Chinese Peril

U.S. charges four Chinese military members in connection with 2017 Equifax hack
By Devlin Barrett and Matt Zapotosky

Attorney General William P. Barr charged four members of the Chinese military with the 2017 hack of credit rating agency Equifax on Feb. 10. 

The Justice Department has charged four members of the Chinese military with a 2017 hack at the credit reporting agency Equifax, a massive data breach that compromised the personal information of nearly half of all Americans.
In a nine-count indictment filed in federal court in Atlanta, federal prosecutors alleged that four members of the People’s Liberation Army hacked into Equifax’s systems, stealing the personal data as well as company trade secrets. 

Attorney General William P. Barr called their efforts “a deliberate and sweeping intrusion into the private information of the American people.”
The 2017 breach gave hackers access to the personal information, including Social Security numbers and birth dates, of about 145 million people. 

Equifax last year agreed to a $700 million settlement with the Federal Trade Commission to compensate victims. 

Those affected can ask for free credit monitoring or, if they already have such a service, a cash payout of up to $125, although the FTC has warned that a large volume of requests could reduce that amount.
Clockwise from top left: Wang Qian, Xu Ke, Wu Zhiyong and Liu Lei, picture unavailable. The four, all members of the Chinese military, were charged with computer fraud, economic espionage and wire fraud. (FBI)

At a news conference announcing the indictment, Barr said China has a “voracious appetite” for Americans’ personal information, and he pointed to other intrusions that he alleged have been carried out by Beijing’s actors in recent years, including hacks disclosed in 2015 of the health insurer Anthem and the federal Office of Personnel Management (OPM), as well as a 2018 hack of the hotel chain Marriott.
“This data has economic value, and these thefts can feed China’s development of artificial intelligence tools,” Barr said. 

The attorney general said the indictment would hold the Chinese military “accountable for their criminal actions.”

William Evanina, director of the National Counterintelligence and Security Center, characterized the breach as “a counterintelligence attack on the nation,” saying China had long been trying to gather massive amounts of Americans’ personal and sensitive data.
The Washington Post reported in 2015 that the Chinese government has been building huge databases of Americans’ personal information through hacks and making use of data-mining tools to sift through the information for compromising details about key government personnel — making them susceptible to blackmail and, thus, potential spy recruits.

The OPM intrusion, for instance, exposed the private data of more than 21 million government employees, contractors and their families, including a complete history of where they lived and all of their foreign contacts.
U.S. officials said the stolen data could be used to help Chinese intelligence agents target American intelligence officials, but they added that they have seen no evidence yet of such activity. 

Evanina said his chief concern was that Chinese intelligence agencies could use the stolen data to target those who work at universities or research firms who have access to useful information.
Barr and other U.S. law enforcement officials in recent weeks have taken a particularly aggressive posture toward China. 

Late last week, Barr warned of that country’s bid to dominate the burgeoning 5G wireless market and said the United States and its allies must “act collectively” or risk putting “their economic fate in China’s hands.”
Those charged with the Equifax hack are Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei. 

Officials said they were members of the PLA’s 54th Research Institute.
According to the indictment, in March 2017, a software firm announced a vulnerability in one of its products, but Equifax did not patch the vulnerability on its online dispute portal, which used that particular software. 

In the months that followed, the Chinese military hackers exploited that unrepaired software flaw to steal vast quantities of Equifax’s files, the indictment charges.
Officials said the hackers also took steps to cover their tracks, routing traffic through 34 servers in 20 countries to hide their location, using encrypted communication channels and wiping logs that might have given away what they were doing.
“American business cannot be complacent about protecting their data,” said FBI Deputy Director David Bowdich.
Barr said that although the Justice Department does not normally charge other countries’ military or intelligence officers outside the United States, there are exceptions, and the indiscriminate theft of civilians’ personal information “cannot be countenanced.”
In the United States, he said, “we collect information only for legitimate, national security purposes.”
None of the four is in custody, and officials acknowledged that there is little prospect they will come to the United States for trial. 

But the indictment does serve as a public shaming, and officials said that if those charged attempt to travel someday, the United States could arrest them.
“We can’t take them into custody, try them in a court of law, and lock them up — not today, anyway,” Bowdich said. 

“But one day, these criminals will slip up, and when they do, we’ll be there.”
The case marks the second time the Justice Department has unsealed a criminal indictment against PLA hackers for targeting U.S. commercial interests. 

In 2014, the Obama administration announced an indictment against five suspected PLA hackers for allegedly breaking into the computer systems of a host of American manufacturers.

Nation of Thieves

Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing
By David E. Sanger, Nicole Perlroth, Glenn Thrush and Alan Rappeport

A Chinese ship near Los Angeles. On Tuesday, President Trump said the United States and China were having “very productive conversations” on trade.

WASHINGTON — The cyberattack on the Marriott hotel chain that collected personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation.
The hackers, they said, are working on behalf of the Ministry of State Security, the country’s Communist-controlled civilian spy agency. 

The discovery comes as the Trump administration is planning actions targeting China’s trade, cyber and economic policies, perhaps within days.
Those moves include indictments against Chinese hackers working for the intelligence services and the military, according to four government officials who spoke on the condition of anonymity. 

The Trump administration also plans to declassify intelligence reports to reveal Chinese efforts dating to at least 2014 to build a database containing names of executives and American government officials with security clearances.
Other options include an executive order intended to make it harder for Chinese companies to obtain critical components for telecommunications equipment, a senior American official with knowledge of the plans said.
The moves stem from a growing concern within the administration that the 90-day trade truce negotiated two weeks ago by President Trump and Xi Jinping in Buenos Aires might do little to change China’s behavior — including the coercion of American companies to hand over valuable technology if they seek to enter the Chinese market, as well as the theft of industrial secrets on behalf of state-owned companies.
The hacking of Marriott’s Starwood chain, which was discovered only in September and revealed late last month, is not expected to be part of the coming indictments. 

But two of the government officials said that it has added urgency to the administration’s crackdown, given that Marriott is the top hotel provider for American government and military personnel.
It also is a prime example of what has vexed the Trump administration as China has reverted over the past 18 months to the kind of intrusions into American companies and government agencies that Barack Obama thought he had ended in 2015 in an agreement with Chinese Xi.
Trade negotiators on both sides of the Pacific have been working on an agreement under which China would commit to purchasing $1.2 trillion more of American goods and services over the next several years, and would address intellectual property concerns.
Trump said Tuesday that the United States and China were having “very productive conversations” as top American and Chinese officials held their first talks via telephone since the two countries agreed to a truce on Dec. 1.
But while top administration officials insist that the trade talks are proceeding on a separate track, the broader crackdown on China could undermine Mr. Trump’s ability to reach an agreement with Xi.

Another obstacle is the targeting of high-profile technology executives, like Meng Wanzhou, the chief financial officer of the communications giant Huawei and daughter of its founder.
The arrest of Meng, who has been detained in Canada on suspicion of fraud involving violations of United States sanctions against Iran, has angered China. 

She was granted bail of 10 million Canadian dollars, or $7.5 million, while awaiting extradition to the United States, a Canadian judge ruled on Tuesday.
Trump, in an interview on Tuesday with Reuters, said that he would consider intervening in the Huawei case if it would help serve national security and help get a trade deal done with China. 

