The New York Times magazine tells the story of an innocuous-seeming message on LinkedIn in 2017 from Qu Hui, the deputy director of the China-based Provincial Association for International Science and Technology Development.
Federal agents eventually obtained search warrants for two Gmail addresses the official was using, and “In what would prove to be a lucky break, the investigators found that each email address was the Apple ID used for an iPhone, linked to an iCloud account where data from the phones was periodically backed up. The agents were later able to obtain search warrants for the two iCloud accounts [that] opened a treasure trove.”
This included confirmation of what they had suspected all along: that Qu worked for Chinese intelligence. His real name was Xu Yanjun. He had worked at the Ministry of State Security since 2003, earning six promotions to become a deputy division director of the Sixth Bureau in the Jiangsu Province M.S.S. Like so many of us, he had taken pictures of important documents using his iPhone — his national ID card, pay stubs, his health insurance card, an application for vacation — which is how they ended up in his iCloud account. There, investigators also found an audio recording of a 2016 conversation with a professor at N.U.A.A. in which Xu had talked about his job in intelligence and the risks associated with traveling. “The leadership asks you to get the materials of the U.S. F-22 fighter aircraft,” he told the professor. “You can’t get it by sitting at home.” The discovery of evidence of Xu’s identity in an iCloud account makes for a kind of delicious reversal. The ubiquitous use of iPhones around the world — a result of America’s technological prowess — was helping to fight back against a rival nation’s efforts to steal technology.
Qu scheduled a meeting in Brussels with one American target — where he was arrested and extradited to America, becoming the first-ever Chinese intelligence official convicted on U.S. soil on charges of economic espionage.
The prosecution contended that Xu had been systematically going after intellectual property at aerospace companies in the United States and Europe through cyberespionage and the use of human sources. It’s not often that prosecutors find a one-stop shop for much of their evidence, but that’s what Xu’s iCloud account was — a repository of the spy’s personal and professional life. That’s because often Xu used his iPhone calendar as a diary, documenting not just the day’s events but also his thoughts and feelings…. The messages in Xu’s iCloud account enabled investigators to make another damning discovery. Xu had helped coordinate a cyberespionage campaign that targeted several aviation technology companies….
At the end of the trial, Xu was convicted of conspiring and attempting to commit economic espionage and theft of trade secrets…. According to Timothy Mangan, who led the prosecution, the evidence laid out during Xu’s trial goes far beyond merely proving his guilt — it uncovers the systematic nature of China’s vast economic espionage. The revelation of Xu’s activities lifts the veil on how pervasive China’s economic espionage is, according to the F.B.I. agent. If just one provincial officer can do what he did, the agent suggests, you can imagine how big the country’s overall operations must be.
The article notes that the Chinese government “also offers financial incentives to help Chinese expats start their own businesses in China using trade secrets stolen from their American employers.” It also cites a 2019 report from a congressional committee’s security review that found “myriad ways in which Chinese companies, often backed by their government, help transfer strategic know-how from the United States to China.”
The maneuvers range from seemingly benign (acquiring American firms with access to key intellectual property) to notoriously coercive (compelling American companies to form joint ventures with Chinese firms and share trade secrets with them in return for access to the Chinese market) to outright theft. Cyberattacks have become an increasingly common tactic because they can’t always be linked directly to the Chinese government. Over the past few years, however, federal agents and cybersecurity experts in the U.S. have identified the digital footprints left along the trails of these attacks — malware and I.P. addresses among them — and traced this evidence back to specific groups of hackers with proven ties to the Chinese government.
One 2020 indictment blamed five “computer hackers” in China for breaching more than 100 organizations.
Thanks to Slashdot reader schwit1 for sharing the article.
Read more of this story at Slashdot.