Amidst the torrent of news about cyber spying by China, here's an intriguing and developing story about possible old-fashioned human espionage.
On Saturday night, the FBI arrested a Chinese national who was working at a NASA facility in Hampton, Va., just as he was about to hop a one-way flight to Beijing. Bo Jiang, who is now in US custody awaiting a dentition hearing, had been the subject of a federal investigation and is suspected of violating the Arms Export Control Act.
Jiang was a contractor for the National Institute of Aerospace, a non-profit group that collaborates with the NASA Langley Research Center. The FBI had apparently been watching him for some time, and according to an affidavit was aware that he had previously traveled to China carrying a laptop computer that belonged to NASA and that contained "sensitive information." The affidavit doesn't specify what it was. Langley focuses mostly on aeronautics research, and it has also been involved in spacecraft design.
The FBI got wind of Jiang's imminent departure a day before he was set to leave. Agents intercepted him at Dulles International Airport, after he had boarded his flight, and questioned him about what electronic media devices were in his possession. Jiang said he was carrying a cellphone, memory stick, an external hard drive and a new computer. But a search revealed other items, including an additional laptop, a hard drive, and a SIM card.
That's about all we know from the feds. Jiang made a nine-minute appearance in the US District Court in Norfolk yesterday. A detention hearing is scheduled for Thursday at 2pm.
But here's the meatier backstory.
Rep. Frank Wolf, a Republican from Virginia who has long railed against Chinese espionage and whose office computers were infiltrated by suspected Chinese cyber spies, says he received whistleblower complaints from employees at the NASA facility who said Jiang is "affiliated with an institution in China that has been designated as an 'entity of concern' by other U.S. government agencies." (Other government agencies are standard language for the CIA and the NSA.)
A week before Jiang tried to leave the United States, Wolf told reporters that the Chinese national was working on technology "that may have national security implications," and that he was "allegedly allowed by both NASA and his contractor to take his work and volumes of other NASA research back to China for a period of time..."
If Jiang was on the radar of the FBI and the intelligence agencies as a possible spy, it begs the question what NASA and his contractor knew about his activities and his affiliates in China, and what they were told and when.
A NASA spokesman tells me, "Earlier this month, NASA completed a review of a potential security breach at our Langley Research Center involving a Chinese national who worked for a contractor there. We referred this matter to appropriate law enforcement officials and the person in question no longer works at Langley. We will continue to fully cooperate with law enforcement officials investigating this current matter and stand ready to assist in any way."
Noting that the investigation was ongoing, the spokesman declined to say how NASA became aware of the breach.
Jiang's contract employer, the National Institute of Aeronautics, put out a statement that reads, in part, "We continually work hand-in-hand with NASA and other partners to ensure compliance with all US Export Control, immigration laws and regulations. We take export control security very seriously and are cooperating fully with investigators to ensure that any and all allegations related to export control compliance are investigated quickly and thoroughly."
Chinese industrial espionage in the United States is nothing new, and academic institutions and non-profits that work with government research facilities have long been known conduits for espionage. In the late 1990s, the Army set up a classified research program to study the problem, and found numerous networks for "exflitration" of US secrets, frequently via university programs. Researchers from foreign countries came to the United States, ostensibly to work on projects in their area of expertise, and they took sensitive information back to their home country. Information about weapons designs and precision machine parts were among the items the spies were after.
All that was pretty standard espionage. But until cyber spying became such a huge national concern, the problem received comparatively little attention. In 1999, the so-called Cox Report raised alarms about transfer of US national security technology to China. But that level of espionage is dwarfed by what we're seeing in cyber spying today, experts say. It's a lot easier to steal information via a computer network than it is to carry it out of the United States by hand.
Wolf is not a disinterested party in all of this. His district includes portions of the Washington region's technology corridor, where many government contractors, the frequent target of cyber spies, have offices. Back in 2008, after Wolf revealed publicly that his office's computers had been breached, he said that he had been "urged not to speak about this threat." At the time, US intelligence officials were generally more cautious than they are now to talk openly about cyber espionage, much less to point the finger at the Chinese. Not anymore, as has been made abundantly clear in the past few months.
