Chinese Foreign Agent Threats to the U.S.


Chinese Foreign Agent Threats to the U.S.

by Benjamin M. Butchko


Abstract

This paper discusses the threat to the United States by Foreign Agents and Spies. This class of threat is defined by Fred Cohen [9] as:

"People who professionally gather information and commit sabotage for governments.

Complexity: These people are highly trained, highly funded, backed by substantial scientific capabilities, directed toward specific goals, and skillful at avoiding detection. They can be very dangerous to life and property."

 

This definition is expanded somewhat in this paper to address the complex motivations of foreign agents. These include threats to national infrastructure, military power, and economic competitiveness. The Department of Energy and NSA estimate that more than 120 countries have established computer attack capabilities. [4] A 1997 White House report on economic espionage said 23 countries have used legal and illegal means to acquire industrial secrets. [3] The prevalence of Chinese espionage efforts are e xamined along with the areas of espionage focus. Another section addresses the threat of information warfare being developed by the Chinese government. While these threats are not limited to China, the Chinese program is the largest identified threat of t his type directed against the United States, and is thus used as an example.

Foreign agents from all over the world represent a potential threat to the United States. Allies and historical enemies alike have motives to support espionage efforts against the US and its interests. These may be limited to economic issues and compet itiveness, or could be driven by military concerns.

China has been identified as having the most significant intelligence operations aimed at the U.S. [2]. Much of published information attests to the Chinese efforts to obtain US technology and military equipment.


Introduction

This paper discusses the threat to the United States by Foreign Agents and Spies. This class of threat is defined by Fred Cohen [9] as:

"People who professionally gather information and commit sabotage for governments.

Complexity: These people are highly trained, highly funded, backed by substantial scientific capabilities, directed toward specific goals, and skillful at avoiding detection. They can be very dangerous to life and property."

 

This definition is expanded somewhat in this paper to address the complex motivations of foreign agents. These include threats to national infrastructure, military power, and economic competitiveness. The Department of Energy and NSA estimate that more than 120 countries have established computer attack capabilities. [4] A 1997 White House report on economic espionage said 23 countries have used legal and illegal means to acquire industrial secrets. [3] The prevalence of Chinese espionage efforts are e xamined along with the areas of espionage focus. Another section addresses the threat of information warfare being developed by the Chinese government. While these threats are not limited to China, the Chinese program is the largest identified threat of t his type directed against the United States, and is thus used as an example.

Foreign agents from all over the world represent a potential threat to the United States. Allies and historical enemies alike have motives to support espionage efforts against the US and its interests. These may be limited to economic issues and compet itiveness, or could be driven by military concerns.

China has been identified as having the most significant intelligence operations aimed at the U.S. [2]. Much of published information attests to the Chinese efforts to obtain US technology and military equipment.

US vulnerabilities are discussed briefly to support the basis for foreign agent incentives.

Foreign agent organizations are discussed along with the strategies they employ to meet their goals. This includes the traditional state run intelligence organizations, as well as other government entities that are actively involved in espionage efforts.

The report said foreign countries covet aeronautics systems, armaments, chemical and biological recipes, guidance systems, manufacturing and fabrication techniques, nuclear know-how, sensors, lasers and satellite technology. They also want bid proposal s, price structuring and marketing plans, all of which can provide the winning edge in the highly competitive global market. [3]

Methods of attack are addressed. This is an inexhaustive list, but provides a sense of the tools and methods that are available to agents.

Examples of alleged Chinese espionage activity are noted in the final section.


China - Introduction

Chinese societal structure is tightly controlled by the government and communist party. With a lack of free market economy, the government exerts strong influence on Chinese corporations and economic areas. Beginning in the late 1970s, China began tryi ng to make its economy more market driven, while maintaining the political control of the Communist Party. This has resulted in immense growth in the GDP, which has quadrupled since 1978 [12] and provided a buffer from the Asian financial crisis of 1998 a nd 1999.

