Chinese intelligence operations in the United States

The People's Republic of China (PRC) is alleged to undertake a widespread effort to acquire U.S. military technology and classified information. To fulfill its long-term military development goals, the PRC uses a variety of methods to obtain U.S. technology -- including espionage, the exploitation of commercial entities, and a network of scientific, academic, and business contacts. The Chinese operate in ways that take advantage of U.S. laws to avoid prosecution. The PRC uses a vast network of agents and contacts to collect pieces of information that are collated and put together in the PRC. Often each individual piece is not enough to warrant any suspicion or prosecution from U.S. government personnel. The aggressiveness of Chinese penetration is well documented in multiple espionage cases including those of Larry Wu-Tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak, and Peter Lee. In addition to traditional espionage, the PRC uses civilian companies to partner with American businesses in order to acquire advanced technology and economic data. Additionally, the PRC utilizes cyber-espionage to penetrate the computer networks of U.S. businesses and government agencies. This is evidenced by a recent Chinese cyber-attack on Google's computer systems in December 2009. PRC intelligence operations in the United States have become so pervasive that U.S. law enforcement officials have identified China as the most active foreign power involved in illegal acquisition of American technology.

High profile Chinese spy cases in US media have raised concerns to civil rights groups about racial profiling Chinese Americans, Asian Americans, or immigrants of Chinese origin for being spies, especially after the high profile "Chinese espionage" case against Wen Ho Lee fallen apart.

Methods
The PRC utilizes a variety of methods to operate in the United States. The individuals attempt to acquire the targeted information by utilizing open sources such as libraries, research institutions and unclassified databases. In addition to co-opting Chinese travelers to carry out specific intelligence operational activities, the PRC often debriefs Chinese scientists who participate in scholarly exchange programs, or who attend trade missions, scientific cooperation programs and other similar events. Moreover, the character of the Chinese political system allows the state great power to compel Chinese citizens to cooperate. Consequently, the PRC is able to utilize a vast network of contacts recruited to collect and steal intelligence on cutting edge U.S. technologies, including the most sensitive military developments.

Partnerships are started between Chinese civilian companies and foreign companies in order to give Chinese defense industries access to advanced technologies. The regulatory and commercial environment in China places intense pressure on American and other foreign companies to transfer technology to their Chinese partner companies as part of doing business in the PRC. In order to remain globally competitive, foreign companies are almost always willing to provide technology, capital, and manufacturing expertise in order to obtain access to Chinese markets. High-technology equipment is also purchased by PRC recruited agents running front companies in Hong Kong. Some of the items acquired are dual-use components, which can be used for both military or civilian purposes. These items may include computers, semiconductors, software, telecommunications devices, and integrated circuits. Furthermore, the PRC will use Chinese state-run firms to outright purchase American companies with access to the targeted technology.

The PRC also accesses restricted foreign technology through industrial espionage. U.S. Immigration and Customs Enforcement officials have rated China's industrial espionage and theft operations as the leading threat to the security of U.S. technology. Between October 2002 and January 2003 five Chinese businessmen were accused of illegally shipping equipment and trade secrets from California to China. U.S. Officials were able to prevent one Chinese man from shipping a recently purchased high-speed computer from Sandia National Laboratories, which had been used on classified projects including the development of nuclear weapons.

