not just states that engage in industrial espionage. While companies linked to such places as China and Russia benefit greatly from the largesse of intelligence agencies and the technology they provide, hackers, rogue employees and private companies also pose risks to the intellectual property of companies and other organizations. And in the information age, it is now easier for someone to exfiltrate massive quantities of data or become an advanced and persistent insider threat. Because of this, it is more important than ever for organizations to maintain robust security programs to protect themselves. Such a program not only includes tools to mitigate such online threats, but training programs to teach employees about human intelligence recruitment and what to do if approached.
Based on the events in the Xu case, it would appear that Employee 1 had received training, possessed an awareness of the sensitive nature of his projects and their importance to foreign intelligence services, and knew what to do if approached. In pursuing this case, the United States has placed China on notice that it will work to constrain Beijing's industrial espionage activities. Chinese intelligence agencies such as MSS, however, are under tremendous pressure from their masters to acquire specific technologies, meaning it is highly unlikely that prosecutions will halt China's aggressive pursuit of technology. But due to the sequence of events in the Xu case, the next time — and it is inevitable that there will be a next time — Chinese agents approach an employee at Company A in possession of sensitive information, they are likely to be a bit more careful, lest they find themselves caught once more in a sting operation.