The United States has often accused the government of the People's Republic of China of attempting to unlawfully acquire U.S. military technology and classified information as well as trade secrets of U.S. companies in order to support China's long-term military and commercial development. Chinese government agencies and affiliated personnel have been accused of using a number of methods to obtain U.S. technology (using U.S. law to avoid prosecution), including espionage, exploitation of commercial entities, and a network of scientific, academic and business contacts. Espionage cases include Larry Wu-Tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak and Peter Lee.
In addition to traditional espionage, China partners civilian Chinese companies with American businesses to acquire technology and economic data and uses cyber spying to penetrate the computer networks of U.S. businesses and government agencies; an example is the December 2009 Operation Aurora. U.S. law enforcement officials have identified China as the most active foreign power involved in the illegal acquisition of American technology. On May 19, 2014, the United States Department of Justice announced that a Federal grand jury had indicted five People's Liberation Army officers for stealing confidential business information and intellectual property from U.S. commercial firms and planting malware on their computers.
China has used a variety of methods to gather intelligence in the United States. Individuals attempt to obtain targeted information from open sources such as libraries, research institutions and unclassified databases. Chinese travelers are recruited to carry out specific intelligence activities, and China debriefs returnees from exchange programs, trade missions and scientific-cooperation programs. Chinese citizens may be coerced to cooperate.
Much technology acquisition occurs through commerce and commercial regulations. The regulatory and commercial environment in China pressures American and other foreign companies to transfer technology, capital and manufacturing expertise, especially in defense-related or dual-use industries such as computers, to their Chinese partners as part of doing business in China's huge, lucrative markets. Chinese agents purchase high-tech equipment through front organizations in Hong Kong. China also uses state-run firms to purchase American companies with access to the targeted technology.
China also accesses foreign technology through industrial espionage, with U.S. Immigration and Customs Enforcement officials rating China's industrial-espionage and theft operations as the leading threat to U.S. technological security. In 2021, Acting NCSC Director Michael Orlando estimated that China stole between $200 billion and $600 billion worth of American intellectual property every year. Between October 2002 and January 2003 five Chinese businessmen were accused of illegally shipping equipment and trade secrets from California to China, and U.S. officials prevented a Chinese man from shipping a new, high-speed computer used in classified projects (including nuclear-weapons development) from Sandia National Laboratories.
In July 2020, FBI Director Christopher A. Wray called China the "greatest long-term threat" to the United States. He said that "the FBI is now opening a new China-related counterintelligence case every 10 hours. Of the nearly 5,000 active counterintelligence cases currently under way across the country, almost half are related to China." For example, Eric Swalwell, who serves on the House Permanent Select Committee on Intelligence, was in the past targeted by a Chinese woman believed to be a clandestine officer of China's Ministry of State Security. The alleged Chinese spy later participated in fundraising for Swalwell's 2014 congressional election bid and helped place an intern inside Swalwell's congressional office. FBI gave Swalwell a "defensive briefing" in 2015, informing him that woman was a suspected Chinese agent.
A 1999 United States House of Representatives Select Committee on U.S. National Security and Military and Commercial Concerns with the People's Republic of China report, known as the Cox Report, warned that China has stolen classified information on every thermonuclear warhead in the country's intercontinental ballistic missile arsenal. Information is collected through espionage, reviews of U.S. technical and academic publications and interaction with U.S. scientists. China tasks a large number of individuals to collect small pieces of information (which are collated and analyzed), and individual agents can more easily escape suspicion. U.S. government personnel suspect that China's intelligence-gathering efforts directed towards the development of modern nuclear weapons are focused on the Los Alamos, Lawrence Livermore, Sandia and Oak Ridge National Laboratories. China is known to have stolen classified information on the W-56 Minuteman II ICBM, the W-62 Minuteman III ICBM, the W-70 Lance short-range ballistic missile (SRBM), the W-76 Trident C-4 submarine-launched ballistic missile (SLBM), the W-78 Minuteman III Mark 12A ICBM, the W-87 Peacekeeper ICBM and the W-88 Trident D-5 SLBM and weapon-design concepts and features.