Chinese citizens are not highly restricted in their ability to enter the United States. One of the primary drivers for this lack of restriction is the large economic market that China represents for U.S. business. The Chinese government uses this to it s advantage by employing scientists, students, business people, or bureaucrats, in addition to professional civilian and military intelligence operators as tools for information gathering.

The People's Republic of China (PRC) uses a variety of government, and government sponsored, organizations in information gathering and intelligence operations. Due to the socialistic and cultural institutions present in China, the PRC leverages its wi de span of influence to engage multiple state sponsored institutions.


China's Government Structure

Chinese government is controlled by the Communist Party. The Party has a controlling position in the State Council as well as the People's Liberation Army. Through this combination, the Communist Party exerts control over political, military, governmen tal, and commercial activities in all of China. [2]

The State Council controls the PRC's military-industrial organizations through the State Commission of Science, Technology, and Industry for National Defense (COSTIND). This organization was created in 1982 and is responsible for the integration of civ ilian research, development and production efforts within the military arena. A multitude of interrelated industrial institutions have been created to meet the large goal.

The PRC has two intelligence organizations that engage in espionage efforts directed at the United States: the Ministry of State Security (MSS) and the People's Liberation Army (PLA) General Staff's military Intelligence Department (MID).

However, Due to the widespread Chinese Government sponsored organizations, the foreign intelligence organizations account for a relatively small share of the information collection operations. The bulk of information gathering activities are directed b y the State Commission of Science, Technology and industry for National Defense (COSTIND). Since the early 1990's, the PRC has been increasingly focused on acquiring U.S. and foreign technology and equipment, including particularly dual-use technologies t hat can be integrated into the PRC's military and industrial bases.


863 and Super-863 Programs

COSTIND is responsible for implementation of the 863 and follow-on Super-863 program. 863 was started in 1986 and aimed at narrowing the gap between the PRC and the West by the year 2000. This program was extended and expanded in 1996 with the Super-86 3 program. The program budget was split between military and commercial projects with main areas of program application including:

These programs act by gathering commercial and dual-use technology and attempting to assimilate them into military systems and industrial bases.


16-Character Policy

This policy was formalized in 1997 and holds that military development is the objective of general economic modernization. This provides for alignment in the economic and military goals of the nation, and as the economy expands, further funding is prov ided for military R&D, systems purchases, and increases in the military-industrial complex. Specific areas of developmental emphasis within this program are:

This plan acts as a guideline for general economic and military development throughout the Chinese bureaucracy and economic market.


United States Vulnerabilities

The United States is vulnerable to both information gathering operations and information warfare attacks due in large part to the openness of the U.S. economy. With respect to information gathering operations, the prevalence of Chinese visitors and residents in the United States offers the potential for a wide network of Chinese agent infiltrators. Economic incentives to access the enormous and emerging Chinese market support increased interaction and provide China with a large 'carrot' to entice and coerce U.S. firms.

A Rand Company study demonstrated that because the U.S. economy, society, and military rely increasingly on a high performance networked information infrastructure, this infrastructure presents a set of attractive strategic targets for opponents who possess information warfare capabilities. [4]

The U.S. use of the Internet and prevalence of U.S. companies placing large volumes of information in this public area allows for easy access to intelligence gatherers.

The U.S. military complex has been shifting to greater use of commercial off-the-shelf technology for military systems. Thus, the line between commercial and military technology has blurred somewhat.

The U.S. society and economy is reliant upon the National Information Infrastructure. This infrastructure is designed, maintained and operated by corporations and individuals that do not place security at the same priority level as the military does. However, the military relies heavily on the commercial complex for logistics and information support, and thus would be greatly affected by a major commercial infrastructure disablement.

U.S. military systems are becoming more dependent on information technology to allow a smaller force to be more effective. While this provides great benefits, it creates vulnerabilities to information attacks.


