Foreign Policy

China used stolen information to show CIA employees in Africa and Europe

Around 2013, the US secret service noticed an alarming pattern: According to three former US officials, undercover CIA employees who flew to African and European countries for sensitive work were quickly and successfully identified by the Chinese secret service. Chinese activists' surveillance began in some cases as soon as CIA officials cleared passport control. Sometimes the surveillance was so blatant that US intelligence officials speculated that the Chinese wanted the US side to know they had identified the CIA agents, which disrupted their missions. In other cases, however, it was much more subtle and was only discovered through the US spy agencies' own sophisticated technical cross-surveillance capabilities.

According to one of these former officials, the CIA had used China's growing overseas presence to meet or recruit sources. "We can't reach them in Beijing, but we can in Djibouti. Heatmap Belt and Road" – China's trillion-dollar infrastructure and influence initiative – "and you will see our activities take place. Here are the goals." The CIA is recruiting "Russians and Chinese hard in Africa, "said a former agency official. "And you know that." China's new aggressive moves to persecute US activists were likely a response to these US efforts.

At the CIA, these anomalies alerted "the chiefs of station and division leadership," said the first former intelligence officer. The Chinese should never have known who or where these undercover CIA agents were. US officials lacking a smoking gun were puzzled by how China had managed to expose their spies. At an earlier age, they may have started a mole hunt looking for a single traitor capable of sharing this critical information with the other side or searching their records for a breach of a classified communication platform.

Instead, CIA officials believed the response was likely data-driven – and referred to a Chinese cyber espionage campaign aimed at stealing large amounts of sensitive personal private information, such as travel and health data, and U.S. government personnel files. US officials believed Chinese intelligence agents likely searched and synthesized information from these massive, stolen caches in order to identify the undercover US intelligence agents. "Polite and professional use" of these records is very likely, the same former intelligence official said. This "wasn't random or generic," said this source. "It's a big data problem."

The battle over data – who controls it, who backs it up, who can steal it, and how it can be used for economic and security goals – defines the global conflict between Washington and Beijing. Data has already critically shaped the course of Chinese politics and is changing the course of US foreign policy and information gathering around the globe. Just as China has tried to use data as a sword and shield against the United States, American spy agencies have tried to break into Chinese data streams and use their own big data capabilities to determine exactly what China is about US personnel and -Operations knows.

Based on in-depth interviews with over three dozen current and former US intelligence and national security officials, this series tells the story of this battle between the United States and China – a conflict in which many believe China has a decisive advantage because of the panoptic of Beijing . like the digital penetration of their own citizens and the networks of Chinese companies; global cyberspying, which involved the successful theft of several huge US records; and China's ability to quickly synthesize – and possibly arm – all this voluminous information from various sources.

China is "one of the world's leading collectors of mass personal data using both illegal and legal means," said William Evanina, the US’s leading counterintelligence officer, to Foreign Policy. "Through its cyberattacks alone, the PRC has soaked up the personal data of much of the American population, including health, financial, travel and other sensitive information."

This war over data has become particularly important for US and Chinese spy agencies. In the intelligence world, "information is king, and the more information the better," said Steve Ryan, who served as deputy director of the National Security Agency's Threat Operations Center until 2016 and is now CEO of Trinity Cyber. In the US-Soviet Cold War, intelligence came mostly piecemeal and partial: an electronic section here, a report from a secret human source there. Today, the data-driven nature of everyday life creates huge clusters of information that can be accessed in a single step – and then potentially used by Beijing to fuel everything from targeting individual American intelligence officers to helping state-backed Chinese companies.

Current and former US officials believe that China believes that data provides security: it ensures the regime's stability in the face of internal and external threats to the Chinese Communist Party (CCP). It was a combination of these threats that sparked China's most aggressive counter-espionage campaign to date against the United States.

The CIA declined to comment on this story. The Chinese Embassy in Washington, DC did not respond to multiple requests for comment.

Chinese security forces look at military delegates during President Xi Jinping's speech at the 19th Communist Party Congress in Beijing on October 18, 2017. Fred Dufour / AFP via Getty Images

In 2010, a new decade dawned and Chinese officials were angry. They found that the CIA had systematically invaded their government over the years and that US assets were embedded in the military, the CCP, the intelligence apparatus, and elsewhere. Anger beamed upward to "the highest levels of the Chinese government," recalled a former counterintelligence officer.

Chinese intelligence officials exploited a flaw in the online system that CIA agents used to secretly communicate with their agents from 2010 to around 2012 – a bug first discovered in Iran and which Tehran likely shared with Beijing – and ruthlessly uprooted human CIA source network in China. Arrest and kill dozens of people.

Inside the CIA, China's seething retaliatory response was not entirely surprising, said a former senior official with the agency. "We often had internal conversations about how US policymakers would react to the level of CIA penetration into China" – that is, how angry US officials would have been if they discovered it like the Chinese did it was a global adversary that had infiltrated their ranks so thoroughly.