Such a move would essentially pit Trump against his own Justice Department, which coordinated with Canada to arrest Meng as she changed planes in Vancouver, British Columbia.
“If I think it’s good for what will be certainly the largest trade deal ever made — which is a very important thing — what’s good for national security — I would certainly intervene if I thought it was necessary,” Trump said.
American business leaders have been bracing for retaliation from China, which has demanded the immediate release of Meng and accused both the United States and Canada of violating her rights.
On Tuesday, the International Crisis Group said that one of its employees, a former Canadian diplomat, had been detained in China. 

The disappearance of the former diplomat, Michael Kovrig, could further inflame tensions between China and Canada.
“We are doing everything possible to secure additional information on Michael’s whereabouts, as well as his prompt and safe release,” the group said in a statement on its website.
From the first revelation that the Marriott chain’s computer systems had been breached, there was widespread suspicion in both Washington and among cybersecurity firms that the hacking was not a matter of commercial espionage, but part of a much broader spy campaign to amass Americans’ personal data.
While American intelligence agencies have not reached a final assessment of who performed the hacking, a range of firms brought in to assess the damage quickly saw computer code and patterns familiar to operations by Chinese actors.
The Marriott database contains not only credit card information but passport data. 

Lisa Monaco, a former homeland security adviser under Obama, noted last week at a conference that passport information would be particularly valuable in tracking who is crossing borders and what they look like, among other key data.
But officials on Tuesday said it was only part of an aggressive operation whose centerpiece was the 2014 hacking into the Office of Personnel Management. 

At the time, the government bureau loosely guarded the detailed forms that Americans fill out to get security clearances — forms that contain financial data; information about spouses, children and past romantic relationships; and any meetings with foreigners.
Such information is exactly what the Chinese use to root out spies, recruit intelligence agents and build a rich repository of Americans’ personal data for future targeting. 

With those details and more that were stolen from insurers like Anthem, the Marriott data adds another critical element to the intelligence profile: travel habits.
James A. Lewis, a cybersecurity expert at the Center for Strategic Studies in Washington, said the Chinese have collected “huge pots of data” to feed a Ministry of State Security database seeking to identify American spies — and the Chinese people talking to them.
“Big data is the new wave for counterintelligence,” Mr. Lewis said.
“It’s big-data hoovering,” said Dmitri Alperovitch, the chief technology officer at CrowdStrike, who first highlighted Chinese hacking as a threat researcher in 2011. 

“This data is all going back to a data lake that can be used for counterintelligence, recruiting new assets, anticorruption campaigns or future targeting of individuals or organizations.”
In the Marriott case, Chinese spies stole passport numbers for up to 327 million people — many of whom stayed at Sheraton, Westin and W hotels and at other Starwood-branded properties. 

But Marriott has not said if it would pay to replace those passports, an undertaking that would cost tens of billions of dollars.
Instead, Connie Kim, a Marriott spokeswoman, said the hotel chain would cover the cost of replacement if “fraud has taken place.” 

That means the company would not cover the cost of having exposed private data to the Chinese intelligence agencies if they did not use it to conduct commercial transactions — even though that is a breach of privacy and, perhaps, security.
And even for those guests who did not have passport information on file with the hotels, their phone numbers, birth dates and itineraries remain vulnerable.
That data, Mr. Lewis and others said, can be used to track which Chinese citizens visited the same city, or hotel, as an American intelligence agent who was identified in data taken from the Office of Personnel Management or from American health insurers that document patients’ medical histories and Social Security numbers.
The effort to amass Americans’ personal information so alarmed government officials that in 2016, the Obama administration threatened to block a $14 billion bid by China’s Anbang Insurance Group Co. to acquire Starwood Hotel & Resorts Worldwide, according to one former official familiar with the work of the Committee on Foreign Investments in the United States, a secretive government body that reviews foreign acquisitions.
Ultimately, the failed bid cleared the way later that year for Marriott Hotels to acquire Starwood for $13.6 billion, becoming the world’s largest hotel chain.
As it turned out, it was too late: Starwood’s data had already been stolen by Chinese, though the breach was not discovered until this past summer, and was disclosed by Marriott on Nov. 30.
It is unclear that any kind of trade agreement reached with China by the Trump administration can address this kind of theft.
The Chinese regard intrusions into hotel chain databases as a standard kind of espionage. 

And the Office of Personnel Management hacking was viewed by American intelligence officials with admiration. 

“One thing is very clear to me, and it is that they are not going to stop this,” Mr. Alperovitch said.
Since 2012, analysts at the National Security Agency and its British counterpart, the GCHQ, have watched with growing alarm as sophisticated Chinese hackers, based in Tianjin, began switching targets from companies and government agencies in the defense, energy and aerospace sectors to organizations that housed troves of Americans’ personal information.

Linked In Spying for China

China is using LinkedIn to recruit Americans

By Warren Strobel, Jonathan Landay

Chinese spy nest

WASHINGTON -- The United States’ top spy catcher said Chinese espionage agencies are using fake LinkedIn accounts to try to recruit Americans with access to government and commercial secrets, and the company should shut them down.
William Evanina, the U.S. counter-intelligence chief, told Reuters in an interview that intelligence and law enforcement officials have told LinkedIn, owned by Microsoft Corp., about China’s “super aggressive” efforts on the site.
He said the Chinese campaign includes contacting thousands of LinkedIn members at a time, but he declined to say how many fake accounts U.S. intelligence had discovered, how many Americans may have been contacted and how much success China has had in the recruitment drive.
German and British authorities have previously warned their citizens that Beijing is using LinkedIn to try to recruit them as spies. 

But this is the first time a U.S. official has publicly discussed the challenge in the United States and indicated it is a bigger problem than previously known.
Evanina said LinkedIn should look at copying the response of Twitter, Google and Facebook, which have all purged fake accounts allegedly linked to Iranian and Russian intelligence agencies.
“I recently saw that Twitter is cancelling, I don’t know, millions of fake accounts, and our request would be maybe LinkedIn could go ahead and be part of that,” said Evanina, who heads the U.S. National Counter-Intelligence and Security Center.
It is highly unusual for a senior U.S. intelligence official to single out an American-owned company by name and publicly recommend it take action. 

LinkedIn boasts 562 million users in more than 200 counties and territories, including 149 million U.S. members.
Evanina did not, however, say whether he was frustrated by LinkedIn’s response or whether he believes it has done enough.
LinkedIn’s head of trust and safety, Paul Rockwell, confirmed the company had been talking to U.S. law enforcement agencies about Chinese espionage efforts. 

Earlier this month, LinkedIn said it had taken down “less than 40” fake accounts whose users were attempting to contact LinkedIn members associated with unidentified political organizations. Rockwell did not say whether those were Chinese accounts.
“We are doing everything we can to identify and stop this activity,” Rockwell told Reuters. 

“We’ve never waited for requests to act and actively identify bad actors and remove bad accounts using information we uncover and intelligence from a variety of sources including government agencies.”
Rockwell declined to provide numbers of fake accounts associated with Chinese intelligence agencies. 

He said the company takes “very prompt action to restrict accounts and mitigate and stop any essential damage that can happen” but gave no details.
LinkedIn “is a victim here,” Evanina said. 