Strategic Methods of Information Acquisition

Most of the losses of U.S. technology to China occurs in the form of commercial, scientific, and academic interactions between the U.S. and the PRC. The bulk of information is gathered by various non-professionals, including PRC students, scientist, re searchers, and other visitors to the West. Joint venture operations, commercial companies and fronts in Western countries, purchase of equipment, general foreign visits, and use of students. Professional scientific visits, delegations, and exchanges are u tilized heavily as a means to gather sensitive technology. "Almost every PRC citizen allowed to go to the United States as part of a delegation likely receives some type of collection requirement, according to official sources." This coupled with the mult iple thousands of delegations that visit the U.S. each year provides for an incredible number of espionage opportunities. [2]

Strategies employed to acquire equipment and technology include:

Covert espionage is claimed to the most heavily used method of technology acquisition. This is accomplished through the use of personnel from government ministries, commission, institutes, and military industries independently of the PRC intelligence s ervices. [2]

Methods have shifted from the primarily illegal and covert methods, which were historically employed, to a heavy reliance on overt and legal activity. Information targeted also includes business driven information targets such as commercial strategic m anagement information, bid proposals, price structuring, and marketing plans. [1]

Foreign collection focuses on economic and Science and Technology (S&T) information and products. Dual use technology are consistently targeted.

Unsolicited requests for US defense industry S&T program information are the most frequently reported activities by Chinese information gatherers. The use of "headhunters" is used as a guise to solicit information from employees involved in S&T work. The Internet is utilized for access to company web sites, bulletin boards, and postings offer a wealth of opportunities. Attendance at conventions and seminars offer opportunities to collect information directly as well as opportunities to meet i ndividuals that may later be contacted directly with further questions. Foreign employees working for US companies are targeted by foreign collectors. Cultural ties are leveraged to establish rapport. [1]

The PRC has used joint ventures with the oil and gas business to increase their technology base. They have make contractual arrangements with Shell and Exxon for exploration at different times, and then let them operate in areas that looked promising, but had been determined to produce only dry holes. However, they managed to keep the details hidden from the foreign companies until they had already shared modern and sometimes proprietary technology.

"Many of the countries whose information warfare efforts we follow realize that in a conventional military confrontation against the U.S., they cannot prevail," CIA director George Tenet said. "These countries recognize that cyberattacks…against civili an computer systems in the U.S. represent the kind of asymmetric option they will need to 'level the playing field' during an armed crisis against the United States." [6]

Beijing has the world's largest program of information warfare development. [6] In testimony before Congress in 1997, Michael Pillsbury detailed the widespread threat of Chinese efforts to gather information and develop asymmetric attack means. The key to asymmetric threats represent attacks on information. Mr. Chang Mengxiong, the former senior engineer of the Beijing Institute of System Engineering of COSTIND stressed that "even if two adversaries are generally equal in weapons, unless the side havin g a weaker information capability is able to effectively weaken the information capability of the adversary, it has very little possibility of winning the war." [5] Thus, supporting the strategy of information warfare tactics to defend against or even off ensively attack an identified more advanced adversary as the United States.

China is databasing "famous scientists" overseas, including home addresses and China visitation history. [14] This provides for refined targeting of technology experts of interest.

Classified material are obtained through personal relationships, bribes or computer hacking. [14]


Electronic Methods of Information Acquisition

Due to the vast amounts of information stored in electronic media, a person who gains access to sensitive information can quickly copy or transfer huge amounts of information which in many cases is undetectable. Examples of methods used to gather information are by hacking into a system, downloading information based on legitimate access, gathering open-source information from the Internet, or stealing backup disks.

Hacker tools are readily available from many Internet sources such as http://www.2600.com/. The specifics of these tools are not addressed here other than noting that they are readily available to a wi de range of threat sources, including foreign agents and spies. Their usefulness is primarily in gaining electronic access to information in computer and network system.

Regardless of the manner in which network access is obtained, either through insider access, or illicit means (hacking, etc.), search tools can be used. Search engines, web crawlers, and intelligent agents are electronic tools that assi st in the collection of information from Internet and Intranet sources once access to a network has occurred.

