The fall of the Soviet Union and the end of the Cold War had a profound impact
not only on how security and intelligence professionals viewed the world of
espionage but also on the motivations of the players and the targets of their
espionage activities.
Global rivalries centered on technology development and intellectual capital
replaced the old divides of East versus West and communism versus capitalism as
the primary driver of the new espionage war; in this globalized competitive
economy the
battlefield has widened to include private companies and corporate spies.
During the height of the Cold War, no other nation could match the desire and
ability of the Soviet Union's KGB to steal American corporate and military
secrets, particularly technology secrets. That has since changed, however. In
today's information age, the People's Republic of China (PRC) has replaced and
even improved on the KGB methods of industrial espionage to the point that the
PRC now presents one of the most capable threats to US technology leadership
and by extension its national security.
What we know, and don't know
What we know thus far about China's espionage activities against US weapons
laboratories and other technology development programs is cause enough for
concern. The US intelligence community's official damage assessment of Chinese
espionage targeting America's nuclear technology secrets tells us this much:
What we know:
China obtained by espionage classified US nuclear weapons information that
probably accelerated its program to develop future nuclear weapons. This
collection program allowed China to focus successfully on critical paths and
avoid less promising approaches to nuclear weapon designs.
China obtained at least basic design information on several modern US nuclear
re-entry vehicles, including the Trident II (W88).
China also obtained information on a variety of US weapon design concepts and
weaponization features, including those of the neutron bomb.
What we don't know:
We cannot determine the full extent of weapons information obtained. For
example, we do not know whether any weapon design documentation or blueprints
were acquired.
We believe it is more likely that the Chinese used US design information to
inform their own program than to replicate US weapon designs.
Yet there is much more to China's quest for US technology. China has obtained a
major advantage that the former KGB did not enjoy during the Cold War:
unprecedented access to American academic institutions and industry. At any
given time there are more than 100,000 PRC nationals in the United States
attending universities and working throughout US industries. It is important to
note here that these individuals are not assumed to be spies, but given their
status as PRC nationals they remain at higher risks of being a major component
of the PRC's nebulous industrial intelligence collection operation.
In fact, there are very few professional PRC intelligence operatives actively
working on collecting US technology secrets compared to the number of PRC
civilians who are actively recruited (either by appealing to their sense of
patriotism or through other more coercive means) to routinely gather technology
secrets and deliver those secrets to the PRC. Thus, the PRC employs a wide
range of people and organizations to serve as its "white glove", and do its
dirty work abroad, including scientists, students, business executives and even
phony front companies or acquired subsidiaries of US companies as evidenced by
a string of recent high profile cases.
Beijing's 16-character policy
Nowhere is the nexus of the military-industrial complex in the PRC more evident
than in the codification of the 1997 "16-character policy", which makes it
official PRC policy to deliberately intertwine state-run and commercial
organizations for casting a cloud of ambiguity over PRC military modernization.
In their literal translation, the 16 characters mean as follows:
Jun-min jiehe (Combine the military and civil);
Ping-zhan jiehe (Combine peace and war); Jun-pin youxian (Give priority to military products);
Yi min yan jun (Let the civil support the military).
The 16-character policy is important because of what it does for the strategic
development of the PRC's industrial and economic espionage program: it provides
commercial cover for military industrial companies to acquire dual-use
technology through purchase or joint-venture business dealings, and at the same
time for trained spies who work directly for the PRC's military establishment,
whose operational mandate is then to gain access to and steal the high-tech
tools and systems developed by the United States and its Western allies [1].
The two primary PRC organizations involved in actively collecting US
technological secrets are the Ministry of State Security (MSS) and the Military
Intelligence Department (MID) of the People's Liberation Army (PLA). The MSS,
now headed by Minister Geng Huichang, relies on professionals, such as research
scientists and others employed outside of intelligence circles, to collect
information of intelligence value. In fact, some research organizations and
other non-intelligence arms of the PRC government direct their own autonomous
collection programs [2].
According to US Federal Bureau of Investigation (FBI) estimates, there are
currently more than 3,000 corporations operating in the United States that have
ties to the PRC and its government technology collection program. Many are
US-based subsidiaries of Chinese-owned companies; while in the past they were
relatively easy to identify, recent studies indicate that many have changed
their names in an effort to distance themselves from their PRC owners.