The anger in Beijing was due not only to the CIA intrusion but also to what it revealed about the level of corruption in China. When the CIA recruits an asset, the more that asset increases within a county’s power structure, the better it is. During the Cold War it had been difficult to guarantee the rise of the Soviet agents of the CIA. The very factors that made them vulnerable to recruitment – greed, ideology, blackmailable habits, and ego – often hindered their career opportunities. And there was only so much that money could buy in the Soviet Union, especially with no indication of where it had come from.

But dirty money flowed freely in the new rich China of the 2000s. The median income remained below 2,000 yuan a month (about $ 240 at current exchange rates), but the officials' informal income far exceeded their formal salaries. An official who was not involved in corruption was classified as a fool or a risk by his colleagues. Cash could buy anything, including careers, and the CIA had had enough.

At the time, CIA assets were often well compensated. "In the 2000s, if you were a head of the station" – that is, the top spy in a foreign diplomatic institution – "you could make a million a year for certain hard target services to work for us," one said former agency officially. ("Hard Target Services" generally refer to Chinese, Russian, Iranian, and North Korean intelligence agencies.)

In the course of their investigation into the CIA's China-based network of agents, Chinese officials learned that the agency was secretly paying the "transportation fees" – in other words, bribes – that are regularly collected within the Chinese bureaucracy, according to four current and former officials. In this way the CIA “brought discontented people into the ranks. However, this has not been done once or only by the (Chinese military), ”recalls a recent Capitol Hill employee. "The payment of their bribes was an example of long-term thinking that was exceptional for us," said a former senior counterintelligence officer. “Recruiting foreign military officers is nearly impossible. It was a way of using corruption to our advantage. "At the time," advertising fees "sometimes ran into millions of dollars, according to a former senior CIA official:" It was pretty amazing how much corruption was going on. "Compensation sometimes included paying tuition and meals for children who study at expensive foreign universities, said another CIA official.

Chinese officials took note. "They were forced to see their problems and our mistakes helped them see their problems," recalled a former CIA executive. "We helped make what they were theoretically afraid of," said the Capitol Hill official. "We got the shit out of them." Corruption was increasingly seen as the main threat to the regime at home. The then party secretary Hu Jintao told the congress in 2012: "If we don't handle this problem well, it could … even lead to the collapse of the party and the overthrow of the state," he said. Even in China's tightly controlled media environment, corruption scandals broke out daily, damaging the CCP's image among the Chinese. Corruption in the party has become a public problem that has been recognized by the CCP leadership itself.

But privately, US officials believe, Chinese leaders also feared the extent to which corruption had allowed the CIA to penetrate their inner circles. The CIA's incredible recruiting successes "showed the party's institutional rottenness," said the former senior CIA official. "You should (have been) annoyed." The leadership realized that unchecked corruption was not just an existential threat to the party at home. It was also a major threat to counterintelligence, providing a window for enemy intelligence services like the CIA to crawl through.

This has been a global problem for the CCP. Corrupt officials, even if they had not been recruited by the CIA, often sought refuge overseas – where they could then be used by corporate espionage services for information. In late 2012, party leader Xi Jinping announced a new anti-corruption campaign that would lead to the persecution of hundreds of thousands of Chinese officials. Thousands were subjected to extreme coercive pressures, verging on kidnappings, to return from abroad. “The fight against corruption was about consolidating power – but also about how Americans can exploit (corruption). And that had to do with the bribery and promotion process, ”said the former senior counterintelligence officer.

Edward Snowden's 2013 leaks, which showed the NSA had penetrated deeply into the China-based servers of telecommunications company Huawei, also rocked Chinese officials, according to a former senior intelligence analyst. "Chinese officials were only just beginning to learn how the Internet and technology were being used against them in a way they had never thought before," said the former analyst. "At the level of intelligence, it was driven by this fundamental (revelation):" This is what we have missed: this internet system that we did not create is being armed against us. "

Foreign policy illustration

There were other ripple effects. In the late 2000s, US intelligence officials had seen a remarkable professionalization of the Department of State Security, China's premier civilian intelligence agency. Prior to the purge of Xi, minor corruption was pervasive within the agency, former US intelligence officials say, with China's spies sometimes pouring money from operations into their own "nest egg". Hackers affiliated with the Chinese government, who operate under the protection of the Ministry of State Security, sometimes glow in the moonlight as cyber criminals and pass some of their work on to their secret service bosses.

Under Xi's actions, these activities became increasingly untenable. But the discovery of the CIA networks in China helped expedite that process, current and former officials said – and prompted China to focus more on outside counter-espionage work. "As soon as they learned these things," the Chinese realized that they "had to start defending themselves," said the former CIA executive.

By around 2010, two former CIA officials recalled, Chinese security services had implemented a sophisticated travel intelligence program that developed databases that tracked flights and passenger lists for espionage purposes. "We took a very close look at it," said the former high-ranking CIA official. China's spies actively used this for counter-espionage and offensive intelligence services. The ability was there and used. “China had also stepped up its hacking efforts targeting biometric and passenger data from transit hubs, say former intelligence officials – including successful hacking of biometric data from Bangkok International Airport by Chinese intelligence agencies.