Intelligent Agents are being provide an automated means of traveling to multiple sites, identifying and collecting relevant information, and depositing it for subsequent processing. [19] These represent further development of web crawle r tools which use existing search engines and databases to perform searches. A major difference is that search agents have their own search engine, employ artificial intelligence routines to filter information and can capture data files of interest.

Key elements of search agents are:

The means of control of search agents exists in:

One key benefit to intelligence gathering organizations of search agent technology is the identification of key areas of research by targeted scientists or corporations. Published items can be tracked and correlated to serve as the basi s for further research or questioning.


Information Warfare

Developing a computer attack capability can be quite inexpensive and easily concealable: It requires little infrastructure, and the technology required is dual-use. [10] Information warfare is expected to increasingly become an inexpens ive but highly effective tactic for disrupting military operations. [4] The Department of Energy and NSA estimate that more than 120 countries have established computer attack capabilities. [4] It's clear that those developing these programs recognize the value of attacking a country's computer systems -- both on the battlefield and in the civilian arena. As a means of deception, limited level cyber-assaults can be blamed on "independent" hackers.

This threat arises from terrorist groups or nation states, and is far more subtle and difficult to counter than the more unstructured but growing problem caused by hackers. [4]

Anonymity and lack of required physical proximity are key benefits of using this technique. It is inherently difficult to trace perpetrators electronically and the tools are low cost.

As an information gathering tool, electronic information operations represent a simple, low-cost, non-threatening and relatively risk-free way to collect classified, proprietary or sensitive information. [16]

Indirect information warfare affects information by creating phenomena, which the adversary will perceive, interpret, and act upon. Military deception, physical attack, and OPSEC traditionally achieve their ends indirectly. For example, the goal of deception is to cause the adversary to make incorrect decisions; deception does this by creating an apparent reality.

Direct information warfare affects information through altering its components without relying on the adversary's powers of perception or interpretation. Information attack acts directly upon the adversary's information. Since nearly al l modem information functions are themselves controlled by information, information attack may be directed against most information functions. [18]

Taiwan's Ministry of National Defense has warned its citizens about China's ability to penetrate government-run Web sites and spread rumors via the Internet. [13]

Following the 1991 Gulf War, China initiated a full-scale campaign to develop its information warfare capability at strategic, operational and tactical levels as part of its overall military modernization effort. [13]

The NSA has acknowledged that potential adversaries are developing a body of knowledge about the Defense's and other U.S. system, and about methods to attack these systems. According to NSA, these methods, which include sophisticated co mputer viruses and automated attack routines, allow adversaries to launch untraceable attacks from anywhere in the world. [4]


Attack Methods and Tools

Information warfare can represent itself in five major ways:

On a small scale, any of these tactics may be employed by a variety of threat sources, including hackers, cybergangs, maintenance personnel, insiders. However, the attacks spawned by foreign agent organizations have the ability to be of much greater ma gnitude and coordinated attacks at a much higher level. Thus, the attacks can be much more multi-faceted and attack an entire information infrastructure at once.

Examples of basic attack tools supporting the above operational strategies [15, 20]:

Denial-of-Service attacks come in many varieties, including mail bombs, SYN floods, Ping of Death, Rogue Applets, Host System Hogging, and Force Multiplier. The force multiplier is a distributed attack, wherein up to thousands of comput ers are leveraged in an attack against a single target. These attacks work by flooding a single IP address with a variety of simpler attack. The probability of success is increased by the shear magnitude of simultaneous attacks from multiple sources.

Computer viruses are code fragments that replicate when a host program is run and affect other programs. Affects may vary from lost data to simply capturing all computer resources to prevent functionality.

Worms are independent programs that reproduce and spread across networks to infect other computers. Affects may vary from lost data to simply capturing all computer resources to prevent functionality.

These programs do not cause visible damage to systems, but trigger other events to occur that may open up other attack opportunities. They are difficult to detect because they do not directly cause system damage.

These are like Trojan horses, except that they release viruses or worms that perform a system attack.

These are entry points built into computer systems by the designer that are undocumented and allow for access to data and system resources by bypassing normal security protection.

These are modifications to system hardware and firmware that can perform the same types of functionality as listed above.