“I think the cautionary tale ... is, ‘You are going to be like Facebook. Do you want to be where Facebook was this past spring with congressional testimony, right?’” he said, referring to lawmakers’ questioning of Facebook CEO Mark Zuckerberg on Russia’s use of Facebook to meddle in the 2016 U.S. elections.

EX-CIA OFFICER ENSNARED
Evanina said he was speaking out in part because of the case of Kevin Mallory, a retired CIA officer convicted in June of conspiring to commit espionage for China.
A fluent Mandarin speaker, Mallory was struggling financially when he was contacted via a LinkedIn message in February 2017 by a Chinese posing as a headhunter, according to court records and trial evidence.
The individual, using the name Richard Yang, arranged a telephone call between Mallory and a man claiming to work at a Shanghai think tank.
During two subsequent trips to Shanghai, Mallory agreed to sell U.S. defence secrets -- sent over a special cellular device he was given -- even though he assessed his Chinese contacts to be intelligence officers, according to the U.S. government’s case against him. 

He is due to be sentenced in September and could face life in prison.
While Russia, Iran, North Korea and other nations also use LinkedIn and other platforms to identify recruitment targets, the U.S. intelligence officials said China is the most prolific and poses the biggest threat.
U.S. officials said China’s Ministry of State Security has “co-optees” -- individuals who are not employed by intelligence agencies but work with them -- set up fake accounts to approach potential recruits.
The targets include experts in fields such as supercomputing, nuclear energy, nanotechnology, semi-conductors, stealth technology, health care, hybrid grains, seeds and green energy.
Chinese intelligence uses bribery or phony business propositions in its recruitment efforts. 

Academics and scientists, for example, are offered payment for scholarly or professional papers and, in some cases, are later asked or pressured to pass on U.S. government or commercial secrets.
Some of those who set up fake accounts have been linked to IP addresses associated with Chinese intelligence agencies, while others have been set up by bogus companies, including some that purport to be in the executive recruiting business, said a senior U.S. intelligence official, who requested anonymity in order to discuss the matter.
The official said “some correlation” has been found between Americans targeted through LinkedIn and data hacked from the Office of Personnel Management, a U.S. government agency, in attacks in 2014 and 2015.
The hackers stole sensitive private information, such as addresses, financial and medical records, employment history and fingerprints, of more than 22 million Americans who had undergone background checks for security clearances.
The United States identified China as the leading suspect in the massive hacking.

UNPARALLELED SPYING EFFORT
About 70 percent of China’s overall espionage is aimed at the U.S. private sector, rather than the government, said Joshua Skule, the head of the FBI’s intelligence division, which is charged with countering foreign espionage in the United States.
“They are conducting economic espionage at a rate that is unparalleled in our history,” he said.
Five current and former U.S. officials -- including Mallory -- have been charged with or convicted of spying for China in the past two and a half years.
He indicated that additional cases of suspected espionage for China by U.S. citizens are being investigated, but declined to provide details.
U.S. intelligence services are alerting current and former officials to the threat and telling them what security measures they can take to protect themselves.
Some current and former officials post significant details about their government work history online -- even sometimes naming classified intelligence units that the government does not publicly acknowledge.
LinkedIn “is a very good site,” Evanina said. 

“But it makes for a great venue for China to target not only individuals in the government, formers, former CIA folks, but academics, scientists, engineers, anything they want. It’s the ultimate playground for collection.”

Chinese hackers secured a trove of highly sensitive data on submarine warfare

Chinese Hackers Steal Unclassified Data From Navy Contractor

By Helene Cooper

Defense Secretary Jim Mattis recently disinvited the Chinese military from a large, multinational naval exercise this summer.

WASHINGTON — China has stolen sensitive data related to naval warfare from the computers of a Navy contractor, American officials said on Friday, in another step in the long-running cyberwar between two global adversaries.
The breach occurred this year, the officials said, when Chinese government hackers infiltrated the computers of a company working on a Navy submarine and underwater programs contract. 

The company, which was not identified, was doing work for the Naval Undersea Warfare Center, which is based in Newport, R.I.
Officials said that the data gleaned by China was unclassified.
Navy officials declined to speak publicly about the hack, which was first reported by The Washington Post.
But in a statement, Lt. Marycate Walsh, a Navy spokeswoman, cited “measures in place that require companies to notify the government when a cyberincident has occurred that has actual or potential adverse effects on their networks that contain controlled unclassified information.”
She said it would be “inappropriate to discuss further details at this time.”
China and the United States have been locked in an escalating fight over cyber and military technology, with Beijing making rapid gains in recent years. 

American officials — from both the Trump administration and the Obama administration before it — concede that Washington has struggled to deter Chinese hacking, and have predicted the cyberattacks will increase until the United States finds a way to curb them.
The theft of the Navy system is hardly the largest, or the most sensitive, of the designs and systems stolen by Chinese hackers over the years. 

But it underscores a lesson the American government keeps learning: No matter how fast the government moves to shore up it cyberdefenses, and those of the defense industrial base, the cyberattackers move faster.
The plans for the F-35, the nation’s most expensive fighter jet in history, were taken more than a decade ago, and the Chinese model looks like an almost exact replica of its American inspiration.
A People’s Liberation Army unit, known as Unit 61398, was filled with skilled hackers who purloined corporate trade secrets to benefit Chinese state-owned industry. 

But many of its targets were defense related as well. 

Members of the unit were indicted in the last two years of the Obama administration, but none are likely to come back to the United States to stand trial.
The most sophisticated hack of American data took place at the Office of Personnel Management. 

It lost the files of about 21.5 million Americans who had filed extensive questionnaires for their security clearances. 

The forms listed far more than Social Security numbers and birth dates. 

They detailed medical and financial histories; past relationships; and details about children, parents and friends, particularly non-United States citizens.

The office stored much of the data at the Interior Department and encrypted nearly none of it. 

So when the Chinese copied it in a highly sophisticated operation, they were prepared to use big data techniques to draw a map of the American elite, who worked on which projects and who knew whom. 

The loss was so severe that American intelligence agencies canceled the deployment of new officers to China.

Lieutenant Walsh said that the Navy treated “the broader intrusion against our contractors very seriously.”
“If such an intrusion were to occur, the appropriate parties would be looking at the specific incident, taking measures to protect current info, and mitigating the impacts that might result from any information that might have been compromised,” she said.
The United States and China are wrangling over trade issues but also jointly looking to rein in North Korea’s nuclear ambitions. 

Donald Trump is headed to Singapore this weekend for a June 12 summit meeting with North Korea’s leader, Kim Jong-un.
The United States and China are also tangling over Beijing’s militarization of disputed islands in the South China Sea.
Last week, Defense Secretary Jim Mattis harshly criticized the Chinese government for continuing to militarize a string of islands in the South China Sea, calling the presence of advanced military equipment and missiles there a flagrant show of military power.
To add muscle to American complaints, Mr. Mattis recently disinvited the Chinese military from a large, multinational naval exercise this summer — in part because of the anti-ship and surface-to-air missiles, and other weapons, that China has positioned on the Spratly Islands.
A United States official, speaking on the condition of anonymity because he was not allowed to be identified in discussing the issue, said the Navy was investigating the breach with the help of the F.B.I.

