Survey of Chinese Espionage in the United States Since 2000

by

https://www.csis.org/programs/strategic-technologies-program/survey-chinese-espionage-united-states-2000

This updated survey is based on publicly available information and lists 224 reported instances of Chinese espionage directed at the United States since 2000. It does not include espionage against other countries, against U.S. firms or persons located in China, nor the many cases involving attempts to smuggle controlled items from the U.S. to China (usually munitions or controlled technologies) or the more than 1200 cases of intellectual property theft lawsuits brought by U.S. companies against Chinese entities in either the U.S. or China. The focus is on the illicit acquisition of information by Chinese intelligence officers or their agents and on the increasing number of Chinese covert influence operations.

Chinese espionage is undertaken in pursuit of China’s strategic objectives. This is a change from the past where commercial motives were often equally important, but commercial espionage by both private and government entities remains a feature of Chinese spying. When Xi Jinping took office, first as Chair of the Central Military Commission in November 2012 and after he became President in March 2013, one of his first acts was to repurpose and reorient China’s collection priority to better serve long -term goals, clamping down on what appeared to be collection by some PLA units intended for personal gain (i.e. stealing commercial technology and providing it to private companies for cash or favors) as part of his larger campaign against corruption. Of the 224 incidents, we found that 69% were reported after Xi took office.

We have divided the publicly know incidents into categories of military, political, and commercial espionage, and covert efforts to influence the target nation’s politics. These categories are not hard and fast, since in many cases, an incident showed that Chinese collectors obtained information of both commercial and military value. A few cases reflect what seem to be global campaigns aimed at commercial, military and government targets in many countries and lasting for years

It should be noted that the incidents of Chinese espionage far outnumber those by any other country, even Russia. The long-term cost to the American economy and national security cannot be precisely measured, but estimates run into the billions of dollars for commercial and technological espionage. Chinese espionage also created immeasurable damage to national security with the theft of weapons technology, including nuclear weapons test data. In the last few years, China has added the theft of massive quantities of personal information (PII), political coercion, and influence operations, to its espionage activities.

It is worth noting that while nationality is a predictive factor for espionage, ethnicity is not. Chinese nationals who come to the US to work or study are a fertile ground for recruitment. Often they intend to return to China or have close family members resident in China, making them more susceptible to coercion. In contrast, Americans of Chinese descent are very unlikely to be recruited.

The espionage problem is the result of the increasingly hostile policies of China’s ruling Communist Party. Hacking is China’s preferred mode of espionage. We found so many instances of reported Chinese cyber espionage – 104 in the last ten years – that we created a separate list (Appendix A). But hacking is not the only form of spying and China uses traditional methods of agent recruitment (usually sex or money) as well as unconventional approaches, such as buying property next to a military or research facility. While this list is not complete, certain patterns emerge. For those cases where we could identify the actor and intent, we found:

  • 49% of incident directly involved Chinese military or government employees.
  • 41% were private Chinese citizens.
  • 10% were non-Chinese actors (usually U.S. persons recruited by Chinese officials)
  • 46% of incidents involved cyber espionage, usually by State-affiliated actors.
  • 29% of incidents sought to acquire military technology.
  • 54% of incidents sought to acquire commercial technologies.
  • 17% of incidents sought to acquire information on U.S. civilian agencies or politicians..

The Chart below shows the number of publicly reported Chinese espionage incidents over time. Perhaps the most interesting part of this chart is the sharp dip after the 2015 agreement between President Obama and President Xi to restrict commercial espionage by government entities. The decline was quickly reversed within a year of the agreement.

Image
Photo: CSIS
Photo: CSIS

This list is derived from open-source material and likely does not reflect the full number of incidents. It is most likely incomplete and more anecdotal than we would like. As with any list based on publicly availed information, increased numbers of incidents could reflect an increase in activity after 2009 or it could reflect increased public reporting of espionage cases, as greater attention was paid to the problem and the U.S. government became less reluctant (at the end of the Bush Administration) to publicly identify China as the perpetrator. Since these are only reported cases, and given the clandestine nature of espionage, it is likely that this underestimates the actual scope of the problem. The list of individual incidents follows below.