In 2016, the U.S. Justice Department charged China General Nuclear Power Group (CGN) with stealing nuclear secrets from the United States. The Guardian reported: "According to the US Department of Justice, the FBI has discovered evidence that China General Nuclear Power (CGN) has been engaged in a conspiracy to steal US nuclear secrets stretching back almost two decades. Both CGN and one of the corporation’s senior advisers, Szuhsiung Ho, have been charged with conspiring to help the Chinese government develop nuclear material in a manner that is in clear breach of US law."
Main article: Chinese cyberwarfare
China conducts political and corporate espionage to access the networks of financial, defense and technology companies and research institutions in the United States. Email attachments attempting to enter the networks of U.S. companies and organizations exploit security weaknesses in software. A recipient opens an email attachment, apparently from a familiar source, containing a program which embeds in the recipient's computer. The remotely controlled program allows an attacker to access the recipient's email, send sensitive documents to specific addresses and turns on such instruments as web cameras or microphones.
In January 2010, Google reported "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google". According to investigators, the Google cyber-attack targeted the Gmail accounts of Chinese human-rights activists. At least 34 other companies have been attacked, including Yahoo, Symantec, Adobe, Northrop Grumman and Dow Chemical.
In January 2013, The New York Times reported that it was the victim of hacking attempts originating from China during the previous four months after it published an article on Prime Minister Wen Jiabao. According to the newspaper, the "attacks appear to be part of a broader computer espionage campaign against American news media companies that have reported on Chinese leaders and corporations."
Chinese cyber-attacks seem to target strategic industries in which China lags; attacks on defense companies target weapons-systems information, and attacks on technology companies seek source code critical to software applications. Operation Aurora emphasized what senior U.S. government officials have called an increasingly serious cyber threat to critical industries.
On August 6, 2020, U.S. President Donald Trump officially extended restrictions against Chinese-owned apps by signing two executive orders that would ban U.S. residents from doing business with TikTok and WeChat, a popular messaging platform run by Tencent Holdings Ltd. The ban was enacted, citing the security risk of leaving Americans’ personal data exposed. However, on September 28, 2020, the ban was temporarily blocked by a federal judge.
Between 2010 and 2012, China was able to arrest or kill between 18 and 20 CIA assets within China. A joint CIA/FBI counterintelligence operation, codenamed "Honey Bear", was unable to definitely determine the source of the compromises, though theories include the existence of a mole, cyber-espionage, or poor tradecraft. Mark Kelton, then the deputy director of the National Clandestine Service for Counterintelligence, was initially skeptical that a mole was to blame.
In January 2018, a former CIA officer named Jerry Chun Shing Lee[note 1] was arrested at John F. Kennedy International Airport, on suspicion of helping dismantle the CIA's network of informants in China.
In 2007 the computer security company McAfee alleged that China was actively involved in cyberwarfare, accusing the country of cyber-attacks on India, Germany and the United States; China denied knowledge of these attacks. In September 2007 former senior U.S. information security official Paul Strassmann said that 735,598 computers in the U.S. were "infested with Chinese zombies"; computers infected in this manner can theoretically form a botnet capable of carrying out unsophisticated yet potentially dangerous denial-of-service attacks. A cyber spying network known as GhostNet, using servers primarily based in China, was reported as tapping into the classified documents of government and private organizations in 103 countries (including Tibetan exiles); China denied the claim.
In a July 2021 joint statement with NATO, the EU, and other Western nations, the US accused the Ministry of State Security of perpetrating several cyberattacks, most notably the 2021 Microsoft Exchange Server data breach. Additionally, the Justice Department credited four Chinese nationals (accused of working for the MSS) with a hacking campaign targeting government, academic, and private institutions; the individuals were each charged with one count of conspiracy to commit computer fraud and conspiracy to commit economic espionage.