Ex-CIA Officer’s Case Highlights Fears About Reach of Chinese Spying

China is seeking to cultivate former U.S. intelligence officers with security clearances—and personal problems
By Aruna Viswanatha and Dustin Volz

China is targeting former U.S. intelligence officers with security clearances—and personal problems to obtain access to sensitive information. 

ALEXANDRIA, Va.—Former U.S. intelligence officer Kevin Mallory was months behind on his mortgage, $30,000 in debt, and getting financial help from his church, when Chinese agents approached him in 2017 to work for them, according to testimony at his espionage trial this past week.
“This is the choice Mallory made,” Assistant U.S. Attorney Jennifer Gellie said, telling jurors that the military veteran, who has worked for the Central Intelligence Agency and the Defense Intelligence Agency, sold top secret information about DIA’s priorities to a Chinese intelligence agent.
Mallory has pleaded not guilty and said he only developed the relationship with the Chinese agent so he could turn him over to his former colleagues.
The case highlights a concern by U.S. officials that China is employing increasingly targeted efforts to cultivate former U.S. intelligence officers with security clearances—and personal problems—in an effort to obtain access to sensitive information.
Earlier this week, another former DIA officer, Ron Hansen of Utah, was charged with trying to provide classified information to Chinese agents and smuggling technology to them.
Hansen—who served in the Army for more than 20 years, worked as a DIA case officer and spoke fluent Mandarin and Russian—was arrested near Seattle-Tacoma International Airport on Saturday as he was on his way to board a flight to China.
Prosecutors accused Hansen, 58, of working with two Chinese intelligence officers to try to elicit classified information from his former DIA colleagues.
Hansen couldn’t be reached to comment, and a lawyer hasn’t yet appeared in court on his behalf.
Like Mallory, Hansen was deeply in debt. 
One of his companies, which prosecutors described as providing cloud-computing IT services, reported $1.1 million in losses in 2014, and Hansen had carried more than $150,000 in personal debt since 2012, according to the complaint filed against him.
In late 2016, he started borrowing funds against the credit cards of his family members, prosecutors said.
Dean Boyd, spokesman for the National Counterintelligence and Security Center, said Chinese intelligence services are targeting current and former U.S. intelligence officials “with money, business opportunities and other methods of recruitment.”
“Although a spate of espionage-related investigations and prosecutions have hit the news of late, this is not a new problem, but one that remains a persistent and constant challenge,” Mr. Boyd said, adding that China’s intelligence services “are particularly aggressive actors.”
The Chinese government has vast resources for this purpose, said Larry Pfeiffer, a former chief of staff at the CIA and now a senior adviser at the Chertoff Group, a security consulting firm.
Other countries, including Russia, often have similar intent but lack Beijing’s limitless supply of intelligence officers and money.
“Money is one of the classic enticements,” Mr. Pfeiffer said.
“There are a handful of things that people will turn against their country for, and money is one of them.”
Mr. Pfeiffer and other former U.S. intelligence officials said China is further aided by its theft of sensitive data on current and former government employees from the Office of Personnel Management. 
The breach of the federal agency by Chinese hackers, disclosed in 2015, boosted Chinese efforts to zero in on U.S. intelligence officers. 
There is no public indication that Chinese agents targeted Mallory or Hansen with information specifically from the OPM breach.
An FBI spokesman declined to comment.
China has generally avoided commenting specifically on the cases.
DIA is an intelligence agency that provides the Defense Department with military intelligence information.
Over a week of testimony in the Mallory case, prosecutors have laid out a case they said shows the former CIA officer was approached in a textbook manner by Chinese intelligence agents and responded as a recruited spy would.
Ms. Gellie, the prosecutor, read messages that Mallory allegedly exchanged with the Chinese agent, who described how he would reimburse Mallory and said he was concerned about Mallory’s safety. Former DIA official Michael Higgins, on the witness stand, said this fit the pattern of Chinese intelligence operations.
“It makes perfect sense,” he said, repeatedly, as Ms. Gellie recounted the messages.
In an opening statement and through cross-examination, Mallory’s lawyers acknowledged his financial troubles.
A CIA employee whom Mallory contacted about the Chinese agent testified against him last week, saying he knew of Mallory’s financial troubles because they attended the same Chinese congregation of the Church of Jesus Christ of Latter-day Saints.
“I wrote the checks,” said the witness, Ralph Stephenson, referring to checks from the church to needy members that Mallory had received.
He also said he found Mallory’s outreach extremely inappropriate and informed security.
Mallory’s lawyers argued that Mallory had good intentions in continuing to meet with the Chinese agent and that he had spoken to CIA employees to inform them of his relationship to the agent.
“Mallory knocked on the front door to tell the CIA what he knew,” said his lawyer, Geremy Kamens.
“If he was motivated by money, he would have kept his mouth shut.”
Hansen, too, was arrested after discussing his Chinese contacts with FBI and DIA officials.
He approached FBI agents in 2015 and proposed acting as a double agent of sorts, providing the U.S. with information about Chinese intelligence, the complaint against him said.
The FBI had already begun an investigation into Hansen in 2014, the document said.
The investigation picked up in 2016 after Hansen approached a former DIA associate, who reported the outreach and became a confidential informant for the FBI.
Prosecutors said Hansen tried to get this informant to provide information on “U.S. positions related to North Korea, South Korea and China,” telling the informant that Chinese agents could pay for the information.
The informant met with Hansen and provided him with classified information just moments before Hansen was arrested, prosecutors said.

China grabbed American as spy wars flare

A focus on Russia overshadows Beijing's aggressive tactics, including the kidnapping of a suspected American operative.
By ALI WATKINS


Both Chinese and U.S. officials kept quiet about the previously unreported incident, described to POLITICO and confirmed by multiple U.S. officials.

