26 December 2020

BEIJING RANSACKED DATA AS U.S. SOURCES WENT DARK IN CHINA

BY ZACH DORFMAN

In early 2013, as Communist Party General Secretary Xi Jinping prepared to assume the Chinese presidency, very few people in the West had any idea what kind of leader he was. In January of that year, the New York Times’ Nick Kristof, an experienced China correspondent, wrote that Xi “will spearhead a resurgence of economic reform, and probably some political easing as well.”

This series, based on interviews with over three dozen current and former U.S. intelligence and national security officials, tells the story of China’s assault on U.S. personal data over the last decade—and its consequences.

After China discovered extensive U.S. networks inside its own government, it struck back with a series of hacks that allowed it to expose CIA operatives in Africa and Europe—while upping domestic security at home to protect against further U.S. infiltration.

Part 3: As Trump’s Trade War Raged, Chinese Spy Agencies Enlisted Private Firms 
Coming Wednesday, Dec. 23

It was a radically mistaken assessment. But even inside the U.S. government, knowledge of China—and its intensions—was at a low point. During the 2000s, U.S. intelligence had operated with relative confidence against Beijing. But during China’s biggest political transition in decades, American officials were looking through an increasingly opaque glass.

The twin disasters of the Office of Personnel Management (OPM) hack, which had helped the Chinese to identify undercover U.S. intelligence officials, and the obliteration of the CIA’s network of Chinese assets significantly “affected the quality of insight” into what the United States understood about events in that country, according to a former U.S. national security official. There was a noticeable decrease in high-quality intelligence reporting percolating up to senior policymakers, this source recalled. “Things weren’t the same.”

And as U.S. officials struggled to try and grasp what was happening on the other side of the Pacific, China was doubling down on a hacking spree that would see unprecedented amounts of data stolen and fed into an increasingly sophisticated intelligence apparatus.

At the time, White House officials trying to craft new China policies debated Xi’s character and intentions, a senior Obama-era official said. Administration officials were split in their views on Xi. There was a “set of analysis” that led some to argue that Xi was a possible reformer: a product of the Chinese Communist Party (CCP), yes, but a leader capable of ameliorating some of the excesses of the Chinese system, this former official recalled. Others, however, argued that Xi was a “neo-Maoist”: that is, a dangerous hard-liner. The difference in views was “very stark,” this person recalled.

Other officials who served under U.S. President Barack Obama recall more consensus regarding the new Chinese president. “There was never any romanticism about Xi,” said the former national security official. But ultimately, this source said, “no one was able to foresee the kind of leader he was to become.” And, as the Xi-led purges soon revealed, “the Communist Party leadership didn’t see it either,” this official recalled.

Inside the CIA, senior officials were also divided about Xi’s rise, if perhaps more skeptical than at the White House, a former senior CIA official recalled. “There was some wishful thinking that Xi would come in and promote some kind of continued reform,” this source said. “But the vast majority [within the agency] thought the party was moving toward the strongman model, [the idea] that China should stand up and become more aggressive in its viewpoint. Within elite party corners that was a big debate at the time.” But “what CIA was hearing from sources pointed to a re-centralization for the party to maintain power,” this person recalled.

“There was concern in Washington about what Xi was going to pursue, both in terms of domestic liberties, but also his approach to America,” said Gail Helt, a former CIA China analyst. “The Chinese Communist Party is corrupt, to put it mildly, but there were initial indicators that he was going to clean up that corruption, there was a little glimmer of hope. Then it was clear that he was going to purge and create a personality cult.”

Some of the gaps in intelligence were because U.S. officials had grown more cautious. There was “reluctance or concern or anxiety about putting our officers in the field given that our protective shield had been punctured [by the OPM breach],” recalled the former national security official. “We didn’t fully know what they knew about us.” Subsequently, “dozens of postings” for CIA officers scheduled for assignments in China were canceled, according to The Perfect Weapon, a 2018 book by David Sanger. “CIA, for many years, was not willing to do forward facing ops in China,” because its confidence was so shaken by the asset roll-up and other breaches, said a former senior intelligence analyst.

PRIOR LEAKS HAD ACCENTUATED THE DIFFICULTY OF EVEN ROUTINE COMMUNICATIONS BY U.S. OFFICIALS WITH THEIR CHINESE COUNTERPARTS.