Nuclear espionage
A 1999 report of the United States House of Representatives Select Committee on U.S. National Security and Military and Commercial Concerns with the People's Republic of China, known as the Cox Report, warned that the PRC has stolen classified information on every thermonuclear warhead in the U.S. ICBM (intercontinental ballistic missile) arsenal. Information is collected through espionage, as well as through rigorous reviews of U.S. technical and academic publications, and pervasive interaction with U.S. scientists. The PRC tasks a large number of individuals to collect small pieces of information which is then collated and analyzed in the PRC. In this way, individual PRC agents can more easily escape suspicion while carrying out their operations in the United States. U.S. Government personnel suspect that the PRC's intelligence collection efforts directed towards the development of modern nuclear weapons to be focused primarily on the Los Alamos, Lawrence Livermore, Sandia, and Oak Ridge National Laboratories. The PRC is known to have stolen classified information on the following warheads: the W-56 Minuteman II ICBM, the W-62 Minuteman III ICBM, the W-70 Lance short-range ballistic missile (SRBM), the W-76 Trident C-4 submarine-launched ballistic missile (SLBM), the W-78 Minuteman III Mark 12A ICBM, the W-87 Peacekeeper ICBM, and the W-88 Trident D-5 SLBM. The PRC also has stolen classified information on U.S. weapons design concepts, weaponization features, and warhead reentry vehicles.

Cyber warfare
The PRC operates a political and corporate espionage effort directed towards accessing the networks of major financial, defense and technology companies, and research institutions in the United States. PRC efforts involve exploiting security flaws in software, and email attachments to sneak into the networks of important U.S. companies and organizations. An example of such an attack, is a recipient opening an email attachment that seems to be from a familiar source. The attachment contains a "sleeper" program that embeds in the recipient's computer. The program is controlled remotely, allowing the attacker to access the recipient's email, send sensitive documents to specific addresses, and even turn on a web camera or microphone to record what is happening in the room.

In January 2010, Google reported, "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google." According to investigators, the Google cyberattack was directed towards the company's password system that millions of people use to access Google's various web services, including email and business applications. The attack targeted the Gmail accounts of Chinese human rights activists. In addition to Google, at least 34 companies have been attacked including Yahoo, Symantec, Adobe, Northrop Grumman, and Dow Chemical.

In January 2013 The New York Times reported that it had been the victim of hacking attempts originating from China over the previous four months after it had published an article on Prime Minister Wen Jiabao. The newspaper elaborated that the "attacks appear to be part of a broader computer espionage campaign against American news media companies that have reported on Chinese leaders and corporations."

Chinese cyberattacks seem to have largely targeted strategic industries in which China is lagging. Specifically, attacks on defense companies target information on weapons systems, and attacks on technology companies seek valuable source code which is critical to software applications. Chinese cyberattacks have emphasized what senior U.S. Government officials have said is an increasingly serious cyber threat to U.S. critical industries.

Larry Wu-Tai Chin
Larry Wu-Tai Chin worked in the U.S. intelligence community for close to 35 years, all the while providing the PRC with sensitive classified information. Chin was recruited as a spy by a Chinese Communist Official in 1948, while he was employed as an interpreter at the U.S. Consulate in Shanghai. Chin was later hired by the CIA’s Foreign Broadcast Information Service office. After becoming an American Citizen in 1965, Chin was transferred to Arlington, Virginia, where he had access to highly sensitive information; including reports from intelligence agents abroad, and translations of documents acquired by CIA Officers in China. In addition, Chin sold highly classified National Intelligence Estimates pertaining to China and Southeast Asia to the PRC. Consequently, the PRC was able to uncover weaknesses in their intelligence agencies, and compromise U.S. intelligence activities in the region. Among the most damaging information Chin compromised, was highly sensitive information regarding President Nixon’s plans for normalizing relations with China two years before President Nixon traveled to China. In February 1986, Larry Wu-Tai Chin was finally convicted of 17 counts of espionage, conspiracy, and tax evasion.

Katrina Leung
In 1982 FBI Special Agent James Smith recruited Leung, then a 28-year-old immigrant from China, to work in Chinese counterespionage. Leung, a prominent business consultant, was seen as especially valuable due to the many contacts she had with high level officials in the Chinese Government. Smith and Leung became involved in a long-term sexual affair lasting nearly two decades. During this time, Smith made classified documents available to Leung, who was able to surreptitiously make copies of multiple classified documents. Leung was able to provide the PRC with information on nuclear, military, and political issues. Another FBI agent, William Cleveland, also became sexually involved with Leung. Leung was able to exploit her personal relationships with her FBI handlers and provide the PRC with highly sensitive information for 18 years.

