Tech Giants Are Giving China a Vital Edge in Espionage
U.S. officials say private Chinese firms have been enlisted to process stolen data for their country’s spy agencies.
In 2017, as U.S. President Donald Trump began his trade war with China, another battle raged behind the scenes. The simmering, decadelong conflict over data between Chinese and U.S. intelligence agencies was heating up, driven both by the ambitions of an increasingly confident Beijing and by the conviction of key players in the new administration in Washington that China was presenting an economic, political, and national security challenge on a scale the United States had not faced for decades—if ever.
Beijing was giving China hawks in the United States plenty of ammunition. That same year, hackers working for China’s People’s Liberation Army would mastermind a massive breach of Equifax, one of the United States’ largest credit reporting firms. The military-linked hackers absconded with a dizzying amount of personal data, including Social Security numbers, home addresses, birth dates, driver’s license numbers, and credit card information. Roughly 145 million Americans had their personal data exposed by the hack.
The Trump administration’s China policies were probably the most antagonistic of any U.S. presidency since the height of the Cold War in the 1960s. Still, even within the administration, key China advisors were divided. “In the first year [of the Trump era] at the National Security Council, we were arguing and debating the direction [of China policy],” recalled Robert Spalding, who served as the council’s senior director for strategic planning until early 2018. The environment shifted in 2018, Spalding said, after the advent of the administration’s National Security Strategy, its decision to escalate the trade war, and the departure of Susan Thornton, the State Department’s top Asia policy official, who Spalding says stymied attempts by the FBI and Department of Justice to take a more aggressive tack on China-related prosecutions. (Thornton declined to comment.)
But for some critics, the administration’s shifting rationales undermined its credibility on China and technology issues. A number of Trump administration officials emphasized the national security threats posed by Chinese tech giants, while others—most notably Trump himself—intimated that these companies’ access to U.S. goods and markets were bargaining chips in the ongoing trade war. ZTE, a major Chinese telecommunications firm, was almost driven out of business after the administration, citing national security, banned American suppliers from working with it—until Trump granted the company a reprieve, seemingly as part of trade-related negotiations with Chinese leader Xi Jinping. “President Xi of China, and I, are working together to give massive Chinese phone company, ZTE, a way to get back into business, fast. Too many jobs in China lost. Commerce Department has been instructed to get it done!” Trump tweeted in May 2018.
A full-court press by the administration on Huawei, the world’s largest telecom equipment firm, lost momentum after the president floated dropping an extradition request against a Huawei executive arrested in Canada for sanctions evasion in exchange for trade relief. Administration officials also shifted from hinting about the company’s current malicious activities on behalf of China’s spy services to emphasizing the threat it might pose in the future, once it had monopolized much of the world’s telecom infrastructure.
This was a fair worry. Chinese industry has always been, to some extent, subordinated or intertwined with the party-state, although the origins of these ties are often murky. The People’s Liberation Army was a dominant player in Chinese firms for decades, owning businesses from hospitals to condom factories; the Chinese Communist Party has itself repeatedly attempted to force military divestiture to fight corruption.
But the embrace between China’s intelligence services and Chinese businesses has gotten tighter, U.S. officials say. In 2017, under Xi’s intensifying authoritarianism, Beijing promulgated a new national intelligence law that compels Chinese businesses to work with Chinese intelligence and security agencies whenever they are requested to do so—a move that codified “what was pretty much what was going on for many years before, though corruption had tempered it” previously, a former senior CIA official said.
In the final years of the Obama administration, national security officials had directed U.S. spy agencies to step up their intelligence collection on the relationship between the Chinese state and China’s private industrial behemoths. By the advent of the Trump era, this effort had borne fruit, with the U.S. intelligence community piecing together voluminous evidence on coordination—including back-and-forth data transfers—between ostensibly private Chinese companies and that country’s intelligence services, according to current and former U.S. officials. There was evidence of close public-private cooperation occurring on “a daily basis,” according to a former Trump-era national security official. “Those commercial entities are the commercial wing of the party,” the source said. “They of course cooperate with intelligence services to achieve the party’s goals.”
Beijing’s access to, and ability to sift through, troves of pilfered and otherwise obtained data “gives [China] vast opportunities to target people in foreign governments, private industries, and other sectors around the world—in order to collect additional information they want, such as research, technology, trade secrets, or classified information,” said William Evanina, the United States’ top counterintelligence official. “Chinese technology companies play a key role in processing this bulk data and making it useful for China’s intelligence services,” he said.
In what amounts to intelligence tasking, China’s spy services order private Chinese companies with big-data analytics capabilities to “condition”—that is, work up or process—massive sets of information, including from hacks like the massive breach of the U.S. Office of Personnel Management (OPM), that have intelligence value, according to current and former officials. This data then promptly flows back to Chinese state entities, they say.
“Just imagine on any given day, if NSA and CIA are collecting information, say, on the [Chinese military], and we could bring back seven, eight, 10, 15 petabytes of data, give it to Google or Amazon or Microsoft, and say, ‘Hey, condition this on the weekend. We want all these analytics; get it back to us next week.’ That’s what they do. They have Alibaba and they have Baidu. We don’t have that,” a current senior intelligence official said.