China was also hardening its digital defenses against U.S. spying during 2012-2014, the former analyst said. It was “a gradual change over a year or two, as Chinese leaders started incorporating insights into increasing their control over their own internet space.” Intelligence collection by U.S. cyberspies suffered as a result. China’s tightening domestic-focused digital surveillance dragnet—like its increasing use of biometrics and closed-circuit TV—also made U.S. intelligence gathering there more difficult, former officials say.

Prior leaks had accentuated the difficulty of even routine communications by U.S. officials with their Chinese counterparts. The release of a massive tranche of U.S. diplomatic cables by WikiLeaks in 2010 and 2011 left some Chinese officials, whose relatively frank discussions with their American counterparts were documented in the cables, dangerously exposed at home. (Two Chinese government or state media sources named in the cables, for instance, had their careers stymied after the leak.) In the past, this type of relatively open diplomatic intercourse had played an important role in helping U.S. officials form a picture of China. “Chinese officials became much more reluctant to talk after [the WikiLeaks cables], because they didn’t believe we could keep it a secret,” recalled a current State Department official with extensive experience in China.
A screen shows the sentencing of Bo Xilai in Beijing on Sept. 2, 2013. The former Chinese politician was sentenced to life imprisonment for bribery, embezzlement, and abuse of power. FENG LI/GETTY IMAGES

And while the United States maintained significant eavesdropping and cyberspying capabilities against China, Chinese officials were becoming much more reluctant to talk on many channels. This wasn’t just out of the knowledge, revealed by the Edward Snowden leaks and other disclosures, that the United States might be intercepting communications; it was also out of fears that they were under surveillance by China’s own security services, according to a former Defense Intelligence Agency official. In the aftermath of the Bo Xilai affair in 2012—the first of Xi’s purges of the party, which felled both top-level government officials and army officers—Chinese officials became even more devoted to face-to-face meetings for any sensitive matter. “Disclosure of state secrets,” intentional or otherwise, was one of the most common charges brought against Xi’s targets.

As Xi began a comprehensive purge of the party and restructuring of the state, the answers about his character and intentions became clearer—at least to some members of the Obama administration. “The debates over what kind of leader Xi was going to be, that got settled pretty early for some of us,” the Obama-era official recalled. “Some did not see that as quickly.”

For this official, the meeting between Xi and Obama in 2013 in Southern California was an immediate revelation. It “wasn’t even an open question anymore” that Xi would rule with increasing authoritarianism, this person said. Over the next few years, Xi’s hard-line policies would extend into almost every area of Chinese life, from the estimated 1 million Uighurs subjected to detention, surveillance, and torture in Xinjiang; to a mass clampdown on freedom of speech; to supposed anti-corruption purges that swept up hundreds of thousands of Chinese officials. But the U.S. administration often remained reluctant to act, said the Obama-era official.

Meanwhile, the hacks continued. Beijing’s spies were ransacking Americans’ data at an almost Olympian scale. In addition to masterminding the OPM breach, hackers linked to Chinese intelligence would filch private information from over 383 million individuals, including passport and credit card data, in a massive 2014 compromise of the hotel giant Marriott; pilfer personal information from over 78 million Americans in a 2014 breach of Anthem, the major health insurance provider; breach the networks of American Airlines, United Airlines, and Sabre, a top travel reservation provider (and key target for China’s travel intelligence program); and burrow into computer systems belonging to the U.S. Department of the Navy, stealing sensitive data linked to over 100,000 naval personnel, among other penetrations of the U.S. private and public sectors. The Chinese “were always a Hoover, sucking up mountains of data beyond anything else in the world,” recalled a former senior National Security Agency official.

U.S. intelligence and national security officials, in particular, were becoming increasingly incensed by China’s actions. The Obama administration began to take more aggressive steps against Chinese cyberspying, indicting five Chinese military hackers in 2014 for a massive espionage campaign targeting U.S. companies—the first-ever public U.S. indictment of nation-state hackers—and threatening Beijing with sanctions. But senior U.S. officials under Obama still believed there were key, if narrowing, areas to carve out mutual cooperation with their Chinese counterparts.

One focus was on easing the visa process. In 2014, on a visit to Beijing, Obama announced that the United States and China had reached a reciprocal agreement to extend visas from their current one-year span to 10 years for business and tourist visas, and five years for student visas—a major potential boost for tourism and educational exchanges.