The sun was setting over Chengdu when they grabbed the American.
It was January 2016.
The U.S. official had been working out of the American consulate in the central Chinese metropolis of more than 10 million.
He may not have seen the plainclothes Chinese security services coming before they jumped him.
In seconds he was grabbed off the Chengdu street and thrown into a waiting van.
The Chinese officials drove their captive — whom they believed to be a CIA officer — to a security facility where he was interrogated for hours, and, according to one U.S. official, filmed confessing to unspecified acts of treachery on behalf of the U.S. government.
It wasn’t until the early morning hours of the following day that other U.S. officials — who were not immediately informed by their Chinese counterparts of the consular official’s capture — arrived to rescue him.
He was eventually released back to their custody and soon evacuated from the country.
Both Chinese and U.S. officials kept quiet about the previously unreported incident, described to POLITICO and confirmed by multiple U.S. officials.
But it threatened to spill into an international incident in the early days of the 2016 presidential campaign.
U.S. officials strongly protested the abduction to their Chinese counterparts and, according to one official, issued a veiled threat to kick out suspected Chinese agents within the U.S.
U.S. officials consider the abduction an unusually bold act in a long-simmering spy game between Washington and Beijing, one recently overshadowed by a newly aggressive Russia.
But U.S. officials and China experts say the two countries are engaged in an espionage battle that may be just as fierce, if far less publicized.
“The Chinese have not gone away,” one counterintelligence official who recently left government said.
“The things going on with Russia right now really have distracted from China.”
POLITICO spoke with more than half a dozen current and former national security officials for this story.
Almost all requested anonymity to more freely discuss sensitive intelligence matters.
China’s ongoing espionage within the U.S. was clear at a July pre-trial hearing at a Washington courthouse for former CIA officer Kevin Mallory, charged in June with passing at least three top secret U.S. government documents to a Chinese intelligence operative in exchange for $25,000 in cash.
“Your object is to gain information, and my object is to be paid for it,” prosecutors said the 60-year-old Mallory, then a government contractor, wrote in a message to a Chinese agent.
During the packed hearing, Mallory, who sat quietly in a dark jumpsuit, showed little emotion as prosecutors played a recording of a phone call he made to his family in which he frantically directed his children to find a device on which he stored information, including CIA material, for his Chinese contacts.
On the recording, Mallory can be heard worriedly shushing his son as the boy begins to describe the device—perhaps out of well-grounded fear that federal investigators might be listening.
Government witnesses testified that data Mallory allegedly stored on the device was sensitive enough to compromise critical U.S. intelligence gathering inside China—and specific enough to reveal and gravely endanger U.S. sources there.
The CIA and State Department declined to comment.
Some officials and China experts said Beijing uses a softer touch in its espionage.
Where Moscow stomps, Beijing tiptoes — focusing heavily on the theft of economic secrets and making no known effort to influence U.S. electoral politics.
China is an uneasy partner for the U.S. — particularly as Donald Trump seeks Beijing’s help in taming North Korea’s nuclear program.
And American corporations that care little about Russia’s stunted economy want good relations with China’s potential market of more than 1 billion consumers.
“It’s a much more sophisticated effort than Russia’s,” Daniel Blumenthal, a China expert at the American Enterprise Institute and a former commissioner of the U.S.-China Economic and Security Review Commission, said of Chinese spying.
“They’re stronger, they’re more ambitious, they’re more powerful. And there are more U.S. stakeholders who want a positive relationship with China.”
Mallory is just one of two U.S. government employees charged this year with passing U.S. state secrets to China.
The other, 60-year-old Candace Marie Claiborne, was a State Department veteran whose postings included Beijing and Shanghai.
A March federal indictment charged her with accepting tens of thousands of dollars in cash and gifts from Chinese officials, including a laptop computer and international vacations, in return for U.S. government documents on U.S.-China economic relations.
U.S. officials interviewed by POLITICO said that, while visiting China, their colleagues are often “pitched,” or approached by Chinese intelligence operatives trying to recruit them.
Chinese efforts to recruit spies expand far beyond U.S. government employees. 
In a 2014 counter-recruitment video, titled “Game of Pawns,” the FBI tells the story of Glen Duffie Shriver, who as a U.S. student in Shanghai struck up a relationship with a woman he eventually discovered was a Chinese government operative.
Shriver took $70,000 from the woman as he sought a U.S. government job that would give him access to secret information he could pass to his handlers. 
He was sentenced to four years in prison.
“We live in a very sheltered society," Shriver says in the video.
"And when you go out among the wolves, the wolves are out there."
One former U.S. official said the cases show the way Chinese intelligence services, which long sought to appeal mainly to Chinese-Americans, are now recruiting from a far broader pool.
“The way the Chinese have gotten more aggressive is, they’ve looked at recruiting more than just ethnic Chinese,” one Obama-era National Security Council official said.
Officials and experts are especially concerned about China’s 2015 hack of the Office of Personnel Management, which saw the theft of personal data from millions of U.S. federal workers.
That information went well beyond Social Security numbers or birthdays—officials confirmed that China-linked hackers accessed troves of “SF-86” forms.
That extensively detailed document—required for government employees seeking a security clearance—includes everything from relationships to the month-by-month minutia of a personal history.
The scope and detail of the files may serve as a kind of recruitment road map for years, Michelle Van Cleave, former director of the Office of the National Counterintelligence Executive, said at a U.S.-China Economic and Security Review Commission hearing this summer.
“The threat will grow as a result of their successes against us, because of the integration of those cyber successes and their human espionage capabilities,” Van Cleave said.
“I'm looking at what was lost through the OPM breach ... and I'm saying this is, this is staggering. This is staggering.”
The snatching in Chengdu is an extreme illustration of current and former officials' description of intense surveillance of Americans by Chinese security authorities in China.
The officials described how their rooms or belongings were “tossed” — searched by Chinese operatives — while they were staying in the country.
“They were as fundamentally aggressive in their activity [as the Russians],” one former U.S. diplomatic official told POLITICO.
Calling China’s approach more “subtle” than Russia’s, he added: “They always knew what we were doing and where we were.”

Xi Jinping and a million spies

China pumping millions into developing cyber army with web security schools
By THOMAS HUNT

Xi Jinping aims to create a 'cyber army' by investing in new schools

The Cyberspace Administration of China and China’s education ministry announced plans to “build four to six world-famous cyber-security schools in ten years [from 2017 to 2027]”.
A statement claimed select colleges and universities will implement "comprehensive" interdisciplinary programs that blend engineering expertise with legal and management studies, to “train cyber-security personnel”.
Critics have argued that China “aims to build a cyber army”.
Xi Jinping said that China ought to “take great effort, invest big money, invite [the] best teachers, compile excellent teaching materials, recruit good students and build first-class cyber security schools”.
As part of the program, four to six colleges and universities will be chosen to receive government resources.
Xi added that China should “confidently uphold our sovereignty in cyberspace, clearly declare our claim,” and “increase our voice and rule-making power in cyberspace”.
The US-China Economic and Security Review Commission released a report last year claiming Chinese spies repeatedly infiltrated US national security agencies, including official email accounts, and stole state secrets.
The report added: 

"The United States faces a large and growing threat to its national security from Chinese intelligence collection operations.
"Among the most serious threats are China’s efforts at cyber and human infiltration of US national security entities."
In 2015, four Chinese-speaking hackers were arrested in China for their involvement in the breach of the US Office of Personnel Management’s database.
Chinese hackers have recently been building a “back door” into software in an attempt to spy on the UK’s top businesses.
The code has been spread around the world through a compromised software update for server management software from tech firm NetSarang.

China is building four to six new cyber security schools

China has been involved in a series of massive cyber hacks

The hack means businesses’ data could be accessed and puts systems at risk of interference from the codes creator.
A statement from NetSarang said: “Regretfully, the build release of our full line of products on July 18 was unknowingly shipped with a back door, which had the potential to be exploited by its creator.”
Professor Alan Woodward, of the University of Surrey, told The Times: 

“This is a particularly worrying attack. As far as clients were concerned this appeared to be perfectly legitimate software via an update.
“It was even digitally signed, which suggests the vendor had been penetrated thoroughly enough, maybe even an inside job, to make this look completely legitimate to customers.
“We’ve seen a series of these types of attack where the software supply chain has been compromised, so this may be the beginning of a trend that software vendors will need to take particular note of.”

Chinese-American Double Loyalty

Killing C.I.A. Informants, China Crippled U.S. Spying Operations
By MARK MAZZETTI, ADAM GOLDMAN, MICHAEL S. SCHMIDT and MATT APUZZO

The Chinese killed or imprisoned 18 to 20 C.I.A sources from 2010 through 2012. 