Peter Lee
Lee was a Chinese born physicist who worked at Los Alamos nuclear weapons laboratory, and later for TRW, a major California defense contractor. Lee pleaded guilty to lying on Security Clearance forms, and to passing classified national defense information to Chinese scientists on business trips to Beijing. Lee compromised classified weapons information, microwave submarine detection technology, and other national defense data. Later the Department of Energy concluded that Lee's disclosure of classified information, "was of significant material assistance to the PRC in their nuclear weapons development program...This analysis indicated that Dr. Lee's activities have directly enhanced the PRC nuclear weapons program to the detriment of U.S. national security."

Chi Mak
Chi Mak is a Chinese-born engineer who worked for L-3 Communications, a California based defense contractor. Chi worked as a support engineer on Navy quiet drive propulsion technology. According to recovered documents, Chi was instructed by his Chinese contacts to join "more professional associations and participate in more seminars with 'special subject matters' and to compile special conference materials on disk." Specifically, Chi was to seek information on: space-based electromagnetic intercept systems, space-launched magnetic levitation platforms, electromagnetic gun or artillery systems, submarine torpedoes, electromagnetic launch systems, aircraft carrier electronic systems, water jet propulsion, ship submarine propulsion, power system configuration technology, weapons system modularization, technologies to defend against nuclear attack, shipboard electromagnetic motor systems, shipboard internal and external communications systems, and information on the next generation of US destroyers. Chi Mak was able to successfully secretly copy and send various sensitive documents on U.S. Navy ships, submarines and weapons to China via courier. In 2008, Chi was sentenced to a 24 and 1/2 year prison term for his espionage activities.

Ko-Suen "Bill" Moo
Ko-Suen Moo was convicted of being a covert agent of the People's Republic of China in May 2006. He attempted to purchase United States military equipment to send back to China but was arrested by undercover United States agents. Some of the equipment Mr. Moo tried to purchase included an F-16 fighter jet engine, an AGM-129A cruise missile, UH-60 Black Hawk helicopter engines, and AIM-120 air-to-air missiles.

Wen Ho Lee
Wen Ho Lee is a Taiwanese American scientist who worked for the University of California at the Los Alamos National Laboratory. He created simulations of nuclear explosions for the purposes of scientific inquiry, as well as for improving the safety and reliability of the US nuclear arsenal. A federal grand jury indicted him of stealing secrets about the U.S. nuclear arsenal for the People's Republic of China (PRC) in December 1999.

After federal investigators were unable to prove these initial accusations, the government conducted a separate investigation and was ultimately only able to charge Lee with improper handling of restricted data, one of the original 59 indictment counts, to which he pleaded guilty as part of a plea settlement. In June 2006, Lee received $1.6 million from the federal government and five media organizations as part of a settlement of a civil suit he had filed against them for leaking his name to the press before any formal charges had been filed against him. Federal judge James A. Parker eventually apologized to Lee for denying him bail and putting him in solitary confinement, and excoriated the government for misconduct and misrepresentations to the court.

Bo Jiang
Bo Jiang, a researcher working on "source code for high technology imaging" at NASA's Langley Research Center, was arrested under the charge of lying to federal officer on March 16, 2013 at Dulles International Airport before he was on his planned one-way trip to return to China. Allegedly, Jiang told FBI that he was carrying fewer computer storage devices than he really was. He has been accused of espionage by Representative Frank Wolf, and is under investigation for possible violations of the Arms Export Control Act. An affidavit claimed that on a prior occasion, Jiang had taken a NASA laptop containing sensitive information to China.

U.S. Magistrate Judge Lawrence Leonard ordered Jiang released after a federal prosecutor acknowledged there is no evidence so far that he possessed any sensitive, secret or classified material. Jiang's lawyer says congressman is making "scapegoat" of his client and a subject of witch hunt.