May 2001: Beginning in January 2000, Hai Lin, Kai Xu, and Yong-Qing Cheng formed a joint venture with the Datang Telecom Technology Company of Beijing to steal trade secrets from Lucent.

2003: Chinese hackers exfiltrated national security information from Naval Air Weapons Station China Lake, including nuclear weapons test and design data, and stealth aircraft data.

April 2003: Katrina M. Leung was arrested for convincing an FBI agent to share classified information, which she passed on to China, over a ten-year period.

February 2004: Ronald N. Montaperto, a former DIA intelligence analyst, was arrested for providing Chinese military attaches with Secret and Top-Secret information.

July 2004: Yan Ming Shan, a Chinese employee of a U.S. software firm that develops land sensing technology for oil companies, gained unauthorized access to the company’s computer system and attempted to bring sensitive technology back to China.

April 2005: Chinese hackers infiltrated NASA networks managed by Lockheed Martin and Boeing and exfiltrated information about the Space Shuttle Discovery program.

June 2005: Noshir Gowadia, an American citizen, took six trips to China between 2003-2005 to assist with its cruise missile system by developing a stealthy exhaust nozzle and was paid at least $110,000 by China. He provided them with designs for a low-signature cruise missile exhaust system.

October 2005: Chi Mak and other Chinese intelligence operatives collected technical information about the Navy’s current and future warship technologies. Chi intended to export the information to China.

November 2005: Moo Ko-Suen was a representative for an American aerospace firm for 10 years in Taiwan, during which time he acted as an agent for the Chinese government and tried to buy sophisticated military parts and weapons, including an F-16 fighter jet engine and cruise missiles, for China.

2005: Chinese hackers infiltrated U.S. Department of Defense networks in an operation known as “Titan Rain.” They targeted U.S. defense contractors, Army Information Systems Engineering Command; the Defense Information Systems Agency; the Naval Ocean Systems Center; and the U.S. Army Space and Strategic Defense installation.

a Pentagon computer network serving the Secretary of Defense, forcing the network to be shut down for more than a week.

September 2007: Hackers gained access to the Department of Homeland Security’s networks through a contractor and exfiltrated unclassified information to Chinese servers.

December 2007: Chinese hackers successfully stole information from Oak Ridge National Laboratory, Los Alamos National Laboratory, and the National Nuclear Security Administration.

January 2008: Qinggui Zeng stole trade secret information related to the paint industry from an American firm for the benefit of a Chinese firm.

February 2008: The Department of Justice charged Dongfan Chung, a former Boeing engineer, with economic espionage and serving as a foreign agent for China. Prosecutors determined that he had been acting on Chinese orders since at least 1979. He stole Boeing trade secrets relating to the Space Shuttle, the C-17 military transport aircraft and the Delta IV rocket for China.

compromise of the Dalai Lama’s computer systems.

April 2009: Yan Zhu, along with unidentified co-conspirators, planned to steal trade secrets relating to computer systems and software with environmental applications from his U.S. employer.

October 2009: Hong Meng accepted employment as a faculty member at Peking University, and thereafter began soliciting funding to commercialize his research from Dupont on Organic Light-Emitting Diodes. He shared trade secret chemical processes, including those related to OLEDs, with PKU. Meng was convicted in 2010.

November 2009: Janice Capener, a Chinese national, stole trade secret information from Orbit Irrigation for the benefit of a competing Chinese firm.

January 2010: Google announced that a sophisticated attack had penetrated its networks, along with the networks of more than 30 other US companies. The goal of the penetrations, which Google ascribed to China, was to collect technology, gain access to activist Gmail accounts and to Google’s Gaea password management system.

encryption software, compromising RSA SecureID tokens. The stolen information was used in subsequent attacks carried out by China.

April 2011: Between March 2010 and April 2011, the FBI identified twenty incidents in which the online banking credentials of small-to-medium sized U.S. businesses were compromised and used to initiate wire transfers to Chinese economic and trade companies. As of April 2011, the total attempted fraud amounts to approximately $20 million; the actual victim losses are $11 million.