Market Value and Reach of Key Chinese Tech Companies
By co-opting Chinese companies’ data-processing capabilities, U.S. officials say, Beijing’s spy agencies can rapidly sift through massive amounts of information to find key nuggets of intelligence value—for example, to help identify an undercover CIA operative by cross-checking real-time travel intelligence with other sources gathered by China’s Ministry of State Security (MSS). And by outsourcing these expensive data-processing functions to private companies, Chinese intelligence agencies can also exploit these commercial capabilities at a scale they don’t possess themselves or don’t want to build in-house, officials say. Alibaba and Baidu did not respond to multiple requests for comment.
The cooperation hasn’t always been frictionless. “The private companies are hostages to it,” a former counterintelligence executive said. “Arguments ensue.” Sometimes, U.S. intelligence officials would learn about “pissed-off employees” at Chinese companies upset about “doing extra work” on behalf of Chinese intelligence, the former executive said. But they were obligated to comply. “All the major Chinese firms have benefited from knowing, at various points, how to not be too big to fail the party,” the former senior CIA official said. The companies’ at-times begrudging cooperation with Beijing’s intelligence agencies is still, in the end, a subordination to them.
Many Chinese tech firms “probably want to be normal tech companies, and don’t want to deal with these ideological expectations, or the national security expectations,” said Elsa Kania, a China expert and adjunct senior fellow at the Center for a New American Security. “Most Chinese tech companies are not that dissimilar to their counterparts in Silicon Valley. The difference is they are trying to operate within a system where there are incentives and expectations to cultivate closer relations with the government, or the potential for retribution should they step out of line on some front.”
Chinese companies walk a tricky line when talking about such ties. Publicly, and especially in English, they deny any links to Beijing’s intelligence or military apparatus. Huawei, which has faced a flood of accusations about these links, implausibly claims to be owned by its employees. At home, though, the same companies repeatedly avow their loyalty to the party and willingness to assist the security services.
Some connections are more deep-seated. For instance, the former senior CIA official said that, based on “high-confidence reporting,” the CIA concluded that the Chinese tech giant Tencent, which operates the ultrapopular WeChat messaging service, received funding from the Ministry of State Security early on in its foundation. The organization, China’s chief civilian intelligence agency, provided a “seed investment,” this former official said, “when they were trying to build out the Great Firewall and the monitoring technology.”
“This is entirely false,” Tencent said. “Our history as an entrepreneurial start-up is well known, funded first by our founders and then IDG and PCCW, and we’ve been a public company with transparent ownership for over 16 years.”
Cooperation picked up “when WeChat became a thing; the MSS came to them regarding monitoring things and shutting them down when necessary,” said the former senior CIA official. “It’s not that Tencent or [its founder] Pony Ma are dancing to the tune of what the MSS says, but if at any point China’s security services need assistance, they are providing it.”
“Tencent, like any other company operating in China, complies with [Chinese] law in a transparent way,” Tencent said. “The allegations beyond this are completely false.”
Economic espionage by China’s spy agencies has benefited mainland companies for many years, with data hacked or otherwise stolen by China’s intelligence services flowing toward the private sector to give Chinese firms a leg up against the competition. While intellectual property theft is common—and often driven by the private sector—in China, the state has long played a key role in industrial espionage. America’s firms, with their hefty government and military contracts, became juicy targets in the online era. “It’s well understood that you’ve had some flow of information from Chinese intelligence agencies to private sector entities,” said Sean Kanuck, who served as the U.S. national intelligence officer for cyber issues from 2011 to 2016.
As far back as 2000, according to Steve Ryan, the former deputy director of the National Security Agency’s Threat Operations Center, U.S. officials observed Chinese cyberoperations aimed at piercing U.S. defense contractors—something that was occurring “on a regular basis” by around 2006 onward, Ryan said. The Chinese were “just robbing the defense industrial base blind, in certain areas, in certain technologies,” he recalled. “And then we would just watch them form a company that would then put that U.S.-side interest out of business. We saw that time and again.” These cyber-incursions became ubiquitous, with Chinese state hackers successfully compromising the networks of contractors to the Pentagon’s U.S. Transportation Command 20 times in a single year, according to a 2014 Senate Armed Service Committee report. In 2018, Chinese operatives successfully hacked a U.S. Navy contractor, pilfering highly sensitive information related to the development of submarine missiles.
American officials stewed as China rolled out new fighter jets and other weapons systems copied from stolen U.S. designs. Using their own technical spying capabilities, U.S. intelligence officials also observed hacked information being transferred from data centers controlled by Chinese intelligence agencies to quasi-private, quasi-public Chinese defense businesses. Years ago, though, this purloined data would remain with Chinese companies for “competitive uses,” said a former senior NSA official. It was like “a gift to be used effectively” from Chinese intelligence to its defense sector partners, this person recalled. This earlier model of cooperation, however, was unidirectional, with data passed from China’s spies to its own industrial base, as part of Beijing’s race for technological parity with Washington.