On May 2nd 2013, Bo Jiang was exonerated in federal court of the only felony charge of lying to federal investigators, despite the hype in media that he was a Chinese spy.

Hua Jun Zhao
Hua Jun Zhao, 42, may have stolen a cancer-research compound from a Medical College office in Milwaukee and taken steps to deliver it to Zhejiang University, according to a Federal Bureau of Investigation agent’s affidavit in support of a criminal complaint dated March 29.

Chinese intelligence-gathering agencies
Ministry of State Security（中华人民共和国国家安全部）: Formerly a bureau under the Ministry of Public Security, it was raised to Ministry status in June 1983. MSS is the principal Chinese agency responsible for intelligence collection and counterintelligence. According to Western intelligence sources, MSS operates intelligence activities in more than 170 cities in close to 50 countries through its Foreign Affairs Bureau. MSS reach beyond China allows it to pursue Chinese dissidents in foreign countries and establish cover for Chinese diplomats and agents who are planted among the 15,000 Chinese students who attend U.S. universities, as well as thousands of Chinese who travel to the U.S. as business representatives, or members of scientific, academic, and cultural delegations.

People's Liberation Army: Intelligence elements of the PLA include: Second Department or Intelligence Department（of People's Liberation Army General Staff Department，总参二部）, Third or Electronic Warfare Department（总参三部）, Fourth Department (focuses on information warfare)（总参四部）, General Armaments Department and General Logistics Department (both of which train technical collectors)（总装备部及总后勤部）, and the PLA General Political Department（总政治部）.

Political Legal Leading Group（政法委）: Chinese Communist Party agency under the party's Military Commission (responsible for internal order), whose responsibilities include overseeing intelligence and law enforcement regarding internal affairs.

Investigations Department（监察部）: Chinese Communist Party agency that is responsible for political investigations of party members.

United Front Works Department（统战部）: Chinese Communist Party agency that is responsible for handling Chinese who are living in other countries and who are usually citizens of other countries. Works Department personnel are stationed in Chinese embassies and consulates, and attempt to influence important people of Chinese ancestry to follow Chinese Communist Party direction. Works Department Agents also keep an eye on Chinese academics and scientists working in other countries and make sure they eventually go back home to China.

The Commission of Science, Technology, and Industry for National Defense（国防科工委）: Sends agents to foreign countries, including the United States, as employees of front organizations to purchase defense equipment and technologies restricted for export. Examples of Chinese cover organizations include, New Era Corp., Chinese International Trust and Investment Corp., and Poly Technologies.

Various case histories

 * In 2007, McAfee, Inc. alleged that China was actively involved in "cyberwar." China was accused of cyber-attacks on India, Germany, and the United States, although China denied knowledge of these attacks. China has the highest number of computers vulnerable to be controlled, owing at least partially to the large population.


 * A September 2007 estimate by former senior U.S. information security official Paul Strassmann claimed that 735,598 computers in the US were "infested with Chinese zombies"; infected computers would potentially create a botnet capable of carrying out unsophisticated, but potentially dangerous denial-of-service attacks.


 * On March 28, 2009, a cyber spy network, dubbed GhostNet, using servers mainly based in China has tapped into classified documents from government and private organizations in 103 countries, including the computers of Tibetan exiles, but China denies the claim.


 * In December 2009 through January 2010, a cyber attack, dubbed Operation Aurora, was launched from China against Google and over 20 other companies. Google said the attacks originated from China and that it would "review the feasibility" of its business operations in China following the incident. According to Google, at least 20 other companies in various sectors had been targeted by the attacks. McAfee spokespersons claim that "this is the highest profile attack of its kind that we have seen in recent memory."

Impact on Chinese/Asian Americans
High profile Chinese spy cases in US media have raised concerns to civil rights groups about racial profiling Chinese Americans, Asian Americans, or immigrants of Chinese origin for being spies. In the prominent case targeting Wen Ho Lee, Dr. Lee's lawyers say the scientist had been unfairly singled out by government investigators because of his ethnic background.