Chinese Espionage in the U.S.

(click here to enlarge image)

The Renault Case

Higher-level Recruitment?

Paris prosecutor Jean-Claude Marin on Jan. 14 began an inquiry into allegations of commercial espionage carried out against French carmaker Renault. The allegations first became public when Renault suspended three of its employees on Jan. 3 after an internal investigation that began in August 2010. Within days, citing an anonymous French government source, Reuters reported that French intelligence services were looking into the possibility that China played a role in the Renault espionage case. While the French government refused to officially confirm this accusation, speculation has run wild that Chinese state-sponsored spies were stealing electric-vehicle technology from Renault. The Chinese are well-known perpetrators of industrial espionage and have been caught before in France, but the details that have emerged so far about the Renault operation differ from the usual Chinese method of operation. And much has been learned about this MO just in the last two years across the Atlantic, where the United States has been increasingly aggressive in investigating and prosecuting cases of Chinese espionage. If Chinese intelligence services were indeed responsible for espionage at Renault it would be one of only a few known cases involving non-Chinese nationals and would have involved the largest amount of money since the case of the legendary Larry Wu-Tai Chin , China's most successful spy. STRATFOR has previously detailed the Chinese intelligence services and the workings of espionage with Chinese characteristics . A look back at Chinese espionage activities uncovered in the United States in 2010, since our latest report was compiled, can provide more context and detail about current Chinese intelligence operations.We chose to focus on operations in the United States for two reasons. First, the United States is a major target for Chinese industrial espionage. This is because it is a leader in technology development, particularly in military hardware desired by China's expanding military, and a potential adversary at the forefront of Chinese defense thinking. Second, while it is not the only country developing major new technologies in which China would be interested, the United States has been the most aggressive in prosecuting espionage cases against Chinese agents, thereby producing available data for us to work with. Since 2008, at least seven cases have been prosecuted each year in the United States against individuals spying for China. Five were prosecuted in 2007. Going back to about 2000, from one to three cases were prosecuted annually, and before that, less than one was prosecuted per year. Most of the cases involved charges of violating export restrictions or stealing trade secrets rather than the capital crime of stealing state secrets. As the premier agency leading such investigations, the FBI has clearly made a policy decision to refocus on counterintelligence after an overwhelming focus on counterterrorism following 9/11, and its capability to conduct such investigations has grown. In 2010, 11 Chinese espionage cases were prosecuted in the United States, the highest number yet, and they featured a wide range of espionage targets. Ten of the 11 cases involved technology acquisition, and five were overt attempts to purchase and illegally export encryption devices, mobile-phone components, high-end analog-to-digital converters, microchips designed for aerospace applications and radiation-hardened semiconductors. These technologies can be used in a wide range of Chinese industries. While the mobile-phone technology would be limited to Chinese state-owned enterprises (SOEs) such as China Mobile, the aerospace-related microchips could be used in anything from rockets to fighter jets. Xian Hongwei and someone known as "Li Li" were arrested in September 2010 for allegedly attempting to purchase those aerospace-related microchips from BAE Systems, which is one of the companies involved in the development of the F-35 Joint Strike Fighter. Similar espionage may have played a role in China's development of the new J-20 fifth-generation fighter , but that is only speculation.Five other cases in 2010 involved stealing trade secrets. These included organic light-emitting diode processes from Dupont, hybrid vehicle technology from GM, insecticide formulas from the Dow Chemical Co., paint formulas from Valspar and various vehicle design specifications from Ford. These types of Chinese cases, while often encouraged by state officials, are more similar to industrial espionage conducted by corporations. Since many of the major car companies in China are state-run, these technologies benefit both industry and the state . But that does not mean these efforts are directed from Beijing. History shows that such espionage activities are not well coordinated. Various Chinese company executives (who are also Communist Party officials) have different requirements for their industrial espionage. In cases where two SOEs are competing to sell similar products, they may both try to recruit agents to steal the same technology. There are also a growing number of private Chinese companies getting involved in espionage. One notable example was when Du Shanshan and Qin Yu passed on technology from GM to Chery Automobile, a private, rather than state-run, manufacturer. In the five trade-secret cases in 2010, most of the suspects were caught because of poor tradecraft. They stored data on their hard drives, sent e-mails on company computers and had obvious communications with companies in China. This is not the kind of tradecraft we would expect from trained intelligence officers. Most of these cases probably involved ad hoc agents, some of whom were likely recruited while working in the United States and offered jobs back in China when they were found to have access to important technology. These cases show how Chinese state-run companies can have an interest in espionage in order to improve their own products, both for the success of their companies and in the national interest of China. The U.S. Department of Justice has not provided specific details on how the stolen defense-related technologies were intended to be used in China, so it is hard to tell whether they would have enhanced China's military capability. First-generation Chinese carried out 10 of the 11 publicized cases in the United States last year. Some were living or working temporarily in the United States, others had become naturalized American citizens (with the exception of Xian and Li, who were caught in Hungary). The Chinese intelligence services rely on ethnic Chinese agents because the services do not generally trust outsiders. When recruiting, they also use threats against family members or the individuals themselves. Second- and third-generation Chinese who have assimilated in a new culture are rarely willing to spy, and the Chinese government has much less leverage over this segment of the ethnic-Chinese population living overseas. In the 11 cases in 2010, it is not clear what payments, if any, the agents might have received. In some cases, such as those involving the trade secrets from Valspar and Ford, the information likely helped the agents land better jobs and/or receive promotions back in China. Cash does not typically rule the effectiveness of newly recruited Chinese spies, as it might with Western recruits. Instead, new Chinese agents are usually motivated by intelligence-service coercion or ideological affinity for China. The outlier in 2010 was Glenn Duffie Shriver, an American student with no Chinese heritage who applied to work at both the U.S. State Department and the CIA. His was the first publicized case of the Chinese trying to develop an agent in place in the United States since Larry Chin. Shriver studied in China in 2002 and 2003. The recruitment process began when he returned to China in 2004 to seek employment and improve his language capabilities. After responding to an ad for someone with an English-language background to write a political paper, Shriver was paid $120 for producing an article on U.S.-Chinese relations regarding Taiwan and North Korea. The woman who hired him then introduced him to two Chinese intelligence officers named Wu and Tang. They paid Shriver a total of $70,000 in three payments while he tried to land a job with the U.S. government. Shriver failed the exams to become a foreign service officer and began pursuing a career with the CIA. He was accused of lying on his CIA application by not mentioning at least one trip to China and at least 20 meetings with Chinese intelligence officers. It is not clear how he was exposed, but customs records and passport stamps would have easily revealed any trips to China that he did not report in his CIA application. On Oct. 22, 2010, Shriver pleaded guilty to conspiring to provide national defense information to intelligence officers of the People's Republic of China and was sentenced to 48 months in prison in accordance with his plea agreement. A few Americans have been accused of being Chinese agents before, such as former Defense Department official James Fondren, who was caught and convicted in 2009. These cases are rare, though they may increase as Beijing tries to reach higher levels of infiltration. It is also possible that the FBI has been reaching only for low-hanging fruit and that Chinese espionage involving Americans at higher levels is going undetected. If this were the case, it would not be consistent with the general Chinese espionage MO. China takes a mosaic approach to intelligence, which is a wholly different paradigm than that of the West. Instead of recruiting a few high-level sources, the Chinese recruit as many low-level operatives as possible who are charged with vacuuming up all available open-source information and compiling and analyzing the innumerable bits of intelligence to assemble a complete picture. This method fits well with Chinese demographics, which are characterized by countless thousands of capable and industrious people working overseas as well as thousands more analyzing various pieces of the mosaic back home. Another case in 2010 was an alleged China-based cyberattack against Google , in which servers were hacked and customer account information was accessed. Last year, more than 30 other major companies reported similar infiltration attempts occurring in 2009, though we do not know how widespread the effort really is. China's cyber-espionage capabilities are well known and no doubt will continue to provide more valuable information for China's intelligence services.Few details have been released about the Renault case, which will likely remain confidential until French prosecutors finish their investigation. But enough information has trickled in to give us some idea of the kind of operation that would have targeted Renault's electric-vehicle program. Three Renault managers were accused: Matthieu Tenenbaum, who was deputy director of Renault's electric-vehicle program; Michel Balthazard, who was a member of the Renault management board; and Bertrand Rochette, a subordinate of Balthazard who was responsible for pilot projects. Various media reports — mostly from Le Figaro — claim that the State Grid Corporation of China opened bank accounts for two of the three managers (it is unknown which two). Money was allegedly wired through Malta, and Renault's investigators found deposits of 500,000 euros (about $665,000) and 130,000 euros (about $175,000) respectively in Swiss and Liechtenstein bank accounts. Assuming this is true, it is still unclear what the money was for. Given that the three executives had positions close to the electric-vehicle program, it seems that some related technology was the target. Patrick Pelata, Renault's chief operating officer, said that "not the smallest nugget of technical or strategic information on the innovation plan has filtered out of the enterprise." In other words, Renault uncovered the operation before any technology was leaked — or it is intentionally trying to downplay the damage done in order to reassure investors and protect stock prices. But Pelata also called the operation "a system organized to collect economic, technological and strategic information to serve interests abroad." Renault is convinced a foreign entity was involved in a sophisticated intelligence operation against the company. The question is, what foreign entity? On Jan. 13, Renault filed an official complaint with French authorities, saying it was the victim of organized industrial espionage, among other things, committed by "persons unknown." French Industry Minister Eric Besson clarified Jan. 14 that there was no information to suggest Chinese involvement in the case, though he previously said France was facing "economic war," presuming that the culprits came from outside France. The source for the original rumors of Chinese involvement is unclear, but the French clearly backed away from the accusation, especially after Chinese Foreign Ministry spokesman Hong Lei called the accusation "baseless and irresponsible" on Jan. 11 (of course, even if the Chinese were the culprits they would certainly not admit it). The Chinese have definitely targeted energy-efficient motor vehicle technology in the past, in addition to the Ford and GM cases, and Renault itself is no stranger to industrial espionage activities. In 2007, Li Li Whuang was charged with breach of trust and fraudulent access to a computer system while working as a trainee at Valeo, a French automotive components manufacturer, in 2005. The 24-year-old was studying in Paris when she was offered the trainee position at Valeo. Investigators found files on her computer related to a project with BMW and another with Renault. The new Renault case, however, is very different from most Chinese espionage cases. First, it involved recruiting three French nationals with no ethnic ties to China, rather than first-generation Chinese. Second, the alleged payments to two of three Renault employees were much larger than Chinese agents usually receive, even those who are not ethnic Chinese. The one notable exception is the case of Larry Chin, who is believed to have received more than $1 million in the 30 years he spied for China as a translator for U.S. intelligence services. Renault executives would also be paid as much or more in salaries than what was found in these bank accounts, though we don't know if more money was transferred in and out of the accounts. This may not be unprecedented, however; STRATFOR sources have reported being offered many millions of dollars to work for the Chinese government. Another problem is the alleged use of a Chinese state-owned company to funnel payments to the Renault executives. Using a company traceable not only to China but to the government itself is a huge error in tradecraft. This is not likely a mistake that the Chinese intelligence services would make. In Chin's case, all payments were made in cash and were exchanged in careful meetings outside the United States, in places where there was no surveillance. Thus, STRATFOR doubts that the Renault theft was perpetrated by the Chinese. The leak suggesting otherwise was likely an assumption based on China's frequent involvement in industrial espionage. Still, it could be a sign of new methods in Chinese spycraft.The Shriver and Renault cases could suggest that some Chinese intelligence operations are so sophisticated that counterintelligence officers are unaware of their activities. They could mean that the Chinese are recruiting higher-level sources and offering them large sums of money. Chin, who got his start working for the U.S. Army during the Korean War, remained undetected until 1985, when a defector exposed him. There may be others who are just as well hidden. However, according to STRATFOR sources, including current and former counterintelligence officers, the vast majority of Chinese espionage operations are perpetrated at low levels by untrained agents. There is little indication that the Chinese have switched from the high-quantity, low-quality mosaic intelligence method, and cyber-espionage activities such as hacking Google demonstrate that the mosaic method is only growing. The Internet allows China to recruit from its large base of capable computer users to find valuable information in the national interest. It provides even more opportunities to vacuum up information for intelligence analysis. Indeed, cyber-espionage is being used as another form of "insurance," a way to ensure that the information collected by the intelligence services from other sources is accurate. If China is responsible for the Renault penetration, the case would represent a change in the Chinese espionage MO, one aiming at a higher level and willing to spend more money, even though most of the cases prosecuted in the United States pointed to a continuation of the mosaic paradigm. Nevertheless, counterintelligence officers are likely watching carefully for higher-level recruits, fearing that others like Chin and Shriver may have remained undetected for years. These cases may be an indication of new resources made available to Western counterintelligence agencies and not new efforts by the Chinese. One thing is certain: Chinese espionage activities will continue apace in 2011, and it will be interesting to see what targets are picked.