This is a method of overwhelming the communications channel to prevent information exchange or insert incorrect information.

These high energy weapons use electromagnetic energy to disrupt electronic system operation or destroy electronic components.

Key elements of the above list of attack methods are that with the exception of HERF Guns, EMP Bombs, and chipping, all can be initiated without physical proximity to the target. It is the ability to combine these attack tools various combinations to c oordinate and produce a large-scale attack that can be extremely devastating. They can also be augmented with conventional attacks such as explosives, hardware sabotage, etc.


Investigations

Three large scale investigations related to Chinese espionage efforts that have been investigated and widely publicized are the allegations of Chinese influence in the 1996 presidential election, allegations that a Department of Energy National Laboratory employee passed secrets to China, and allegations that the Clinton administration made sensitive U.S. technology available to the Chinese through the sale of U.S. satellites and computers. [2, 7, 8] These investigations have serious po litical overtones that make it difficult to identify truth from posturing. However, the confirmed loss of sensitive information demonstrates that espionage activities are taking place and have produced successful results. Additionally, the fact that these investigations have received large levels of attention highlights the fact that regardless of the specific cases, Chinese activity in the United States is real and deserves careful handling.


Summary, Conclusions, and Further Work

The Chinese government is investing a great deal of money and effort in developing its military and economic infrastructure. These efforts constitute a legitimate threat to U.S. interests and national security. Political and market fo rces in the U.S. make it difficult to place restrictions on Chinese activities, and create opportunities for Chinese exploitation of U.S. technology.


Bibliography

  1. Computer Espionage, Defense Investigative Service, The American Reporter, No. 288, 05/15/96
  2. Cox Report. http://www.house.gov/coxreport/
  3. Scarborogh, Rowan; U.S. Enemies Not Only Ones Attempting To Crack Secrets, Washington Times, December 29, 1999, Page 1.
  4. Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, Chapter report, 05/22/96, GAO/AIMD-96-84
  5. Testimony of Dr. Michael Pillsbury before the United States Senate Select Committee on Intelligence, November 1997, U.S. - Asia Strategic Council
  6. CIA: Cyberattcks aimed at U.S., Reuters, June 25, 1998
  7. Aubrey, Brian; Chinese Espionage Worries U.S., Fast Times, Vol. 16, No. 5, October 16, 1999.
  8. Diamon, John; Espionage problem appears widespread but political impact shallow, May 2, 1999, Associated Press
  9. Threat Cross Reference, http://all.net/
  10. Statement of the Director of Central Intelligence George J. Tenet As Prepared for Delivery Before the Senate Armed Services Committee Hearing on Current and Projected Nation al Security Threats, February 2, 1999
  11. Director of Central Intelligence, George J. Tenet, Before the Senate Select Committee on Intelligence hearing on Current and Projected National Security Threats, January 28, 1998.
  12. The World Factbook 1999 -- China, CIA. http://www.cia.gov/cia/publications/factbook/ch/html.
  13. Taiwan Threatens "eMAD" Against a Chinese Cyberattack, January 11, 2000, Stratfor. http://stratfor.com/asia/commentary/m0001110005.htm
  14. China Spy Manual Discloses Research Ruse, January 4, 2000, NewsMax.com.
  15. Haeni, Reto E., Information Warfare an Introduction, The George Washington University Cyberspace Policy Institute, January 1997.
  16. Information Operations (the cyber threat), Canadian Security Intelligence Service, 1999, http://www.csis-scrs.gc.ca/eng/operat/io2e.html
  17. Wilson, Michael, Waging IWAR, 1997, 7Pillars Partners. http://www.7pillars.com/papers/Waging.html
  18. Cornerstones of Information Warfare, http://www.infowar.com/milc4i/milc4ia.html-ssi
  19. Boureston, J., Using Intelligent Agents for Competitive Intelligence, January - March 2000, vol. 3, no. 1.
  20. Jackson, William, New attacks multiply threats to systems, Government Computer News, Jan 10, 2000.