Chinese Peril

U.S. charges four Chinese military members in connection with 2017 Equifax hack
By Devlin Barrett and Matt Zapotosky

Attorney General William P. Barr charged four members of the Chinese military with the 2017 hack of credit rating agency Equifax on Feb. 10. 

The Justice Department has charged four members of the Chinese military with a 2017 hack at the credit reporting agency Equifax, a massive data breach that compromised the personal information of nearly half of all Americans.
In a nine-count indictment filed in federal court in Atlanta, federal prosecutors alleged that four members of the People’s Liberation Army hacked into Equifax’s systems, stealing the personal data as well as company trade secrets. 

Attorney General William P. Barr called their efforts “a deliberate and sweeping intrusion into the private information of the American people.”
The 2017 breach gave hackers access to the personal information, including Social Security numbers and birth dates, of about 145 million people. 

Equifax last year agreed to a $700 million settlement with the Federal Trade Commission to compensate victims. 

Those affected can ask for free credit monitoring or, if they already have such a service, a cash payout of up to $125, although the FTC has warned that a large volume of requests could reduce that amount.
Clockwise from top left: Wang Qian, Xu Ke, Wu Zhiyong and Liu Lei, picture unavailable. The four, all members of the Chinese military, were charged with computer fraud, economic espionage and wire fraud. (FBI)

At a news conference announcing the indictment, Barr said China has a “voracious appetite” for Americans’ personal information, and he pointed to other intrusions that he alleged have been carried out by Beijing’s actors in recent years, including hacks disclosed in 2015 of the health insurer Anthem and the federal Office of Personnel Management (OPM), as well as a 2018 hack of the hotel chain Marriott.
“This data has economic value, and these thefts can feed China’s development of artificial intelligence tools,” Barr said. 

The attorney general said the indictment would hold the Chinese military “accountable for their criminal actions.”

William Evanina, director of the National Counterintelligence and Security Center, characterized the breach as “a counterintelligence attack on the nation,” saying China had long been trying to gather massive amounts of Americans’ personal and sensitive data.
The Washington Post reported in 2015 that the Chinese government has been building huge databases of Americans’ personal information through hacks and making use of data-mining tools to sift through the information for compromising details about key government personnel — making them susceptible to blackmail and, thus, potential spy recruits.

The OPM intrusion, for instance, exposed the private data of more than 21 million government employees, contractors and their families, including a complete history of where they lived and all of their foreign contacts.
U.S. officials said the stolen data could be used to help Chinese intelligence agents target American intelligence officials, but they added that they have seen no evidence yet of such activity. 

Evanina said his chief concern was that Chinese intelligence agencies could use the stolen data to target those who work at universities or research firms who have access to useful information.
Barr and other U.S. law enforcement officials in recent weeks have taken a particularly aggressive posture toward China. 

Late last week, Barr warned of that country’s bid to dominate the burgeoning 5G wireless market and said the United States and its allies must “act collectively” or risk putting “their economic fate in China’s hands.”
Those charged with the Equifax hack are Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei. 

Officials said they were members of the PLA’s 54th Research Institute.
According to the indictment, in March 2017, a software firm announced a vulnerability in one of its products, but Equifax did not patch the vulnerability on its online dispute portal, which used that particular software. 

In the months that followed, the Chinese military hackers exploited that unrepaired software flaw to steal vast quantities of Equifax’s files, the indictment charges.
Officials said the hackers also took steps to cover their tracks, routing traffic through 34 servers in 20 countries to hide their location, using encrypted communication channels and wiping logs that might have given away what they were doing.
“American business cannot be complacent about protecting their data,” said FBI Deputy Director David Bowdich.
Barr said that although the Justice Department does not normally charge other countries’ military or intelligence officers outside the United States, there are exceptions, and the indiscriminate theft of civilians’ personal information “cannot be countenanced.”
In the United States, he said, “we collect information only for legitimate, national security purposes.”
None of the four is in custody, and officials acknowledged that there is little prospect they will come to the United States for trial. 