WASHINGTON — The Chinese government systematically dismantled C.I.A. spying operations in the country starting in 2010, killing or imprisoning more than a dozen sources over two years and crippling intelligence gathering there for years afterward.
American officials described the intelligence breach as one of the worst in decades. 

It set off a scramble in Washington’s intelligence and law enforcement agencies to contain the fallout, but investigators were bitterly divided over the cause. 

Some were convinced that a mole within the C.I.A. had betrayed the United States. 

Others believed that the Chinese had hacked the covert system the C.I.A. used to communicate with its foreign sources. 

Years later, that debate remains unresolved.
But there was no disagreement about the damage. 

From the final weeks of 2010 through the end of 2012, according to former American officials, the Chinese killed at least a dozen of the C.I.A.’s sources. 

According to three of the officials, one was shot in front of his colleagues in the courtyard of a government building — a message to others who might have been working for the C.I.A.
Still others were put in jail. 

All told, the Chinese killed or imprisoned 18 to 20 of the C.I.A.’s sources in China, according to two former senior American officials, effectively unraveling a network that had taken years to build.

Assessing the fallout from an exposed spy operation can be difficult, but the episode was considered particularly damaging. 

The number of American assets lost in China rivaled those lost in the Soviet Union and Russia during the betrayals of both Aldrich Ames and Robert Hanssen, formerly of the C.I.A. and the F.B.I., who divulged intelligence operations to Moscow for years.
The previously unreported episode shows how successful the Chinese were in disrupting American spying efforts and stealing secrets years before a well-publicized breach in 2015 gave Beijing access to thousands of government personnel records, including intelligence contractors. 

The C.I.A. considers spying in China one of its top priorities, but the country’s extensive security apparatus makes it exceptionally hard for Western spy services to develop sources there.
At a time when the C.I.A. is trying to figure out how some of its most sensitive documents were leaked onto the internet two months ago by WikiLeaks, and the F.B.I. investigates ties between Trump’s campaign and Russia, the unsettled nature of the China investigation demonstrates the difficulty of conducting counterespionage investigations into sophisticated spy services like those in Russia and China.
The C.I.A. and the F.B.I. both declined to comment.
Details about the investigation have been tightly held. 

Ten American officials described the investigation on the condition of anonymity because they did not want to be identified discussing the information.

Investigators still disagree how it happened, but the unsettled nature of the China investigation demonstrates the difficulty of conducting counterespionage investigations into sophisticated spy services.

The first signs of trouble emerged in 2010. 

At the time, the quality of the C.I.A.’s information about the inner workings of the Chinese government was the best it had been for years, the result of recruiting sources deep inside the bureaucracy in Beijing, four former officials said. 

Some were Chinese nationals who the C.I.A. believed had become disillusioned with the Chinese government’s corruption.
But by the end of the year, the flow of information began to dry up. 

By early 2011, senior agency officers realized they had a problem: Assets in China, one of their most precious resources, were disappearing.
The F.B.I. and the C.I.A. opened a joint investigation run by top counterintelligence officials at both agencies. 

Working out of a secret office in Northern Virginia, they began analyzing every operation being run in Beijing. 

One former senior American official said the investigation had been code-named Honey Badger.
As more and more sources vanished, the operation took on increased urgency. 

Nearly every employee at the American Embassy was scrutinized, no matter how high ranking. 

Some investigators believed the Chinese had cracked the encrypted method that the C.I.A. used to communicate with its assets.

Others suspected a traitor in the C.I.A., a theory that agency officials were at first reluctant to embrace — and that some in both agencies still do not believe.
Their debates were punctuated with macabre phone calls — “We lost another one” — and urgent questions from the Obama administration wondering why intelligence about the Chinese had slowed.
The mole hunt eventually zeroed in on a former agency operative who had worked in the C.I.A.’s division overseeing China.

But efforts to gather enough evidence to arrest him failed, and he is now living in another Asian country, current and former officials said.
There was good reason to suspect an insider, some former officials say. 

Around that time, Chinese spies compromised National Security Agency surveillance in Taiwan by infiltrating Taiwanese intelligence, an American partner, according to two former officials. 

And the C.I.A. had discovered Chinese operatives in the agency’s hiring pipeline, according to officials and court documents.
But the C.I.A.’s top spy hunter, Mark Kelton, resisted the mole theory, at least initially, former officials say. 

Mr. Kelton had been close friends with Brian J. Kelley, a C.I.A. officer who in the 1990s was wrongly suspected by the F.B.I. of being a Russian spy. 

The real traitor, it turned out, was Mr. Hanssen. 

Mr. Kelton often mentioned Mr. Kelley’s mistreatment in meetings during the China episode, former colleagues say, and said he would not accuse someone without ironclad evidence.
Those who rejected the mole theory attributed the losses to sloppy American tradecraft at a time when the Chinese were becoming better at monitoring American espionage activities in the country. Some F.B.I. agents became convinced that C.I.A. handlers in Beijing too often traveled the same routes to the same meeting points, which would have helped China’s vast surveillance network identify the spies in its midst.
Some officers met their sources at a restaurant where Chinese agents had planted listening devices, former officials said, and even the waiters worked for Chinese intelligence.
This carelessness, coupled with the possibility that the Chinese had hacked the covert communications channel, would explain many, if not all, of the disappearances and deaths, some former officials said.
Some in the agency, particularly those who had helped build the spy network, resisted this theory and believed they had been caught in the middle of a turf war within the C.I.A.
Still, the Chinese picked off more and more of the agency’s spies, continuing through 2011 and into 2012.

As investigators narrowed the list of suspects with access to the information, they started focusing on a Chinese-American who had left the C.I.A. shortly before the intelligence losses began. 

Investigators believed he had become disgruntled and had begun spying for China. 

The man had access to the identities of C.I.A. informants and fit all the indicators on a matrix used to identify espionage threats.
After leaving the C.I.A., the man decided to remain in Asia with his family and pursue a business opportunity, which some officials suspect that Chinese intelligence agents had arranged.
Officials said the F.B.I. and the C.I.A. lured the man back to the United States around 2012 with a ruse about a possible contract with the agency, an arrangement common among former officers. Agents questioned the man, asking why he had decided to stay in Asia, concerned that he possessed a number of secrets that would be valuable to the Chinese. 

It’s not clear whether agents confronted the man about whether he had spied for China.
The man defended his reasons for living in Asia and did not admit any wrongdoing, an official said. He then returned to Asia.
By 2013, the F.B.I. and the C.I.A. concluded that China’s success in identifying C.I.A. agents had been blunted — it is not clear how — but the damage had been done.
The C.I.A. has tried to rebuild its network of spies in China, officials said, an expensive and time-consuming effort led at one time by the former chief of the East Asia Division. 

The former chief was particularly bitter because he had worked with the suspected mole and recruited some of the spies in China who were ultimately executed.
China has been particularly aggressive in its espionage in recent years, beyond the breach of the Office of Personnel Management records in 2015, American officials said. 