April 2011: Chinese hackers engaged in a phishing campaign aimed at compromising hundreds of Gmail passwords for accounts of prominent people, including senior U.S. officials.

April 2011: Chinese hackers attempted to steal technical data from the computer systems of Oak Ridge National Laboratory.

June 2011: Beginning in 2010, Chunlai Yang conspired to steal trade secret information related to the source code of the OS for the Globex electronic trading platform for the benefit of a Chinese firm.

August 2011: Chinese hackers engaged in a series of cyber-attacks against 72 entities, including multiple U.S. government networks.

October 2011: Chinese hackers infiltrated at least 48 chemical and defense companies and stole trade secret information and sensitive military information.

November 2011: Chinese hackers interfered with U.S. satellites and stole sensitive data.

October 2013: Chinese hackers targeted a U.S. based think tank.

December 2013: Six Chinese nationals conspired to steal trade secret information related to seeds from Dupont, Monsanto, and LG seeds for the benefit of Beijing Dabeinong Technology Group, a competing Chinese firm.

December 2013: Weiqiang Zhang stole trade secret information related to rice seeds from an American agricultural firm for the benefit of a Chinese firm.

Japan.

April 2017: CrowdStrike observed a China-based adversary target a U.S.-based think tank. CrowdStrike later named the adversary “Mustang Panda.”

May 2017: Beginning in 2011, Hackers from the internet security firm Boyusec (which has ties to MSS) compromised the networks of three companies over a multi-year period and gained access to confidential documents and data, including sensitive internal communications, usernames and passwords, and business and commercial information.

June 2017: U.S. citizen Shan Shi and Chinese national Gang Liu worked on behalf of Chinese company CBM-Future New Material Science and Technology Co. Ltd. (CBMF) to steal trade secrets related to the development of syntactic foam from an unnamed global engineering firm.

June 2017: Kevin Patrick Mallory, a former CIA officer, transferred classified documents to an agent of China’s intelligence services.

August 2017: Dong Liu attempted to obtain trade secret information from Medrobotics Corporation for China.

September 2017: China allegedly inserted malware into a widely used PC management tool. The malware targeted at least 20 major international technology firms.

October 2017: China allegedly carried out a cyberattack against a U.S. think tank and law firm, both of which were associated with fugitive Chinese tycoon Guo Wengui.

October 2017: Jerry Jindong Xu sought to help Chinese investors build a sodium cyanide plant to compete with Chemours by stealing pricing information, passwords for spreadsheets, confidential documents, and plant system diagrams from Chemours while he was employed there.

November 2017: Three Chinese nationals employed at a China-based Internet security firm were indicted by a US grand jury for computer hacking, theft of trade secrets, conspiracy, and identity theft against employees of Siemens, Moody’s Analytics, and Trimble.

charged with conspiring to steal trade secrets from a U.S. oil and gas manufacturer to benefit a Chinse firm.

October 2020: Eight individuals were charged with conspiring to act as illegal agents on behalf of the PRC. The individuals engaging in “Operation Fox Hunt” allegedly attempted to harass, stalk, and coerce individuals living in the U.S. who are wanted in China to return to the country.

October 2020: U.S. citizen Elliott Broidy pleaded guilty to undisclosed lobbying on behalf of the PRC in exchange for millions of dollars. Broidy attempted to get the U.S. government to drop a large fraud and money laundering prosecution and deport a critic of the PRC.

November 2020: Wei Sun, an electrical engineer with Raytheon, was sentenced to 38 months in federal prison for transporting sensitive missile technology to China on his laptop.

November 2020: In 2020, two apps were banned from the Google Play Store after cybersecurity researchers discovered that a software development kit developed by the Chinese internet giant Baidu had sent sensitive data on hundreds of millions of users to Chinese servers.

December 2020: Axios reported on a Chinese intelligence operation that allegedly occurred between 2011 and 2015. During the operation, a suspected Chinese spy named Fang Fang targeted local and national politicians through networking, campaign fundraising, and romantic or sexual relationships to gain proximity to political power.

