Concerns about Chinese corporate espionage are rising to the fore in the United States. Late last week, senior officials in the U.S. Department of Justice announced an initiative to counter the major threat posed by Chinese spying that has raised alarm in both Washington and farther afield. The espionage (and counterespionage) struggle between the great powers spans a number of areas, including those falling into traditional national security categories such as intelligence collection efforts that target military plans and preparations, not to mention diplomatic initiatives and stances, sanctions and trade negotiations. The U.S. government's recent release of court documents and statements has shined a light on Chinese efforts to acquire critical technologies, as well as the U.S. efforts to counter them. Such counteractions are just the latest salvo in the brewing battle between China and the United States, and given that Beijing is likely to alter its strategy in response, they won't be the last.
China has become more assertive as it seeks to pursue its national imperatives and technology-oriented initiatives. This has manifested in a massive power struggle between China and the United States in a range of fields. The two global giants are confronting each other in the realms of national security, trade and, of course, espionage. And because the struggle is playing out on a global stage, it is likely to draw in many other actors.
China's Push for Parity
The National Defense Strategy, published at the start of 2018, indicated that the U.S. military was attempting to pivot away from the global war on terrorism to focus on peer-to-peer conflict with China and Russia. Naturally, the struggle between the great powers is not limited to the military arena alone, but also involves other tools of national power, such as diplomacy, trade and espionage. And for China, espionage has increasingly come to encompass trade secrets, rather than just state secrets.
China has long strived to obtain the technologies it believes it needs to achieve commercial and military parity with the West. This desire has been formally spelled out in the 863 Program in 1986 and, more recently, a 10-year plan released in 2015 called Made in China 2025, which publicly listed the technologies that the Chinese government has identified as critical for the future development of its economy and national strength. While Beijing funds research to develop these technologies indigenously, China has found that it is often cheaper and quicker to simply steal what it needs.
One priority identified by the Chinese government is the acquisition of jet engine technology, for both domestic and military use. Three weeks ago, I discussed Chinese efforts to obtain fan blade technology integral to jet engine design. In that case, Xu Yanjun, a Chinese intelligence officer from the Sixth Bureau of China's State Security Ministry (MSS) in Jiangsu posed as an official of the Jiangsu Science and Technology Promotion Association in an attempt to recruit an engineer working for a U.S. company. In that case, the company cooperated with the FBI, which lured Xu into a sting operation, resulting in his arrest in Belgium and extradition to the United States.
A June 2017 indictment that the U.S. Department of Justice unsealed Oct. 30 provides additional details regarding MSS efforts spanning from January 2010 to May 2015 to obtain fan blade technology, predating the Xu case and even the launch of the Made in China 2025 initiative. According to the indictment, ministry officials in Jiangsu targeted a variety of companies involved in the manufacture of jet engine turbine fans, including U.S. aerospace companies based in Arizona, Massachusetts, Wisconsin, Oregon and California; a technology company in San Diego; and French and British aerospace companies. The indictment details how the ministry employed a team of hackers who used a variety of techniques against the targeted companies: spear-phishing campaigns, watering hole attacks – an assault in which hackers plant malware on a specific website to infect visitors – and domain hijacking. The hackers not only stole information but also took advantage of their access to the system to send additional spear-phishing emails to employees of other companies and conduct further watering hole attacks.
China's State Security Ministry has not confined its activities to mere remote hacking attacks.
The ministry, however, did not confine its activities to mere remote hacking attacks. It also recruited two Chinese employees at the Suzhou, China, office of a French aerospace company to serve as agents. The ministry provided the first agent, a product manager at the company, with a USB drive that contained the Sakula malware (the same virus that hackers used in an attack on the U.S. government's Office of Personnel Management in 2015) and instructed him to plug it into a company laptop to install the malware on the company's network.
The second agent, the company's IT security manager, worked to keep the ministry informed about the company's awareness of the breach and its efforts to investigate it. In one instance, he relayed a company warning regarding a phishing attempt, thereby alerting the ministry that the firm had detected a particular scheme. He also notified the ministry when the company inquired about a particular domain that was communicating with the Sakula malware; as a result, the ministry altered the domain in an attempt to throw investigators off their trail.
The case highlights how cyberattacks are just one of the tools in the spy's toolbox and that spy agencies can supplement their activities with human intelligence or other methods, if necessary. Indeed, intelligence agencies can and will use multiple tools simultaneously in pursuit of their objectives.
Putting a Spoke in China's Wheel
In addition to lifting the lid on some of China's corporate espionage efforts, the recent flurry of statements from the U.S. Department of Justice shines a light on U.S. efforts to blunt China's pernicious and aggressive efforts to steal proprietary data and techniques from corporate targets.
Taken together, these actions represent a shot across the bow of the MSS and other intelligence agencies. But in addition, the details of the Oct. 30 indictment reveal how closely the FBI had been monitoring the ministry's infiltration efforts. The indictment clearly shows that the FBI was watching as the malware entered the French company's network, came to life and began to ping – prompting the agency to alert its French counterparts. Naturally, this degree of vigilance will send a strong message to China's intelligence services.
This case illustrates that there are no geographic constraints to intelligence operations – a fact that intelligence officers learned decades ago, as it is often easier to recruit agents in a third country where the level of awareness may be lower. Indeed, the events outlined in the indictment spanned four countries, as well as eight U.S. states.
The global nature of the Chinese efforts is the impetus behind recent U.S. work to spread awareness of the threat of Chinese corporate espionage to friendly countries beyond the members of the "Five Eyes" intelligence-sharing alliance (the United States, Canada, the United Kingdom, Australia and New Zealand). Recent discussions with both government and private-sector contacts has made it apparent that concern over Chinese intelligence activities is increasing in Europe. Worries about China extend even to countries that, due to proximity, are generally more heavily focused on Russian intelligence operations. The collaboration with the French, as well as Belgium's assistance in detaining Xu, vividly illustrate this growing awareness and collaboration.
What Comes Next
While Chinese intelligence officers may change some techniques and tradecraft thanks to their awareness of U.S. efforts to blunt their espionage efforts, Washington's actions will do nothing to slow or halt Beijing's quest. The overriding imperative to obtain information and technology is driving the espionage efforts forward, as Beijing believes that such knowledge is essential if China is to achieve parity with the West and ensure the security of the government and the supply routes that are vital to China's economic survival.
More than that, the U.S. actions will inevitably provoke a response. China is likely to retaliate over Xu's arrest and other American actions. They may do this through formal, reciprocal channels, or through less direct, asymmetrical activities. As a result, U.S. businesses and organizations operating in China could end up bearing the consequences – even if they don't possess the information or technology on China's shopping list.