But the indictment does serve as a public shaming, and officials said that if those charged attempt to travel someday, the United States could arrest them.
“We can’t take them into custody, try them in a court of law, and lock them up — not today, anyway,” Bowdich said. 

“But one day, these criminals will slip up, and when they do, we’ll be there.”
The case marks the second time the Justice Department has unsealed a criminal indictment against PLA hackers for targeting U.S. commercial interests. 

In 2014, the Obama administration announced an indictment against five suspected PLA hackers for allegedly breaking into the computer systems of a host of American manufacturers.

U.S.'s 5,025,817 Chinese Spies

FBI points to China as biggest U.S. law-enforcement threat

Top U.S. officials to spotlight Chinese spy operations, pursuit of American secrets

By Mark Hosenball

U.S. Attorney General William Barr arrives for U.S. President Donald Trump's State of the Union address to a joint session of the U.S. Congress in the House Chamber of the U.S. Capitol in Washington, U.S. February 4, 2020. 

WASHINGTON -- An aggressive campaign by American authorities to root out Chinese espionage operations in the United States has snared a growing group of Chinese government officials, business people, and academics pursuing American secrets.
In 2019 alone, public records show U.S. authorities arrested and expelled two Chinese diplomats who drove onto a military base in Virginia. 

They also caught and jailed former CIA and Defense Intelligence Agency officials on espionage charges linked to China.
On Thursday, U.S. Attorney General William Barr, FBI director Christopher Wray and U.S. counterintelligence chief William Evanina will address a Washington conference on U.S. efforts to counter Chinese economic malfeasance involving espionage and the theft of U.S. technological and scientific secrets.
China’s efforts to steal unclassified American technology, ranging from military secrets to medical research, have long been extensive and aggressive, but U.S. officials only launched a broad effort to stop Chinese espionage in the United States in 2018.
“The theft of American trade secrets by China costs our nation anywhere from $300 to $600 billion in a year,” Evanina, director of the National Counterintelligence and Security Center, said in advance of Thursday’s conference.

Of 137 publicly reported instances of Chinese-linked espionage against the United States since 2000, 73% took place in the last decade, according to the Washington-based Center for Strategic and International Studies (CSIS).
The think-tank’s data, which excludes cases of intellectual property litigation and attempts to smuggle munitions or controlled technologies, shows that military and commercial technologies are the most common targets for theft.
In the area of medical research, of 180 investigations into misuse of National Institutes of Health funds, diversion of research intellectual property and inappropriate sharing of confidential information, more than 90% of the cases have links to China, according to an NIH spokeswoman.
One main reason Chinese espionage, including extensive hacking in cyberspace, has expanded is that “China depends on Western technology and as licit avenues are closed, they turn to espionage to get access,” said James Lewis, a CSIS expert.

The Harvard Connection
In late January alone, federal prosecutors in Boston announced three new criminal cases involving industrial spying or stealing, including charges against a Harvard professor.
Prosecutors said Harvard’s Charles Lieber lied to the Pentagon and NIH about his involvement in the Thousand Talents Plan -- a Chinese government scheme that offers mainly Chinese scientists working overseas lavish financial incentives to bring their expertise and knowledge back to China. 

Lieber also lied about his affiliation with China’s Wuhan University of Technology.
During at least part of the time he was signed up with the Chinese university, Lieber was also a “principal investigator” working on at least six research projects funded by U.S. Defense Department agencies, court documents show.
A lawyer for Lieber did not respond to a request for comment.

Linked In Spying for China

China is using LinkedIn to recruit Americans

By Warren Strobel, Jonathan Landay

Chinese spy nest

WASHINGTON -- The United States’ top spy catcher said Chinese espionage agencies are using fake LinkedIn accounts to try to recruit Americans with access to government and commercial secrets, and the company should shut them down.
William Evanina, the U.S. counter-intelligence chief, told Reuters in an interview that intelligence and law enforcement officials have told LinkedIn, owned by Microsoft Corp., about China’s “super aggressive” efforts on the site.
He said the Chinese campaign includes contacting thousands of LinkedIn members at a time, but he declined to say how many fake accounts U.S. intelligence had discovered, how many Americans may have been contacted and how much success China has had in the recruitment drive.
German and British authorities have previously warned their citizens that Beijing is using LinkedIn to try to recruit them as spies. 