December 2020: Yu Zhou and his wife Li Chen admit to conspiring to steal trade secrets from the local Ohio pediatric research institute where they worked and sell them to China.

theft involving Broadcom trade secrets. Kim had been employed by Broadcom for over twenty years. He was indicted in November 2021 and pleaded guilty on May 10, 2022.

October 2022: Two Chinese citizens were charged in a criminal complaint in federal court in New York with obstruction of justice and accused of attempting to pay bribes for inside information about the high-profile prosecution of Chinese telecommunications giant Huawei.

November 2022: Suspected Chinese-linked hackers carried out an espionage campaign on public and private organizations in the Philippines, Europe, and the United States since 2021. The attacks used infected USB drives to deliver malware to the organizations.

October 2022: In three separate cases in the U.S. Attorneys’ Offices for the Eastern District of New York and the District of New Jersey, the Justice Department has charged 13 individuals, including members of the People’s Republic of China (PRC) security and intelligence apparatus and their agents, for alleged efforts to unlawfully exert influence in the United States for the benefit of the government of the PRC.

December 2022: Chinese government-linked hackers stole at least $20 million in COVID-19 relief funds from the U.S. government, including Small Business Administration loans and unemployment insurance money. The U.S. Secret Service announced they retrieved half of the stolen funds thus far.

collected data from satellite, telecom, and defense organizations in the United States and Southeast Asia.

March 2018. Chinese hackers targeted U.S. defense and engineering companies with ties to the South China Sea. The attacks sought sensitive data in line with government espionage objectives.

January 2018. Chinese hackers infiltrated a U.S. Navy contractor working for the Naval Undersea Warfare Center. 614 gigabytes of material related to a supersonic anti-ship missile for use on U.S. submarines were taken, along with submarine radio room information related to cryptographic systems and the Navy submarine development unit’s electronic warfare library

November 2017. Three Chinese nationals employed at a China-based Internet security firm are indicted by a US grand jury for computer hacking, theft of trade secrets, conspiracy, and identity theft against employees of Siemens, Moody’s Analytics, and Trimble.

September 2017. China allegedly inserted malware into widely used PC management tool. The malware targeted at least 20 major international technology firms.

June 2007: PLA hackers breached a Pentagon computer network serving the Secretary of Defense, forcing the network to be shut down for more than a week.

2007: Chinese hackers breached the Pentagon’s Joint Strike Fighter project and stole data related to the F-35 fighter jet.

January 2007: The National Defense University discovered Chinese malware in its computer systems.

December 2006: Fei Ye and Ming Zhong stole trade secrets from two American technology firms to benefit China. They intended to utilize the secrets to build microprocessors for their company, Supervisor Inc. which would share any profits made on the sale of chips to the City of Hangzhou and the Province of Zhejiang in China.

December 2006: Chinese hackers infiltrated the U.S. Naval War College

August 2006: Chinese hackers infiltrated the Department of Defense’s non-classified NIPRNet, downloading 10 to 20 terabytes of data.

July 2006: Chinese hackers infiltrated the U.S. State Department’s unclassified network and stole sensitive information and passwords.

April 2006: Chinese hackers infiltrated NASA networks managed by Lockheed Martin and Boeing and exfiltrated information about the Space Shuttle Discovery program.

April 2005: Chinese hackers infiltrated NASA networks managed by Lockheed Martin and Boeing and exfiltrated information about the Space Shuttle Discovery program.

2005: Chinese hackers infiltrated U.S. Department of Defense networks in an operation known as “Titan Rain.” They targeted U.S. defense contractors, Army Information Systems Engineering Command; the Defense Information Systems Agency; the Naval Ocean Systems Center; and, the U.S. Army Space and Strategic Defense installation.

2003: Chinese hackers exfiltrated national security information from Naval Air Weapons Station China Lake, including nuclear weapons test and design data, and stealth aircraft data

We would like to thank Shawn Rostker, Evan Burke, Matthew Serrone, Khristal Thomas, Arthur Nelson, Ian Haimowitz, David Robusto, Janice Li and Harini V for their contributions to this timeline.

 

 

No tags 0 Comments 0

No Comments Yet.