Last year, an F.B.I. employee pleaded guilty to acting as a Chinese agent for years, passing sensitive technology information to Beijing in exchange for cash, lavish hotel rooms during foreign travel and prostitutes.
In March, prosecutors announced the arrest of a longtime State Department employee, Candace Marie Claiborne, accused of lying to investigators about her contacts with Chinese officials. According to to the criminal complaint against Ms. Claiborne, who pleaded not guilty, Chinese agents wired cash into her bank account and showered her with gifts that included an iPhone, a laptop and tuition at a Chinese fashion school. 

In addition, according to the complaint, she received a fully furnished apartment and a stipend.

Alibaba and the Chinese thieves

Alibaba pursuit of MoneyGram raises espionage fears
By San Diego Union-tribune

The acquisition of financial giant MoneyGram by a company with close ties to the Beijing government might be scuppered by rising fears that Chinese spies would exploit the data of American troops and their families to track military movements and identify targets to turn.
The bidding war for Dallas-based MoneyGram pits China’s Zhejiang Ant Small and Micro Financial Services — called Ant — against Euronet Worldwide, a Kansas firm that’s American-owned.
Ant offered $1.9 billion for MoneyGram on Jan. 27. 

Euronet swept in with a $2 billion bid nearly three months later, but the only deal under tentative agreement is Ant’s.
A spin-off of online retail giant Alibaba, Ant operates in China like America’s PayPal system, but its subsidiaries include an online bank and a money-market fund. 

Chinese billionaire Jack Ma directs both companies, although 15 percent of Ant is owned by the Communist government and the sovereign wealth fund it controls.
Hackers linked to China’s military and spy agencies are accused of raiding data from both the American government and key national security contractors, including aerospace leader Northrop Grumman and shippers moving U.S. troops and equipment worldwide.
“With MoneyGram, you have a company that routinely provides financial services to Department of Defense personnel. That information can be analyzed and exploited,” said Christopher Swift, a former investigator at the U.S. Treasury Department’s Office of Foreign Assets Control, where he probed international transactions involving terrorist syndicates, weapons smugglers and rogue nations banned from doing business in America.
“This is a merger that involves America’s financial system, and the financial system is part of the critical infrastructure of the United States. On top of that, MoneyGram collects information about Americans and could be a potential source of information to the Chinese government,” added Swift, now a partner at the Washington, D.C.-based legal firm of Foley & Lardner, where he specializes in white-collar litigation, international law and national-security cases.

MoneyGram’s representatives didn’t return messages seeking comment.

In 2012, the company entered into a deferred prosecution agreement with the U.S. Justice Department after admitting to criminally aiding and abetting wire fraud and failing to maintain an effective anti-money laundering program. 

MoneyGram forfeited $100 million for “turning a blind eye” to the defrauding of tens of thousands of American citizens and agreed to strengthen its compliance department, according to the agreement.
It’s harder to crack down on Chinese government spying.
In 2014, for example, a federal grand jury indicted five members of People’s Liberation Army Unit 61398 for stealing data from American corporations. 

The following year, the U.S. Office of Personnel Management announced that Chinese hackers ripped off the records of up to 21.5 million Americans, a treasure trove of data that included details about military personnel and contractors with high security clearances.
Troops and their families using MoneyGram to send money to relatives, friends or others must fill out forms designed to flag financial crimes such as money laundering and wire fraud.
Depending on the type of transaction, customers can disclose a wide range of personal data, including residential addresses, Social Security numbers, birth dates and banking information, plus similar details about the recipient of the funds.
MoneyGram outlets also record information from a client’s passport, driver’s license, national identity card or other government-issued pieces of identification. 

The info is usually kept for five years in case federal or state bank regulators audit the transactions.
The sheer reach of MoneyGram’s 347,000 outlets or affiliated agents in 200 nations means that it routinely serves military members and their families.
The Union-Tribune counted 20 MoneyGram outlets running in an arc from Temecula Heights past North Island Naval Air Station, San Diego Naval Base and Point Loma’s Third Fleet headquarters to Imperial Beach — where the SEALs are building a new $1 billion compound.
About a dozen MoneyGram outlets are located around Camp Pendleton, and six are situated near Miramar Marine Corps Air Station.
Lemoore Naval Air Station, home to the Navy’s new fleet of F-35C stealthy strike fighters, has a MoneyGram in town. 

So does Yuma, Arizona, home to the Marine Corps’ F-35B program.
It’s a 10-minute drive from the gates of Vandenberg Air Force Base and its top-secret missile and satellite programs to the nearest MoneyGram.
Euronet executives said they’re worried about the geographic pattern.
“Our team has been in the money transfer business for more than 30 years. We have a keen understanding for the significant amount of personal data that is collected and preserved related to the senders and beneficiaries in these transactions, and the view it provides to the financial sector,” Euronet Chairman and CEO Michael Brown said in a statement to the Union-Tribune. 

“We also understand the impact on the lives of customers, and the risks were it to be misused by a company or government. Members of Congress, members of a congressional commission and others have raised concerns about such risks in this transaction.”
Two Republican congressmen with sway over America’s policies toward China — Rep. Robert Pittenger of North Carolina and Rep. Chris Smith of New Jersey — have asked whether Beijing would use MoneyGram data to crack down on human-rights dissidents. 

Other lawmakers told the Union-Tribune they were just learning about the national-security issues dogging the deal. 

Dayanara Ramirez, spokeswoman for Rep. Juan Vargas, D-San Diego, said her office is “currently waiting to get more information/background on the matter.”
Vargas serves on the House Committee on Financial Services, which could exert oversight regarding the transaction.
The proposed sale of MoneyGram to Ant also could fall victim to a tiny federal agency lodged in the U.S. Treasury Department — the Committee on Foreign Investment in the United States, or CFIUS. That office combines the expertise of 11 federal agencies, including the Pentagon and the Office of the Director of National Intelligence, to weigh purchases of key American companies by foreign businesses.
In 2013, CFIUS helped thwart the sale of a mining company to Chinese investors due to concerns that they would own property too near the Navy’s “top gun” fighter school at Fallon Naval Air Station in Nevada and the Corps’ air station in Yuma.
Four years earlier, the office scuttled a similar Chinese deal to acquire another company with holdings near Fallon. 

The review cited “serious, significant and consequential national-security issues” raised by senior Pentagon officials.
In addition, Barack Obama in 2012 barred the Chinese-owned Sany Group from erecting a wind farm near restricted air space at the Boardman test range in Oregon, where the military flies cutting-edge drones.
Because the MoneyGram sale is governed by an executive branch process, Donald Trump will get the final say unless Congress intervenes.
On Jan. 9, then-President-elect Trump met with billionaire Jack Ma at Trump Tower in Manhattan. Ma promised to create 1 million American jobs during the next five years as Alibaba expanded into the United States — a point echoed by Ant in its statement to the Union-Tribune.
The White House didn’t respond to requests seeking comment for this story.

U.S. Chinese Fifth Column

FBI, other agencies work in buildings owned by China
By JOEL GEHRKE

Federal officials are putting sensitive materials in Chinese-owned buildings, making them vulnerable to cyberattack and espionage, senators warned Friday.
Their alarm bells were set off by a report that said the General Services Administration has been placing FBI agents and other "high-security" government officials in buildings owned by foreign entities in China.