National Security Adviser Tom Donilon today called Chinese cyber espionage of US business information "a growing challenge to our economic relationship with China" and "key point of concern and discussion with China at all levels of our governments."
In the first public remarks by a White House official directed specifically at cyber espionage emanating from China, which is believed to be state-sponsored, Donlion said the problem had "moved to the forefront of [the administration's] agenda," and called for "additional, intensive attention," including recognition by the Chinese government of "the urgency and scope of this problem and the risk it poses--to international trade, to the reputation of Chinese industry and to our overall relations."
Donlion's remarks are another pivotal moment in the increasingly tense, and public, dispute between China and the US over cyber spying. The last time the US government went on record blaming China for stealing American companies' secrets and other proprietary information was when the National Counterintelligence Executive released a frank and alarming report on Chinese and Russian cyber spying. At the time, I compared that to Winston Churchill's Iron Curtain speech, because it characterized the spying as part of the two countries' national strategy of military, technological, and economic domination of the West, and the United States in particular.
Interestingly, Donilon's remarks today were not as emphatic or wide-ranging as that report. His relatively brief comments came up in a lengthy speech on U.S.-Asia policy at the Asia Society in New York. Donilon focused on cyber espionage and stayed away from any discussion of state-on-state spying, or of cyber warfare, even though these are both part of the calculus when it comes to U.S-China relations in cyber space.
But this was the first time any US official has made specific demands of China. In addition to calling for official "recognition" of cyber espionage--Chinese officials steadfastly maintain that their country is not a perpetrator, but a victim--Donilon said, "Beijing should take serious steps to investigate and put a stop to these activities" and "engage with us in a constructive direct dialogue to establish acceptable norms of behavior in cyberspace."
The Obama administration is raising the stakes. While not specifically accusing the Chinese government of being behind the intrusions, Donilon called for state action and invoked it on the part of the United States. Referring to President Obama's most recent State of the Union Address, Donilon said, "We will take action to protect our economy against cyber-threats." Already we're seeing some evidence of that. In the coming weeks, elements of US intelligence and law enforcement will begin sharing information about Chinese cyber hacking with US telecommunications companies, bringing them deeper into a public-private effort to secure cyberspace.
Donilon also drew a distinction between "ordinary cybercrime or hacking" and what China is accused of doing. He said it's not "solely a national security concern," but one for businesses who are "speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale."
This is carefully tuned language. It focuses the administration's attention on what Donilon characterized as a strategic threat to the economic growth of both countries, which are each other's most important trading partners. And it brings the private sector into the problem as a key player, not a bystander.
The full video of Donilon's remarks are here. He starts talking about cyber security about 32 minutes in.
The Obama administration is about to pull US telecommunications companies even deeper into the ongoing cyber conflict with China.
Foreign Policy reports that in the coming weeks, the National Security Agency, in concert with the Homeland Security Department and the FBI, "will release to select American telecommunication companies a wealth of information about China's cyber-espionage program." The idea behind this reportedly classified operation is to give the telecoms more information about how Chinese cyber spies ply their trade, so that American companies can in turn get ahead of the threat and better defend themselves.
The information the government wil share with the companies includes "sophisticated tools that China uses, countermeasures developed by the NSA, and unique signature-detection software that previously had been used only to protect government networks," FP reports.
This marks an escalation in the so-called "public-private partnership" that has existed for a few years now in the ever-expanding cyber battlefield. The government has already been sharing with telecom companies some domain names and Internet addresses associated with suspected spies and hostile actors. The companies which run and manage the country's networks, in turn are expected to exercise some level of surveillance and defense, which theoretically redounds to the benefit of their customers.