But this is the first time a U.S. official has publicly discussed the challenge in the United States and indicated it is a bigger problem than previously known.
Evanina said LinkedIn should look at copying the response of Twitter, Google and Facebook, which have all purged fake accounts allegedly linked to Iranian and Russian intelligence agencies.
“I recently saw that Twitter is cancelling, I don’t know, millions of fake accounts, and our request would be maybe LinkedIn could go ahead and be part of that,” said Evanina, who heads the U.S. National Counter-Intelligence and Security Center.
It is highly unusual for a senior U.S. intelligence official to single out an American-owned company by name and publicly recommend it take action. 

LinkedIn boasts 562 million users in more than 200 counties and territories, including 149 million U.S. members.
Evanina did not, however, say whether he was frustrated by LinkedIn’s response or whether he believes it has done enough.
LinkedIn’s head of trust and safety, Paul Rockwell, confirmed the company had been talking to U.S. law enforcement agencies about Chinese espionage efforts. 

Earlier this month, LinkedIn said it had taken down “less than 40” fake accounts whose users were attempting to contact LinkedIn members associated with unidentified political organizations. Rockwell did not say whether those were Chinese accounts.
“We are doing everything we can to identify and stop this activity,” Rockwell told Reuters. 

“We’ve never waited for requests to act and actively identify bad actors and remove bad accounts using information we uncover and intelligence from a variety of sources including government agencies.”
Rockwell declined to provide numbers of fake accounts associated with Chinese intelligence agencies. 

He said the company takes “very prompt action to restrict accounts and mitigate and stop any essential damage that can happen” but gave no details.
LinkedIn “is a victim here,” Evanina said. 

“I think the cautionary tale ... is, ‘You are going to be like Facebook. Do you want to be where Facebook was this past spring with congressional testimony, right?’” he said, referring to lawmakers’ questioning of Facebook CEO Mark Zuckerberg on Russia’s use of Facebook to meddle in the 2016 U.S. elections.

EX-CIA OFFICER ENSNARED
Evanina said he was speaking out in part because of the case of Kevin Mallory, a retired CIA officer convicted in June of conspiring to commit espionage for China.
A fluent Mandarin speaker, Mallory was struggling financially when he was contacted via a LinkedIn message in February 2017 by a Chinese posing as a headhunter, according to court records and trial evidence.
The individual, using the name Richard Yang, arranged a telephone call between Mallory and a man claiming to work at a Shanghai think tank.
During two subsequent trips to Shanghai, Mallory agreed to sell U.S. defence secrets -- sent over a special cellular device he was given -- even though he assessed his Chinese contacts to be intelligence officers, according to the U.S. government’s case against him. 

He is due to be sentenced in September and could face life in prison.
While Russia, Iran, North Korea and other nations also use LinkedIn and other platforms to identify recruitment targets, the U.S. intelligence officials said China is the most prolific and poses the biggest threat.
U.S. officials said China’s Ministry of State Security has “co-optees” -- individuals who are not employed by intelligence agencies but work with them -- set up fake accounts to approach potential recruits.
The targets include experts in fields such as supercomputing, nuclear energy, nanotechnology, semi-conductors, stealth technology, health care, hybrid grains, seeds and green energy.
Chinese intelligence uses bribery or phony business propositions in its recruitment efforts. 