The GSA didn't tell the tenants, according to the government report, so the officials aren't taking addition security precautions.
"Yet, in some cases the space is used for classified operations and to store sensitive data," Sen. Steve Daines, R-Mont., and Sen. Tammy Duckworth, D-Ill., wrote in a Thursday letter to acting GSA Administrator Timothy Horne. 

"Given the highly sensitive information that is often stored at high-security leased sites, we are concerned with the lack of policies and procedures concerning the ownership of these sites."
The Chinese-owned buildings have national security and privacy implications, as they house agencies ranging from FBI and Drug Enforcement Agency field offices to a Social Security Administration office in Seattle, Wash. 

Even the U.S. Secret Service rents space from companies based in China, according to the Government Accountability Office, which is the research arm of Congress.
The GAO warned that "foreign ownership of government-leased space can pose security risks particularly regarding cybersecurity," with particular reference to China. 

The report noted that "companies in China are likely to have ties to the Chinese government," as well as federal government warnings about Chinese government hackers targeting private and federal U.S. entities. 

"China is the leading suspect in the cyber intrusion into the Office of Personnel Management's (OPM) systems affecting background investigation files for 21.5 million individuals which OPM reported in July 2015," the GAO added.
Although the buildings are leased formally from companies based in foreign countries, GSA can't be sure that those private companies are the true owners of the buildings. 

"GSA lacks complete information regarding foreign-owned leased space including beneficial owner information (which GAO defined as the person who ultimately owns and controls a company)," the senators noted.
Federal agencies took extra precautions after realizing they were in a foreign-owned building, but nine of the 14 agencies contacted by the GAO didn't have any of that information. 

"Federal agencies are among the top targets for cyber criminals, with many agencies experiencing thousands of attempted attacks daily," Duckworth and Daines wrote. 

"Agencies must have the information necessary to assess and address the risks to their high-security facilities, including cybersecurity vulnerabilities that exist in foreign-owned buildings."
The lawmakers want an update on how GSA will change its leasing procedures and "notify tenants that their leased space is foreign owned." 

But they also need to learn more about which buildings are foreign-owned, according to the GAO. "The real property database did not include information on all of the buildings in which GSA leases high-security space," the GAO report says. 

"Therefore, the results of our analysis are likely understated and GSA may be leasing more high-security space than what we identified in the 25 leases."

FBI probes FDIC hack linked to China's military

Reuters

FBI investigating 2010 FDIC hack.

The FBI is investigating how Chinese hackers infiltrated computers at the Federal Deposit Insurance Corporation for several years beginning in 2010 in a breach senior FDIC officials believe was sponsored by China's military, people with knowledge of the matter said.
The security breach, in which hackers gained access to dozens of computers including the workstation for former FDIC Chairwoman Sheila Bair, has also been the target of a probe by a congressional committee.
The FDIC is one of three federal agencies that regulate commercial banks in the United States.
It oversees confidential plans for how big banks would handle bankruptcy and has access to records on millions of individual American deposits.
Last month, the banking regulator allowed congressional staff to view internal communications between senior FDIC officials related to the hacking, two people who took part in the review said.
In the exchanges, the officials referred to the attacks as having been carried out by Chinese military-sponsored hackers.
The staff was not allowed to keep copies of the exchanges, which did not explain why the FDIC officials believe the Chinese military was behind the breach.
Reuters was not able to review those records, and could not determine how long the FBI probe has been open, though it was described as still active. 
A third person with knowledge of the matter confirmed the FBI had opened a probe.
FDIC spokeswoman Barbara Hagenbaugh declined to comment on the previously unreported FBI investigation, or the hack's sponsorship by the Chinese military, but said the regulator took "immediate steps" to root out the hackers when it became aware of the security breach.
After FDIC staff discovered the hack in 2010, it persisted into the next years, with staff working at least through 2012 to verify the hackers were expunged, according to a 2013 internal probe conducted by the FDIC's inspector general, an internal watchdog.
The intrusion is part of series of cybersecurity lapses at the FDIC in recent years that continued even after the hack suspected to be linked to Beijing. This year, the FDIC has reported to Congress at least seven cybersecurity incidents it considered to be major which occurred in 2015 or 2016.
An annual report by the regulator said there were 159 incidents of unauthorized computer access during fiscal year 2015, according to a redacted copy obtained by Reuters under a Freedom of Information Act request.
Rather than major breaches by hackers, however, these incidents included security lapses such as employees copying sensitive data to thumb drives and leaving the agency.
Twenty of the incidents were confirmed data breaches, according to an FDIC document provided to Reuters by the U.S. House of Representatives Committee on Science, Space and Technology.
That represents a higher number than was previously reported by the regulator under reporting guidelines for major incidents.
Throughout the lapses, the FDIC has said it is stiffening information security standards, including a ban on thumb drives and more coordination with the Department of Homeland Security to prevent hacks.
"We are continuing to take steps to enhance our cybersecurity program," Hagenbaugh said.
An audit by the FDIC's inspector general in November found the FDIC was failing to do "vulnerability scanning" in an important part of its network, a standard technique used to detect hackers. 
The audit stated the FDIC was working to address the shortfall.
The FBI declined to comment on its investigation.
When asked about China's possible role in the 2010 hack, Chinese Foreign Ministry spokeswoman Hua Chunying said: "If you have no definitive proof, then it is very hard for you to judge where the attacks really come from."
Washington has accused Beijing of hacking government offices before, including the theft of background check records from the Office of Personnel Management.
It was not clear whether the FBI probe of the FDIC hack would result in any action against China or whether the issue would be taken up by President Donald Trump, who has vowed to confront China on trade issues.
The Obama administration has struggled to develop a clear strategy for responding to cyber attacks, due to the difficulty of identifying hackers and fears of escalation.
The White House had no comment on the FDIC hack.
Trump's transition team did not respond to a request for comment.
Last year, Barack Obama and Xi Jinping reached an agreement to avoid economic cyber espionage on one another.

'Advanced persistent threat'
A July report by the House Science Committee said hackers linked to China's government gained deep access to FDIC computers starting in 2010. 
The probe at that point was unaware the hack was tied to China's military.
The committee, chaired by Texas Republican Lamar Smith, has continued to press the FDIC. Lawmakers accused FDIC employees of covering up the hack to protect the job of Chairman Martin Gruenberg, who was nominated for his post in 2011.
An FDIC review last month found no evidence Gruenberg's pending confirmation influenced handling of the breach.
In September, FDIC officials told the committee it could not share some documents because the FBI was investigating the breaches, two committee aides told Reuters.
FDIC staff realized in October 2010 that sophisticated intruders lurked within the agency's network, according to the FDIC inspector general's 2013 probe.
Staff at the regulator learned the computer of the FDIC's then-chairwoman, Bair, was breached by what they called an "advanced persistent threat."
Top FDIC officials were not briefed on the matter until August 2011, a month after Bair left the agency, according to the 2013 investigation.
Bair declined to comment when reached by Reuters this week.
Reuters was unable to determine when the hackers were expunged from the FDIC network.
The regulator hired Mandiant, a firm specialized in probing Chinese military hackers, to investigate, executing a contract in January 2013.
Mandiant was purchased in 2014 by FireEye, which did not immediately respond to a request for comment.