But the use of private Chinese conglomerates to provide the know-how and data-processing firepower for China’s intelligence apparatus represents a new stage in this evolution, U.S. officials say. “The companies they are using are portraying themselves as large, legitimate, multinationals that have footprints across jurisdictions,” said the former Trump-era national security official. “These are not simply tiny little . . . defense contractors working inside China. They are major multinationals with footprints all over the world.” China’s “use of their private sector entities furthers not only their intelligence gathering, but processing,” said Ryan, the former top NSA official.
Key legal restrictions and cultural norms mean American spy agencies cannot induce U.S. firms to sift through the fruits of its own cyberspying; they have had to build these data analysis capabilities for themselves, U.S. officials say. And they cannot, for example, commandeer private U.S. companies’ data-processing power to help them create a composite picture of what the Chinese know about, say, U.S. government employees based on Beijing’s prior hacks. But synthesizing these parallel databases has been a priority for U.S. officials, who have worked to mirror image at least some of what they believe the Chinese possess, according to three current and former senior officials. This can be a laborious process. “It took us forever to condition” the data from the OPM breach, the current senior intelligence official said.
But when U.S. officials eventually analyzed all this data, the picture that emerged about what, in fact, the Chinese knew was not a pretty one. U.S. intelligence reporting on the subject is “sickening to your stomach,” the senior intelligence official said.
“Look at Equifax. Add Anthem, the financial stuff, Marriott, there’s nothing they don’t know about us,” said the current official, referring to a series of breaches of U.S. firms perpetrated by Chinese hackers. “We are constantly trying to mimic what they do know” about Americans who might be targets for Chinese spies, they said. “And then we marry that up with intelligence that we get about what their interests are. Then we go back and give defensive briefs” to these potential targets, the current senior official said. “That’s kind of the new business model we have right now.”
China might be testing out a “new business model” as well, Trump-era officials fear. During the first few years of the Trump administration, conversations “bounced around” at the National Security Council and within U.S. intelligence agencies on how China’s hunt for security through data—through, for instance, synthesizing data from Marriot, Equifax, OPM, and other hacked organizations to identify U.S. spies—may have converged with its larger economic objectives, according to the former Trump-era national security official. The thinking “is still relatively immature” in that area, this source said. But U.S. officials believe China may be leveraging stolen personal information to attempt to undermine the American economy, through putting companies under financial stress in strategically important business sectors, even if these companies don’t perform classified work.
These datasets might also be used to benefit Chinese businesses in other ways, officials say. “If I’m looking to expand a hotel chain or expand into the international travel market, having United Airlines, Marriot, or American Airlines customer records” could provide Chinese firms clear potential advantages “for due diligence and market research purposes,” said Kanuck, the former top U.S. cyber-focused intelligence official. Likewise, Kanuck said, the hack of Anthem could give Chinese firms obvious insights into the U.S. health care market. The massive data tranches could also be used as inputs to build better algorithms for artificial intelligence programs, officials say.
While some of this weaponized data could be derived from hacks, Trump-era officials also worried that attempted investments in U.S. firms by some Chinese businesses was aimed at gaining control over personal data in U.S. companies’ possession—which could then be passed back to the Chinese intelligence services. The Trump administration’s increased use of the Committee on Foreign Investment in the United States process—in which an interagency group reviews foreign purchases for national security threats—to block takeovers of some U.S. companies by Chinese firms was partially driven by these fears, officials say.
For American national security officials, deep worries about the Chinese government’s relationships with its world-spanning private sector companies—including telecom giants like Huawei, massive e-commerce platforms like Alibaba, and social media behemoths like ByteDance, which operates the TikTok platform—will increasingly influence the U.S.-Beijing relationship. China has already succeeded in isolating one out of every five humans on the planet from the global data ecosystem; now, in a defensive mirror image, U.S. policymakers are instituting more stringent controls aimed at segregating Americans’ data from Chinese companies—and, by extension, Beijing’s formidable intelligence apparatus.
Driven by fears over internal instability and external threats to its rule, the Chinese Communist Party has determined that data security is tantamount to regime security. But this strategy creates some internal tensions for Beijing. “The Chinese cybersecurity system today requires backdoors into every single company and individual in China,” said a former senior intelligence analyst. “And they are willing to admit that these [backdoors] could enable attackers and may decrease the cybersecurity of the companies.”
This is a trade-off China’s leaders seem willing to make, at least for now—even though these policies may catalyze an economic decoupling with China’s most important trading partner, and even though this decoupling might itself drive domestic instability. Meanwhile, the bear hug between Chinese intelligence and Chinese industry continues to squeeze together ever more tightly. After all, said the former senior intelligence analyst, “this is a country with omnipresence in its companies.”
Editor’s Note: This is the third in a three-part series. The first part covers how the data wars began between the two nations after CIA networks were uncovered in China. The second part covers how U.S. sources in China went dark at a critical moment during Xi’s rise, while Beijing’s hacking continued.
Zach Dorfman is a senior staff writer on national security and cybersecurity for Aspen Digital, a program of the Aspen Institute, and a senior fellow at Carnegie Council for Ethics in International Affairs. Twitter: @zachsdorfman