Of course, China had stolen a lot of data before finding out how deeply they were infiltrated by US intelligence. The restructuring between 2010 and 2012, however, gave Beijing the impetus not only to pursue larger, riskier goals, but also to put together the infrastructure necessary to process the stolen information. Around that time, a former senior NSA official said, Chinese intelligence agencies shifted from being able to steal large amounts of data in bulk to quickly searching the information it contained. US officials also began to observe that intelligence agencies in China were physically close to voice and data processing centers, the person said.

For U.S. intelligence officials, these new features made China's successful hack of the U.S. Office of Human Resources (OPM) all the more creepy. During the OPM violation, Chinese hackers stole 21.5 million current and former US officials, their spouses and applicants, detailed, often highly sensitive personal information, including health, residence, employment, fingerprint and financial information. In some cases, details have been stolen from background investigations related to security clearances – investigations that delve into an individual's mental health record, their sexual history and tendencies, and whether a person's relatives abroad may be subject to government extortion exposed are good. Although the United States didn't announce the violation until 2015, US intelligence officials became aware of the first OPM hack in 2012, the former counterintelligence manager said. (It is not exactly clear when the compromise actually took place.)

When combined with travel details and other stolen data, information from the OPM violation likely provided strong indications of unusual behavior patterns, biographical information, or career milestones that identified individuals as likely US spies. Now, these officials feared, if there were suspected US spies in certain locations, China could search – and possibly secretly meet their Chinese sources as well. China "gathers large amounts of personal information in order to track down dissidents or other perceived enemies of China around the world," said Evanina, the leading US counterintelligence officer.

Many felt the ground give way immediately. For some at the CIA, recalled Gail Helt, a former CIA China analyst, the response to the OPM violation was, “Oh my god, what does this mean for anyone who has ever traveled to China? But what does that mean for people we officially recruited, people who might be suspected of talking to us, people who had family members there? And what does this mean for the agency's efforts to recruit employees in the future? It was terrifying. Absolutely terrifying. “Many feared that the aftershocks would be widespread. "The concern just wasn't that (the OPM hack) would restrict information in China," said a former senior national security official. “The USA and China compete against each other worldwide. It opened a global Pandora problem box. "

Others were more resigned, if no less disturbed. "They assume that good craft," rather than the theoretical secrecy provided by cover, "protects your assets and your business," said Duyane Norman, a former senior CIA official. "So OPM wasn't an eye-opener. It was an affirmation of new threats that we already knew existed."

There were other bad omens. During the same period, US officials concluded that Russian intelligence officials, likely exploiting a difference in salary payments between real State Department employees and undercover CIA officials, had identified some of the CIA staff working at the US embassy in Moscow worked. Officials believed that this finding may have come from data obtained from the OPM hack the Chinese made available to their Russian counterparts. US officials also wondered whether the OPM hack could be linked to an increase in attempts by Chinese intelligence agencies to recruit Chinese American translators who worked for US intelligence agencies when they were visiting a family in China. "We also thought they were trying to get Mandarin speakers to apply to be translators," the former senior counterintelligence officer recalled. US officials believed that the Chinese secret service was giving their agents "instructions on how to hand over a polygraph".

But after the OPM violation, the abnormalities began to multiply. In 2012, high-ranking US espionage hunters began puzzling over some "head scratches": In some cases, spouses of US officials whose sensitive work was supposed to be difficult to identify were approached by Chinese and Russian intelligence officials overseas and former counterintelligence managers. In one case, Chinese activists attempted to harass and lock up the wife of a US official while she accompanied their children on a school field trip to China. “The MO is that usually at the end of the trip the light bulb comes on (and the foreign secret service identifies potential interested parties). But these were from the first day, from the airport, ”said the former official.

Concerns about what the Chinese now knew sparked an intelligence damage assessment related to the OPM and other hacks, recalled Douglas Wise, a former senior CIA official who was assistant director of Defense Intelligence from 2014-2016. Some feared that China might have deliberately and covertly altered data in people's OPM files for later use as leverage in recruitment attempts. Officials also believed the Chinese could search the OPM data to create the most ideal profiles for Chinese intelligence agencies looking to break into the US government – now that they knew exactly what the US government was looking for and what not. t while applicants for sensitive positions are considered. U.S. intelligence agencies changed their screening procedures to anticipate new, finely tuned Chinese attempts at human espionage, Wise said.

The Chinese now had unprecedented insight into how the US system worked. Meanwhile, the United States closed its eyes on China. With the CIA's carefully built network of Chinese agents being completely destroyed, the debate over how to deal with China would become increasingly controversial – even if China's ambitions increased.

Editor's note: This is the first in a three-part series. The second part, which will be released on December 22nd, looks at how Barack Obama's US secret service fought as Xi Jinping consolidated his power. The third part, which will be released on December 23, looks at the Donald Trump era and the growing collaboration between Chinese intelligence agencies and technology giants.

Related Articles