China's red spider's web
China's espionage efforts targeting proprietary technologies developed in the
United States stretch back decades. But China's spy craft has evolved rapidly
and now presents a serious challenge that many in the West are unprepared to
counter. For example, recent cases investigated by the FBI have involved entire
families of naturalized American citizens from China, prompting the bureau to
take out a Chinese-language advertisement in San Francisco Bay area newspapers
urging Chinese Americans to report suspicious activity. In addition, China has
clearly taken a long-term view of espionage against the US technology industry,
handling some agents for decades.
One of the most recent cases, for example, involves a former Boeing engineer
who now stands accused of giving China proprietary information about several US
aerospace programs, including the space shuttle. The affidavit in the case
alleges that Chinese intelligence officials first approached Dongfan "Greg"
Chung of Orange, California, with intelligence collection requirements in 1979.
Chung was arrested on February 11, 2008, and was scheduled to be sentenced this
month.
At the same time Chung was arrested and accused of stealing proprietary Boeing
information, Chinese businessmen Tai Shen Kuo and Yu Xin Kang were arrested and
charged with cultivating several US defense officials, one of whom passed
information on projected US military sales to Taiwan for the next five years.
Many PRC domestic intelligence activities are directed against foreign
businessmen or technical experts. The data elicited from unsuspecting persons
or collected by technical surveillance means is used by Chinese state-run or
private enterprises. Prominent Beijing hotels, such as the Palace Hotel, the
Great Wall Hotel and the Xiang Shan Hotel, are known to monitor the activities
of their clientele.
Chinese government-owned companies have also been involved in schemes to steal
the intellectual property of US companies. They have done this using the
corporate equivalent of sleeper cells - foreign executives hired by US
companies on work visas, as well as naturalized American citizens who then
establish US companies for the purpose of gaining access to the proprietary
data of other US firms.
Military
One notable case in 1993 involved a man named Bin Wu, who was convicted of
transferring restricted night vision technologies developed in the United
States to his MSS superiors in the PRC. Wu, a pro-Western professor who once
taught in China, had been given the option by the MSS of either helping them
acquire sensitive technologies or going to jail for supporting the Tiananmen
Square uprising of 1989. He chose freedom and was instructed to travel to the
United States and establish himself as a legitimate businessman.
Wu founded several front companies in the Norfolk, Virginia, area. He then
actively solicited information from various US companies and made many outright
purchases of advanced technologies, including night vision equipment. The
technologies were then shipped to the PRC.
US investigations into Chinese espionage show that Wu was part of a much larger
community of PRC sleeper cells. Many were not professional spies. Rather, they
were simply business professionals or academics who were managed by MSS agents
and given collection requirements based largely on the US military critical
technology list. In fact, during the 1990s these sleeper cells were used to
establish front companies that would eventually target the Aegis missile
system. In particular, the PRC seems to have been interested in acquiring the
proprietary software that formed the basis of the command and control system
for the Aegis [3].
Business and intellectual property
On May 3, 2001, the US Department of Justice arrested and charged two Chinese
nationals and a naturalized Chinese-American citizen with conspiring with a
Chinese state-owned company to steal proprietary source codes and software from
Lucent Technologies Inc. As of this writing there has been no court decision in
the case. However, according to the federal indictment, Hai Lin and Kai Xu,
both of whom were employed at Lucent as "Distinguished Members" of the
company's technical staff, colluded with Yong-Qing Cheng, a naturalized
American citizen and vice president of a US optical networking company, to form
a new business based in Beijing using stolen Lucent technology.
The criminal complaint filed against the three executives alleges that they
approached a Chinese state-owned company named Datang Telecom Technology Co,
seeking to establish a joint venture, which they stated in an e-mail would
become the "Cisco of China". Lin, Xu and Cheng then formed a company called
ComTriad Technologies Inc, and with $1.2 million in funding from Datang, the
two companies formed DTNET - a joint venture approved by Datang's board of
directors.
There was just one problem: the Internet-based voice and data services product
that Lin, Xu and Cheng were developing on behalf of the new venture (dubbed the
CLX 1000) was based entirely on the proprietary software in Lucent's PathStar
Server, a product that earned Lucent more than $100 million during the previous
year. It also was the very same technology that Lin and Xu had been working on
while employed by Lucent.
Justice Department prosecutors allege that FBI searches of the computers used
by the defendants reveal that on January 21, 2001, Lin sent an e-mail to a
representative of Datang advising that the "bare src" - allegedly referring to
a portion of the PathStar source code - had been transferred to the ComTriad
password-protected Internet site, and that more source code would follow.