Academics and scientists, for example, are offered payment for scholarly or professional papers and, in some cases, are later asked or pressured to pass on U.S. government or commercial secrets.
Some of those who set up fake accounts have been linked to IP addresses associated with Chinese intelligence agencies, while others have been set up by bogus companies, including some that purport to be in the executive recruiting business, said a senior U.S. intelligence official, who requested anonymity in order to discuss the matter.
The official said “some correlation” has been found between Americans targeted through LinkedIn and data hacked from the Office of Personnel Management, a U.S. government agency, in attacks in 2014 and 2015.
The hackers stole sensitive private information, such as addresses, financial and medical records, employment history and fingerprints, of more than 22 million Americans who had undergone background checks for security clearances.
The United States identified China as the leading suspect in the massive hacking.

UNPARALLELED SPYING EFFORT
About 70 percent of China’s overall espionage is aimed at the U.S. private sector, rather than the government, said Joshua Skule, the head of the FBI’s intelligence division, which is charged with countering foreign espionage in the United States.
“They are conducting economic espionage at a rate that is unparalleled in our history,” he said.
Five current and former U.S. officials -- including Mallory -- have been charged with or convicted of spying for China in the past two and a half years.
He indicated that additional cases of suspected espionage for China by U.S. citizens are being investigated, but declined to provide details.
U.S. intelligence services are alerting current and former officials to the threat and telling them what security measures they can take to protect themselves.
Some current and former officials post significant details about their government work history online -- even sometimes naming classified intelligence units that the government does not publicly acknowledge.
LinkedIn “is a very good site,” Evanina said. 

“But it makes for a great venue for China to target not only individuals in the government, formers, former CIA folks, but academics, scientists, engineers, anything they want. It’s the ultimate playground for collection.”

"China is our number one adversary with respect to economic espionage." -- William Evanina

Top U.S. Spymaster Warns American Firms About Deals With China

By Sara Forden and David McLaughlin

The top U.S. counterintelligence official said American firms need to be cognizant of the national security risks that could arise from selling to Chinese buyers or entering into joint ventures with them.
William Evanina, the Director of the National Counterintelligence and Security Center, said it’s understandable that executives and owners of American companies want to do the most lucrative deals, but they don’t always understand the potential risks to national security.
Evanina’s comments come as the Trump administration and lawmakers in Washington move to toughen the framework for reviewing acquisitions by Chinese investors.
"China is our number one adversary with respect to economic espionage," Evanina said in an interview at Bloomberg in Washington Thursday. 

"Their ability to steal proprietary information and trade secrets is proficient and it’s aggressive."
Evanina’s comments show the extent of concern within the U.S. intelligence community about China’s push to acquire U.S. technology. 

A slew of proposed deals by Chinese investors have struggled to gain approval from a secretive panel that reviews takeovers by foreign buyers for national security threats.
Among the deals under review by the Committee on Foreign Investment in the U.S. are MoneyGram International Inc.’s proposed sale to Ant Financial, the financial-services company controlled by Chinese billionaire Jack Ma, and Genworth Financial Inc.’s $2.7 billion sale to China Oceanwide Holdings Group Co.

Broken Deals
Several proposed takeovers by Chinese investors have fallen apart over opposition from CFIUS. 

The latest came Tuesday when Chinese investors, led by digital-map provider NavInfo Co., called off plans to buy a stake in counterpart HERE Technologies. 

Earlier this month, U.S. President Donald Trump blocked a China-backed takeover of Lattice Semiconductor Corp. on the recommendation of the panel.
Evanina outlined a scenario in which the sale of a defense-based technology company could harm the U.S.’s ability to ensure supplies for military equipment such as fighter jets and ships.
"That’s where we have to be really creative to explain that this is a national security threat," he said. "It’s something we have to continue to drive, especially when it involves technology."
Congress is planning to reshape the CFIUS framework as concerns about China’s deal-making have intensified in Washington. 

Republican Senator John Cornyn of Texas, who has warned that Chinese investment has the potential to undermine U.S. military capabilities, says CFIUS should have broader scope to review foreign takeovers. 

The panel should examine joint ventures and minority stakes, not just acquisitions, he said at a June speech in Washington.
Evanina said he supported reforming how CFIUS works.
"The CFIUS process is old, antiquated and it’s being reformatted," he said. 

"There are a lot of people in the government working very hard to make it a useful tool for what we want to do."