Some U.S. intelligence officials were aghast. On the Chinese side, the visa extension gambit was “an MSS-led endeavor,” said a current senior U.S. intelligence official, referring to the Ministry of State Security, China’s main civilian intelligence organization. “It was an intelligence-based process, where they wanted to get to a place where they could have a 10-year visa to the U.S., instant access in and out of the country without the U.S. government knowing.” There were “hundreds of meetings at the White House” on this issue, the official recalled. “Obama was hellbent on getting some negotiated pact. And the administration, as much as we argued with it, didn’t see the big deal. They saw it as a promulgation for trade and academia—all things that are true, but the entire [intelligence community] and FBI said, ‘Whoa whoa whoa, they’re going to increase their already excessive nontraditional collection activities.’”

The Scope of Key U.S. Data Breaches Tied to China

NUMBER OF INDIVIDUALS AFFECTED BY EACH BREACH



* TWO SEPARATE INCIDENTS, BOTH ANNOUNCED IN 2015. RESEARCH BY CHLOE HADAVAS/FOREIGN POLICY SOURCES: U.S. OFFICE OF PERSONNEL MANAGEMENT, U.S. JUSTICE DEPARTMENT, U.S. FEDERAL TRADE COMMISSION, REUTERS, WALL STREET JOURNAL, BANK INFO SECURITY, ARS TECHNICA

A second area of attempted cooperation was in cyberspace. In September 2015, in another flourish of public diplomacy—this time coinciding with Xi’s first state visit to Washington—Obama and Xi announced a major new bilateral accord forbidding the hacking-enabled theft of trade secrets by either country. The agreement set up a formal bilateral mechanism for dialogue, led by senior officials from both countries, wherein one side could lodge complaints against the other for purported violations.

Even these discussions, however, were riven by conflicting or contradictory perspectives among senior U.S. officials regarding China’s actions—and the United States’ own interests. Internally, Obama officials had debated the proper scope of the negotiations and the administration’s red lines—“what we would insist on in terms of taking our foot off their neck,” recalled the former national security official.

Some within the administration had dreamed of a bigger deal. For instance, four former officials say, during the run-up to the 2015 agreement, senior Obama-era officials floated the idea of expanding the potential accord to include cyberespionage directed at personal information, like the data found in the Marriott and Anthem breaches.

BUT MUCH OF THE RESISTANCE FROM WITHIN THE INTELLIGENCE BUREAUCRACY WAS BECAUSE U.S. CYBERSPIES ALSO ENGAGE IN WIDESPREAD HACKING OF PERSONAL DATA ABROAD.

U.S. intelligence agencies balked. They “were adamant that discussing theft of personally identifiable information was not on the table,” recalled the former national security official. “We had spent the last months being really pissed at the Chinese for stealing our shit. I realized we weren’t as exercised within the intelligence community as I thought.” The response by the intelligence community was “emphatic and unambiguous”: Other types of hacking must be excluded from the deal. Some of the pushback was because intelligence officials simply did not believe China would abide by the accord. “We thought it was policymaker masturbation,” said former Defense Intelligence Agency Deputy Director Douglas Wise, “because there’s not a penalty for noncompliance. We took a very cynical view.” (By 2018, U.S. officials would publicly state that China was in widespread violation of the deal.)

But much of the resistance from within the intelligence bureaucracy was because U.S. cyberspies also engage in widespread hacking of personal data abroad. “At one level it’s how the game is played,” said Michael Daniel, the Obama administration’s cybersecurity czar. “It’s called espionage.” Indeed, said the former senior intelligence analyst, “the reason we didn’t come out swinging on OPM was we didn’t want to set this precedent that you can’t use cyberoperations”—that is, hacking—“to get personally identifiable information out of a country’s citizens.” Intelligence officials would not assent to an agreement they wouldn’t keep themselves.


U.S. President Barack Obama and Chinese President Xi Jinping attend a State Arrival ceremony on the South Lawn of the White House in Washington, D.C., on Sept. 25, 2015. SAUL LOEB/AFP VIA GETTY IMAGES

Fundamentally, at the time, U.S. officials wanted a lot more insight into the inner workings of the Chinese government.