All three men were arrested on May 3, 2001, at their homes in New Jersey. When
FBI agents searched their houses they seized large quantities of the component
parts of the PathStar Access Server, including software and hardware, as well
as schematic drawings and other technical documents related to the PathStar
Access Server marked "proprietary" and "confidential". Among other things, the
agents seized a modified PathStar machine from Lin's basement.
In a superseding indictment announced by prosecutors on April 11, 2002, the
damage caused by this alleged economic espionage case goes well beyond Lucent.
According to prosecutors, several other companies had licensed portions of
their proprietary technology to Lucent for use in the PathStar Access Server.
Those companies included Telenetworks, a business unit of Next Level
Communications, headquartered in Rohnert Park, California; NetPlane Systems,
Inc (formerly Harris & Jeffries, Inc), a wholly-owned subsidiary of
Mindspeed Technologies, Inc, headquartered in Dedham, Massachusetts; Hughes
Software Systems, Ltd, a division of Hughes Network Systems, Inc, headquartered
in Gurgaon, India; and ZiaTech Corporation, a wholly-owned subsidiary of Intel
Corporation, headquartered in San Luis Obispo, California.
As is evident from the above case, individual acts of economic espionage can
impact multiple companies. That was certainly the case in November 2001, when
FBI agents arrested two San Jose-based businessmen as they were about to board
a plane to China carrying suitcases full of trade secret documents totaling
more than 8,800 pages and $10,000 in equipment that they had allegedly stole
from four US high-tech companies.
When FBI agents arrested Fei Ye and Ming Zhong, they discovered microchip
blueprints and computer-aided design scripts from Sun Microsystems Inc, NEC
Electronics Corp, Transmeta Corp and Trident Microsystems Inc. Both once worked
at Transmeta and Trident. Likewise, Fei Ye also worked at Sun and NEC.
Prosecutors alleged that both men, originally from China, planned to use the
stolen technologies to start a microprocessor company with the assistance of
the Chinese government.
According to the indictment filed on December 4, 2002, in a US District Court
in the Northern District of California, Ye and Zhong established Supervision
Inc (aka Hangzhou Zhongtian Microsystems Company Ltd, and aka Zhongtian
Microsystems Corp) to sell microprocessors in China. They also allegedly sought
the direct assistance of the Chinese government and stated in their corporate
charter that their company would assist China in its ability to develop
super-integrated circuit design, and form a powerful capability to compete with
worldwide leaders in the field of integrated circuit design [4].
Although the indictment does not charge any government entity of China, it does
suggest that there was considerable interest in and potential support from the
Chinese government. A "panel of experts", for example, found that the
Supervision project had "important significance" for China's high-level
embedded CPU development program and integrated circuit industry, and
recommended that "every government department implement and provide energetic
support".
Conclusion
These cases show that while America is preoccupied with the "war on terror", a
quiet global espionage war is being waged by the PRC. And in many ways, the
Chinese espionage threat holds greater overall importance and should be an
immediate priority for US foreign policy.
Unlike radical terrorist groups, who have been pushed into a corner and are far
less capable of coordinated action on a global scale, China's espionage program
is well funded and its foot soldiers number in the thousands. More important,
its targets are not well-defended government facilities and iconic structures,
but poorly defended commercial technology secrets that feed America's economic
and military advantage. Taken alone, these bits of information often appear
harmless, but when viewed within the context of data collected over the course
of years, and sometimes decades, those bits quickly become diamonds in the
rough.
Notes
1. US House of Representatives, "The Cox Report: The Unanimous and Bipartisan
Report of the House Select Committee on US National Security and Military
Commercial Concerns with the People's Republic of China," (Washington DC:
Regnery Publishing, Inc., 1999), 13.
2. Ibid, 19.
3. This is according to case documents in the case against Chi Mak, who stole
secrets belonging to L-3 Communications. This has also been confirmed in a
statement by Joel Brenner, the top counterintelligence official in the office
of Director of National Intelligence, to a reporter for Bloomberg News.
4. United States of America V Fei Ye and Ming Zhong, US District Court,
Northern District of California, San Jose Division, December 4, 2002, p 3.
Dan Verton is the founder of Homeland Security Television, an
award-winning journalist, and author of five books, including The
Insider: A True Story and Black Ice: The Invisible Threat of Cyber-Terrorism (McGraw-Hill,
2003). He can be contacted at editor@danverton.com
Head
Office: Unit B, 16/F, Li Dong Building, No. 9 Li Yuen Street East,
Central, Hong Kong Thailand Bureau:
11/13 Petchkasem Road, Hua Hin, Prachuab Kirikhan, Thailand 77110