Further information: Advanced persistent threat
In December 2009 and January 2010 a cyberattack, known as Operation Aurora, was launched from China on Google and over 20 other companies. Google said that the attacks originated from China, and it would "review the feasibility" of its business operations in China as a result of the incident. According to Google, at least 20 other companies in a variety of sectors were also targeted by the attacks. According to McAfee, "this is the highest profile attack of its kind that we have seen in recent memory."
In May 2014, a U.S. Federal grand jury indicted five Chinese military officers for cybercrimes and stealing trade secrets. It was alleged that the Chinese officers hacked into the computers of six U.S. companies to steal information that would provide an economic advantage to Chinese competitors, including Chinese state-owned enterprises. China said that the charges were "made-up", and the indictment would damage trust between the two nations. Although the indictments have been called relatively meaningless, they could limit travel by the officers due to U.S. extradition treaties.
In November 2017, the Department of Justice charged three Chinese employees of Guangzhou Bo Yu Information Technology Company Limited with hacking into corporate entities in the United States, including Siemens AG, Moody's Analytics, and Trimble Inc.
Since at least 2013, a Chinese espionage group called TEMP.Periscope by FireEye is reported to have been engaged in espionage against maritime-related subjects. FireEye reported that the information targeted was likely of commercial and economic importance.
The People's Liberation Army (PLA) was tied to economic espionage involving stolen business plans, intellectual property, and infringed on private conversations from Westinghouse Electric and United States Steel Corporation.
Chinese hackers have stolen information on the Patriot missile system, the F-35 Joint Strike Fighter, and the U.S. Navy's new Littoral combat ship. These blueprints of U.S. weapon and control systems were stolen to advance the development of Chinese weaponry.
The protection of the South China Sea is highly important to the U.S. because a Chinese Cyber Unit has already succeeded in an intrusion into the Philippine's government and military networks. Military documents, internal communications, and other sensitive materials related to the dispute were lost due to the cyber invasion.
In January and February 2018, Chinese hackers reportedly stole 614 gigabytes of data from a Naval Undersea Warfare Center-affiliated contractor. The compromised material reportedly included information on a project dubbed "Sea Dragon", as well as United States Navy submarine cryptographic systems and electronic warfare.
The New York Times reported that Russia and China are routinely eavesdropping on calls from an iPhone used by President Donald Trump, with China reportedly attempting to influence the President by identifying and influencing the people Trump is regularly in contact with.
According to the cybersecurity firm Area 1, hackers working for the People's Liberation Army Strategic Support Force compromised the networks of the AFL–CIO in order to gain information on negotiations for the Trans-Pacific Partnership.
As part of a campaign called Cloudhopper, hackers working for the Ministry of State Security compromised the networks of IBM and Hewlett Packard Enterprise, and used that access to compromise those companies' clients. The Cloudhopper attacks began no later than 2014, and included targets in Brazil, Germany, India, Japan, the United Arab Emirates, the United Kingdom, and the United States.
In October 2018, Bloomberg Businessweek published a story which alleged that Supermicro's contractors in China had been compromised by the People's Liberation Army to implant microchips with hardware backdoors in its servers. The report was widely disputed by the sources and companies who were named therein.
In March 2019, iDefense reported that Chinese hackers had launched cyberattacks on dozens of academic institutions in an attempt to gain information on technology being developed for the United States Navy. Some of the targets included the University of Hawaii, the University of Washington, the Massachusetts Institute of Technology, and Woods Hole Oceanographic Institution. The attacks have been underway since at least April 2017.
In July 2020, the United States Department of Justice charged two Chinese hackers who allegedly targeted intellectual property and confidential business information, including COVID-19 research. The two hackers allegedly worked with the Guangdong State Security Department of the Ministry of State Security.
In an effort to steal the technology to enable Chinese companies to supply the components for the Comac C919 aircraft, the Chinese engaged in both cyber and humanint operations. According to a report from cybersecurity firm Crowdstrike and a US Justice Department indictment, from 2010 to 2015 the Chinese cyberthreat actor Turbine Panda, linked to the Ministry of State Security’s Jiangsu Bureau, penetrated a number of the C919's foreign components manufacturers including Ametek, Capstone Turbine, GE Aviation, Honeywell, Safran, and others and stole intellectual property and industrial processes data with the aim of transitioning component manufacturing to Chinese companies. The report stated that the operations involved both cyber intrusion and theft as well as HUMINT operations, in most cases using a piece of code custom written for this industrial espionage operation.