What they already knew was disturbing enough. By the mid-2010s, U.S. intelligence agencies had secretly burrowed into online networks controlled by the Ministry of State Security—networks where data from hacked U.S. companies and U.S. government entities was being stored, according to three former officials. In some cases, U.S. intelligence operatives watched as “bits and pieces [of this data] were being used over time,” said a former intelligence official. But the information itself was fragmentary, and the United States’ access was uneven, former officials said, so it was unclear to U.S. officials from where, exactly, this information derived—until larger hacks like those of OPM and Marriott were discovered. (Occasionally, however, U.S. officials have been able to determine the genesis of data on networks controlled by Chinese hackers that were being secretly surveilled by U.S. spies—and have quietly alerted companies to the breaches, thereby preventing much larger hacks of sensitive personal information from occurring, according to the former senior intelligence analyst.)

U.S. cyberspies were already keenly focused on Chinese data storage and processing capabilities. Within U.S. spy agencies, there was “a lot of interest in [Chinese] data centers, the technology and the hardware going into facilities that are intelligence- or military-linked,” said the same former official. “If Alibaba is running a cloud, and they have data centers inside China, well, we’ve been targeting those for a long time,” recalled the former intelligence official.

But there were still gaps in the U.S. spy agencies’ knowledge. At the tail end of the Obama administration, officials tasked the intelligence agencies to “elevate the Chinese counterintelligence threat in relation to other national collection priorities,” recalled a former senior National Security Council official with knowledge of intelligence issues—that is, to devote more intensive resources, in “all sorts of collection,” to spying on China. The push was “driven in large part by their growing cyber-capabilities, and their growing aggressive counterintelligence activities,” this source said.

This wider effort, recalled by three former officials, was born of the consensus that—even amid Russia’s 2016 election interference campaign—China, not Russia, had emerged as the biggest long-term counterintelligence threat to the United States. By the end of the Obama administration, the former senior NSC official recalled, it was clear that in China’s “technical collection, in their very aggressive recruitment of U.S. operatives, [it had] outstripped Russia.”

FUNDAMENTALLY, BEIJING’S SPY SERVICES SIMPLY OPERATED ON A MUCH LARGER SCALE THAN MOSCOW’S—AND WASHINGTON’S.

Fundamentally, Beijing’s spy services simply operated on a much larger scale than Moscow’s—and Washington’s. “One of the things where China has the advantage over pretty much everyone in this space is: If you have a nearly inexhaustible supply of human capital, then maybe you can just grab as much [data] as you can grab,” said Steve Ryan, a former deputy director of the NSA’s Threat Operations Center. “So it’s a different model on their side.”

Russia’s successes in 2016 forced senior Obama-era national security officials to discuss the country’s wider vulnerabilities, former officials said. The concern was, according to the former senior NSC official, “Will the Chinese weaponize this data they’ve accumulated over the years?”

“If they do, it has far-reaching consequences, and could be far more damaging than what Russians have done. Because they have vastly larger quantities of data than Russia does,” the former official said.

Still, some China hawks remained frustrated over what they perceived of as a lack of focus on Beijing, and especially its industrial policies. “I was fighting people to get this done, more collection on China,” said Robert Spalding, who served as the top China strategist for the chairman of the Joint Chiefs of Staff during the late Obama administration. At Spalding’s request, in 2015 the Joint Chiefs organized meetings with a suite of top intelligence officials, as well as representatives from the Commerce, Treasury, and State departments around these issues. “The [intelligence community] refused to engage,” said Spalding, who subsequently served on the National Security Council during the Trump administration.

But other former national security officials, who emphasize the time lag between high-level strategic reprioritizing of different intelligence targets and on-the-ground results, say there was an intensified focus on China around this time—including on developing greater insight into the relationship between Chinese intelligence agencies and private Chinese companies. By 2016, senior U.S. national security officials had “tasked the [intelligence community] to develop answers, setting the wheels in motion” on “the sharing between private [Chinese] companies and the MSS,” one former national security official recalled. We “were looking at the forensic trail,” they said.

The Obama administration’s increased scrutiny of the Chinese telecommunications giant ZTE helped catalyze this process, this source said: “Part of the material that was obtained within that investigation provided a breadcrumb trail to Huawei’s practices in Iran and elsewhere. But the picture was still being colored in.”

After President Donald Trump took office in early 2017, this increasingly well-developed picture would spur U.S. intelligence officials, and senior Trump administration officials, to zero in on the symbiotic relationship between China’s security apparatus and its private sector leviathans.

Editor’s Note: This is the second in a three-part series. The first part covers how the data wars began between the two nations after CIA networks were uncovered in China. The third part, to be published on Dec. 23, covers the Donald Trump era and the growing cooperation between Chinese intelligence and tech giants.

No comments: