EXCLUSIVE: How Hacking and Espionage Fuel China’s Growth
This is the 4th part in a 4-part series: Murder, Money, and Spies: An Investigative Series on the Chinese Military’s For-Profit Ventures
Elements of China’s military, state, business, and academia have been interwoven over decades and organized around one goal: stealing secrets from the West. This regime of theft takes with impunity, powering China’s economy and high-tech military, while robbing the United States alone of trillions in value each year.
Very late in the game, the United States has started to respond. The U.S. Justice Department made headlines in May 2014 by indicting five Chinese military hackers from Unit 61398 for their alleged role in economic theft.
The system, however, doesn’t stop at military hackers. Organizations throughout China work as “transfer centers” that process stolen information into usable designs. Official programs facilitate the theft. And the whole system runs through a corrupt nexus among government officials, military officers, business executives, and academics throughout China.
There is a nearly constant stream of news stories about cyberattacks and spies stealing technology from the West, but the true scale of the cyberattacks and breaches by spies goes far beyond what’s reported.
This article is the last of a four-part investigative series that has been two years in the making. Tapping the knowledge of intelligence and security experts, it reveals the inner workings of a state-sanctioned program to rob the West and feed China’s economic growth and military strength.
“We are seeing only a fraction of actual data breaches reported in the U.S. Many of the data breaches reported in 2014 were of retailers, where compromised consumer personally identifiable information (PII) is required to be reported,” said Casey Fleming, chairman and CEO of BLACKOPS Partners Corp.
Fleming is in a unique position. His company tracks both cyberspies and human spies infiltrating Fortune 500 companies. He said, in addition to what appears in the press, “hundreds of other companies have not reported data breaches due to negative coverage—or worse, most never detected the breach to begin with.”
Just in the last year, he added, his company observed a tenfold increase in the “aggressiveness, depth, and frequency” of insider spy activity and cyberattacks breaching companies. He said they expect the problem to grow worse.
“Our intelligence unit’s latest estimates are that U.S. companies and the U.S. economy lose approximately $5 trillion each year, or over 30 percent of the U.S. GDP when you factor the full value of the stolen innovation,” Fleming said.
“It will not take long for every American citizen to be affected by the scale of this economic espionage assault in the form of lost jobs, higher prices, and a lower quality of life,” he said.
The large scope of the theft stems from the Chinese regime’s grip on nearly all facets of its society, according to Josh Vander Veen, director of incident response at SpearTip, a cyber-counterintelligence firm.
Vander Veen is a former special agent with U.S. Army Counterintelligence and worked for more than a dozen years investigating foreign spy operations.
“The Chinese government has a hand in so many of its domestic industries,” he said, adding that the platforms it uses for economic theft include “the transfer centers, cyberattacks, and academic research at U.S. universities.”
While the Chinese regime operates a very large system for stealing and processing intellectual property, it makes the money back by developing products based on the stolen information. Many times, the Chinese products based on stolen American research and development are resold back in the United States at approximately half the price of the original American product.
“They’re busy, and they do invest a lot of personnel and a lot of time,” Vander Veen said. “But really it’s a fraction of the cost and a fraction of the time it takes to do this kind of research.”
When trying to understand the Chinese regime’s use of economic theft, and the involvement of its armed services, corporations, and universities in the theft, “We should view it from the Chinese lens,” said Richard Fisher, senior fellow at the International Assessment and Strategy Center.
“In a sense it is very clear-cut, but we don’t want to accept what we see right before our eyes,” Fisher said, adding that any organization that has a Chinese Communist Party (CCP) cell “is capable of conducting intelligence or military operations.”
The idea of official “state-run” companies in China can also be deceiving, since nearly all companies are required to have officials from the CCP assigned to them, according to a client of BLACKOPS Partners Corp. who conducts high-level business in China and spoke under conditions of anonymity.
“Any company that has more than 50 people in it has a government liaison assigned to it,” the source said. “That’s law in China.”
In China, there are only vague and blurry lines separating government from private industries, military from government, and private from military. The systems for economic theft likewise take place across all three of these sectors.
A History of Copying
While the actual breaches often get attention, there is very little awareness of what takes place after information is stolen.
To understand how the system works and how it has developed requires a bit of history, and it starts with the Cold War and relations between the Chinese regime and the Soviet Union.
A source with direct knowledge of the Chinese regime’s system for reverse-engineering stolen technology explained to Epoch Times how it developed. The Chinese regime pulled from practices used by the Soviets, he said, but its leaders changed them in crucial ways to better fit China’s then-lacking technical prowess.
If a Soviet spy had stolen designs for a U.S. spy camera, for example, the designs would be transferred to a research facility where Soviet engineers would attempt to reproduce the technology as-is.
With China, the approach was very different. The source explained that the Chinese regime had few illusions at the time about its technological gap with other countries. So, while the Soviets would start their counterfeit process from the top, he said, the Chinese would start theirs from the bottom.
If a Chinese spy were to get his hands on the same hypothetical spy camera mentioned above, he would similarly transfer it to a research facility. But rather than try to duplicate the camera, the researchers would find earlier generations of the technology and learn to build those first.
They would send spies to gather publicly available information for the earliest models of the targeted technology, buy the next generations in stores, and send students to study and work abroad in the targeted industry.
The process would give them a foundation of knowledge, and when they were finally ready to reverse engineer the modern-generation gadget, they could easily see which parts had been upgraded and which changes were made from the technology’s previous generations.
According to the source, the Chinese approach was significantly faster and more cost effective than the Soviet approach.
The Chinese regime’s current system for processing and reverse engineering stolen designs has grown significantly larger than it was during the Cold War, and has developed from a strictly military operation into a system that permeates the entire Chinese regime.
After someone steals trade secrets for the Chinese regime, the information serves little use until it’s processed or reverse engineered. This part of the job is handled by a large network of transfer centers.
“There is nothing like this anywhere else in the world,” according to William C. Hannas, James Mulvenon, and Anna B. Puglisi in their 2013 book, “China’s Industrial Espionage.”
“The system is enormous, befitting a nation of 1.3 billion, and operates on a scale that dwarfs China’s own S&T [science and technology] enterprise,” they stated, adding “We are talking here of an elaborate, comprehensive system for spotting foreign technologies, acquiring them by every means imaginable, and converting them into weapons and competitive goods.”
The departments in charge of reverse engineering are officially called China’s National Technology Transfer Centers or National Demonstration Organizations. The book notes these outfits began operating in China in September 2001 and were “established in policy” in December 2007 through the National Technology Transfer Promotion Implementation Plan.
An estimated 202 of the “demonstration” centers are currently in operation in China, according to the book. The actual scale may be larger, however, since the 202 centers work as “models for emulation by other transfer facilities.”
To name just a few of the transfer centers, they include the State Administration of Foreign Experts Affairs under the State Council, the Science and Technology Office under the Overseas Chinese Affairs Office, and the National Technology Transfer Center under the East China University of Science and Technology.
The organizations don’t try to hide their function. The authors quote a Chinese study of the transfer centers, which states they function to “convert advanced foreign technology into domestic innovation ability” and even recommends “making technology transfer even more the core feature of our technology innovation.”
“Their charters explicitly name ‘domestic and foreign technology’ as targets for ‘commercialization,'” the book states.
The transfer centers play several roles, which include processing stolen technology, developing cooperative research projects between Chinese and foreign scientists, and running programs aimed at reeling in Chinese nationals who have studied abroad.
China’s economic rise can be attributed to this system of “minimal investment in basic science through a technology transfer apparatus that worked—mostly off the books—to suck in foreign proprietary achievements, while the world stood by and did nothing,” according to the book.
It states the Chinese regime could not have undergone the economic transformation the world is now witnessing, “nor sustained its progress today, without cheap and unrestricted access to other countries’ technology.”
Their findings align with a 2010 report from the U.S. Defense Threat Reduction Agency, which said modernization in the Chinese military depends “heavily on investments in China’s science and technology infrastructure, reforms of its defense industry, and procurement of advanced weapons from abroad.”
It adds that the Chinese regime’s theft of technology is unique in that under the system, it gives autonomy “to research institutes, corporations, and other entities to devise collection schemes according to their particular needs.”
A Hungry Military
The Chinese regime’s People’s Liberation Army (PLA) plays a special role in the theft of information. The military is required to cover a portion of its own costs, and over decades this focus on building external sources of cash has made its military leaders some of the most powerful people in China.
According to a book, “China’s Economic Dilemmas in the 1990s: The Problems of Reforms, Modernization, and Interdependence,” the PLA particularly relies on external sources for its research and development programs.
“With only 70 percent of operating expenses in maintaining troops covered by the state budget,” it states, “the PLA must make up the rest and still find supplemental funds for modernization.”
Just like the nexus between government and private business in China, the lines between military and state, and military and private, are likewise thin.
There are many top officials in the PLA who also hold high-level positions in state-run companies, and many of these individuals also hold top-level positions in the ruling CCP.
Under the Chinese regime’s current leader, Xi Jinping, “an unprecedented number of senior cadres from the country’s labyrinth ‘jungong hangtian’ (military–industrial and space–technology) complex are being inducted to high-level Party-government organs or transferred to regional administrations,” states a Sept. 25, 2014, report from the Jamestown Foundation.
Former leader of the CCP Jiang Zemin had reformed the system in the late 1990s, when the landscape of large companies in China was almost completely controlled by the military. According to several experts, however, the changes Jiang made merely shifted control from the military to the hands of those who were then in charge of the companies.
“They sat down like in ‘The Godfather’ where they said ‘You’re in charge of docks and I’m in charge of loansharking,'” said William Triplett, former chief counsel to the Senate Foreign Relations Committee, in a phone interview.
The “reforms” essentially shifted the system from military-run to state-run, while allowing top military officers and high-level officials in the Communist Party to maintain heavy stakes in the companies, and preventing these roles from ending with their military careers.
The Chinese regime’s military maintains “somewhere between 2,000 and 3,000 front companies in the United States, and their sole reason for existing is to steal, exploit U.S. technology,” said Lisa Bronson, deputy undersecretary of defense for technology security policy and counterproliferation, in a 2005 speech.
The FBI’s former deputy director for counterintelligence later said the Chinese regime operates more than 3,200 military front companies in the United States dedicated to theft, according to the 2010 report from the U.S. Defense Threat Reduction Agency.
While this system of state-sponsored theft unleashes individual initiative, as institutions scramble to steal what they can to turn a profit, the regime also provides strategic guidance.
Project 863 (also called the 863 Program) was started by former Chinese Communist Party leader Deng Xiaoping in March, 1986. According to a 2011 report from the U.S. Office of the National Counterintelligence Executive, it “provides funding and guidance for efforts to clandestinely acquire U.S. technology and sensitive economic information.”
In its original state, Project 863 targeted seven industries: biotechnology, space, information technology, automation, laser technology, new materials, and energy. It was updated in 1992 to include telecommunications, and was updated again in 1996 to include marine technology.
The Chinese regime’s official programs to help facilitate foreign theft are not limited to Project 863, however. It also includes the Torch Program to build high-tech commercial industries, the 973 Program for research, the 211 program for “reforming” universities, and “countless programs for attracting Western-trained scholars ‘back’ to China,'” according to “China’s Industrial Espionage.”
“Each of these programs looks to foreign collaboration and technologies to cover key gaps,” the authors note, adding that it encourages Western-trained experts to help the Chinese regime’s technological development by returning to China, or “serving in place” by providing needed information gained while working for their Western employers.
They cite a document from the Chinese regime, which states Project 863 maintains a library of 38 million open source articles in close to 80 databases that contain “over four terabytes of information gleaned from American, Japanese, Russian, and British publications, military reports, and standards.”
The Central Nerve
There is a central nerve allegedly behind the system of theft that is also a key power within the Chinese regime. Several sources point to an otherwise unassuming organization hidden deep within the Chinese regime’s military.
One of the most powerful organizations behind the economic theft is the 61 Research Institute, under the Chinese military’s Third Department of the General Staff Department, according to a source who formerly worked under one of the Chinese regime’s main spy agencies, and who spoke on condition of anonymity.
Influence and connections are the keys to power in China, and the man in charge of the 61 Research Institute, Maj. Gen. Wang Jianxin, has some powerful connections.
Wang Jianxin is a son of Wang Zheng, who was a pioneer of the Chinese Communist Party’s signals intelligence operations under Mao Zedong, founder of the People’s Republic of China. Wang Zheng had five sons, and all of them allegedly hold powerful positions in China.
Another son is the Lieutenant general of the Deputy Secretary of the CCP Central Guard Bureau, the official guards that protect the Chinese regime’s top leaders in the central Party compound of Zhongnanhai. The nephew of Wang Zheng, Wang Lei Lei, is the CEO of one of the top finance companies in China.
“This family, they control all the communications,” the source said, noting that this, along with other family connections, gives them significant power over the Chinese military.
In particular, he said, Wang Jianxin commands the Chinese regime’s military hackers under the General Staff Department. He said the “61” at the front of the names of many Chinese hacker units is a designator for the 61 Research Institute.
The names of many known military hacker units in China do start with “61.” There are at least 11 units under the General Staff Department, Third Department, that have the “61” designation, according to a report from the Project 2049 Institute. Among the “61” units is Unit 61398, under which the five military hackers indicted by the U.S. Department of Justice in 2014 operated.
The source’s claims could not be independently verified. Inquiries into these allegations uncovered fear of this mysterious organization. The source requested to have his name withheld, in connection with the 61 Research Institute, for fear he would be “dead within a week,” if he was known to have given information about it.
Another source, a top-level intelligence analyst, stopped a phone interview at the mention of the 61 Research Institute and declined to comment.
The client of BLACKOPS Partners Corp. also said he has similar concerns for his safety, when speaking about the organization, yet he did know about it. He said the 61 Research Institute is based in Haidian on the northwest side of Beijing. “Because they’re government,” he said, “they have their homes in the Chaoyang District, near Chaoyang Park.”
He confirmed, based on his personal experience, that the 61 Research Institute is among the main centers of power within the Chinese regime.
According to Triplett, the power structure of the Chinese regime is separate from its organizational structure. In other words, military branches several layers down the organizational chart will at times hold more power than those above them.
“Basically, you look at them and think it’s equal, but it’s not,” Triplett said.
He added that during the 1980s and 1990s, one of the most powerful branches in the Chinese military was the Second Department under the General Staff Department, which is in charge of human intelligence (HUMINT) spy operations.
With the rise of information technology and today’s heavy focus on cyber, he said, it’s likely that power has shifted to the Third Department, which runs the regime’s signals intelligence operations (SIGINT) and includes its military hackers.
The Chinese regime’s widespread use of theft to support its economy is a sign that it has moved to the final stages of any communist regime—where ideology fades, according to Edward Luttwak, senior associate at the Center for Strategic and International Studies.
Luttwak described this last stage as one where “super pragmatism” replaces ideology. It’s a stage in a communist society when the people stop believing in “global equality” and start thinking of how to get ahead at all costs.
Luttwak gave an analogy that if you were to offer an ideological person ice cream they may turn it down. A pragmatic person would accept it. And a “super pragmatic” person would take the ice cream whether or not it was offered.
The Chinese Communist Party started off as an ideological party, he said. “The problem is when the ideological people stop being ideological, they don’t just become pragmatic. They become super pragmatic.”
“Any dictatorship is a kingdom of lies,” he said. “No doubt, what happened is that the people in charge are super pragmatists.”
At this stage, he said, “anything they want, they take.”
Update: An earlier version of this article misspelled the name of Wang Zheng (王诤), whose original name was 吴人鉴.
This is the 4th of a 4-part series. Click image below to see the full series.