As of 2019, four people have been arrested in the US as a result of investigations into this economic espionage and theft of trade secrets. Yanjun Xu, a senior intelligence officer of the MSS, was arrested in Belgium and extradited to the US and is alleged to have been involved in recruiting company insiders at multiple aerospace and aviation companies like GE Aviation to gain knowledge about technologies including those involving the use of composite materials in jet engine turbine blades.
In September 2020, it was reported that the U.S. canceled the visas of 1,000 Chinese students and researchers. The authorities claimed that the students had ties with the Chinese military and also accused some of them of conducting espionage. The U.S. began revoking these visas June 1, 2020.
In December 2020, Axios reported an investigation into the case of a suspected Chinese spy who was enrolled as a student at a Bay Area university. The suspected intelligence operative, known as Christine Fang, developed extensive ties with politicians at local and national levels between 2011 and 2015, including U.S. representative for California's 15th congressional district Eric Swalwell. She was reportedly having sexual or romantic relationships with at least two mayors in the Midwest, according to a former elected official and a U.S. intelligence official.
In January 2020, the U.S. Department of Justice arrested Dr. Charles Lieber, Chair of the Department of Chemistry and Chemical Biology at Harvard University. Dr. Lieber was also the Principal Investigator of the Lieber Research Group at Harvard University, giving him direct access to information on nanoscience. The grants he received to oversee this work required him to disclose any foreign financial transactions. In 2011, Dr. Lieber was granted the title of "Strategic Scientist" at the Wuhan University of Technology. He received this role under China's Thousand Talents Program, which seeks to bring the expertise of prominent scientists to China and has been accused of stealing foreign information. He was required to work for the Wuhan lab for at least 9 months out of the year, and he got paid $50,000 per month. Dr. Lieber failed to inform the relevant institutions of his role, and he outright lied about his involvement in the program in 2018 and 2019.
He did not maintain any internet presence under his name in English or Chinese, or under an alternative spelling Zhen Cheng Li. He may have used an alias or avoided using public internet accounts altogether.
An indictment was unsealed today against Wu Yingzhuo, Dong Hao and Xia Lei, all of whom are Chinese nationals and residents of China, for computer hacking, theft of trade secrets, conspiracy and identity theft directed at U.S. and foreign employees and computers of three corporate victims in the financial, engineering and technology industries between 2011 and May 2017. The three Chinese hackers work for the purported China-based Internet security firm Guangzhou Bo Yu Information Technology Company Limited (a/k/a "Boyusec").
President Donald Trump's unwillingness to ditch Apple's iPhone in favor of more secure hardware has granted Chinese and Russian spies an open door into his private phone conversations, according to a new report.
The cyberintruders also infiltrated the networks of the United Nations, the A.F.L.-C.I.O., and ministries of foreign affairs and finance worldwide. The hack of the A.F.L.-C.I.O. focused on issues surrounding the negotiations over the Trans-Pacific Partnership, a trade deal that excluded Beijing.
The human intelligence efforts included one by a now-indicted MSS intelligence officer to recruit an insider at LEAP-X manufacturer General Electric. The same officer also recruited a China-born US Army reservist who was an expert at assessing turbine engine schematics. So far, at least four individuals have been arrested in connection with China's campaign targeting aerospace companies.
Xu made his initial appearance in federal court in Cincinnati, Ohio, on Wednesday. According to court papers, he is a deputy division director for the Ministry of State Security, which is China's intelligence and security agency, in Jiangsu Province. His job, prosecutors say, was to obtain technical information and trade secrets from foreign aviation and aerospace companies.
He was detained in Belgium on 1 April at the request of the US. He was later indicted by an Ohio grand jury on four charges of conspiring to commit economic espionage and attempting to steal trade secrets.
|Library resources about |
Chinese espionage in the United States