This hasn't really made cyberspace any safer, nor has it significantly reduced cyber espionage and malware attacks against US companies. So now, the government is effectively giving the companies more cyber "ammo," in the form of richer, and more secretive intelligence, which it has traditionally guarded. In theory, the companies will have greater insight into how spies are trying to crack their networks.
The timing of this event doesn't seem coincidental. In February, computer security firm Mandiant released a report naming the Chinese military as a major source of espionage against U.S. companies. I'm told by knowledgable sources that the release of that report was coordinated with the Defense Department and the Homeland Security Department, which just a day earlier released much of the same threat information that's in the Mandiant report, but without attributing the source to China. Like the new information-sharing program, these are not rhetorical strategies, but rather tactical attempts to push back against cyber spying and give US companies more means to defend themselves.
The Obama administration has long understood that in order to defend cyberspace, it's going to have to enlist the cooperation and active participation of US companies. The US government, for all its technical intelligence prowess, simply cannot defend a network infrastructure that is almost entirely owned and operated by the private sector.
For their part, companies have been itching to get more information and to change the often one-way flow of threat information from the private sector to the government. Companies know they're networks are threatened, but they often don't know much about the sources of those intrusions, and what else the intruders are capable of doing. They need a government intelligence agency to obtain that information--mainly through espionage, which companies can't legally practice on their own.
Yesterday, the chief information officer for Dow Chemical Company told a Senate panel that he'd like to see more information sharing from the government to industry, and among different sectors of US companies. He's about to get some of what he asked for.
To some extent, this information exchange has been happening already. For the past few years, US defense contractors have been sharing threat information with the government and allowing government agencies to monitor their networks, so the intelligence community can gather information about US adversaries, and how they work.
Now, though, the administration is pushing this cooperation even deeper into the telecom sector, essentially taking the fight down to the level of the network operators. That's a significant development. Think of this as deputizing some companies in the new cyber war. We're going to see a lot more of this in the future.
Here's proof that not everything coming from China these days is bad for the U.S. news business.
At first glance, I thought this article in today's print edition of the Wall Street Journal (photo above) was another story about Chinese cyber spies. That wouldn't be surprising, since the paper has been on the receiving end of Chinese espionage and routinely covers that subject.
Look closer, though, and you'll see this article actually is a paid advertisement by China Watch, which is prepared by China Daily, a state-controlled publication that has taken out similar ads in the Washington Post, and the New York Times, both of which claim, like the Journal, that they were hacked by Chinese sources.
The advertisement in the Journal is a mostly laudatory take about Lenovo Group, which the ad says surpassed U.S.-based Hewlett-Packard last year as the world's largest manufacturer of personal computers, "the first time a Chinese company has taken the industry lead."
I've seen China Daily's stand-alone newspaper floating through my office over the past few years. It's a quite dependable publication: Dependably uncritical of Chinese authorities, and unfailingly enthusiastic about Chinese business interests in the United States. James Fallows, a seasoned China watcher, has a long-running and very amusing appreciation of the state-run enterprise on his blog.
Not that I had expected to see it, but there's no mention in the advertisement that the Obama administration believes China is the source of "an onslaught" of cyber break-ins and industrial espionage targeted at U.S. technology companies.
However, China Daily this month has run several articles refuting a report by computer security firm Mandiant that one of the most prolific Chinese hacker groups is run by the country's military. Those articles cite Chinese officials, such as a military spokesman, and other Chinese media. The Journal, and other U.S. news organizations, have covered these denials. Another recent article in China Daily claimed "that China is actually the real victim of cyber attacks," citing statistics from a Chinese computer network center that appeared in Xinhua, the official Chinese press agency.
The Post got dinged a few years ago by the Nieman Journalism Lab for not more clearly showing that the China Daily copy was paid advertisement/advertorial. Today's ad in the Journal carries a disclaimer that it "did not involve the news or editorial departments" of the newspaper.
China Daily only took up about three-fourths of the page. But the bottom quarter has an ad from Air China, promoting it's non-stop New York-to-Bejing service for business executives.