The Daring Ruse That Exposed China's Campaign To Steal American Secrets

The New York Times magazine tells the story of an innocuous-seeming message on LinkedIn in 2017 from Qu Hui, the deputy director of the China-based Provincial Association for International Science and Technology Development.

Federal agents eventually obtained search warrants for two Gmail addresses the official was using, and "In what would prove to be a lucky break, the investigators found that each email address was the Apple ID used for an iPhone, linked to an iCloud account where data from the phones was periodically backed up. The agents were later able to obtain search warrants for the two iCloud accounts [that] opened a treasure trove." This included confirmation of what they had suspected all along: that Qu worked for Chinese intelligence. His real name was Xu Yanjun. He had worked at the Ministry of State Security since 2003, earning six promotions to become a deputy division director of the Sixth Bureau in the Jiangsu Province M.S.S. Like so many of us, he had taken pictures of important documents using his iPhone — his national ID card, pay stubs, his health insurance card, an application for vacation — which is how they ended up in his iCloud account. There, investigators also found an audio recording of a 2016 conversation with a professor at N.U.A.A. in which Xu had talked about his job in intelligence and the risks associated with traveling. "The leadership asks you to get the materials of the U.S. F-22 fighter aircraft," he told the professor. "You can't get it by sitting at home." The discovery of evidence of Xu's identity in an iCloud account makes for a kind of delicious reversal. The ubiquitous use of iPhones around the world — a result of America's technological prowess — was helping to fight back against a rival nation's efforts to steal technology.
Qu scheduled a meeting in Brussels with one American target — where he was arrested and extradited to America, becoming the first-ever Chinese intelligence official convicted on U.S. soil on charges of economic espionage. The prosecution contended that Xu had been systematically going after intellectual property at aerospace companies in the United States and Europe through cyberespionage and the use of human sources. It's not often that prosecutors find a one-stop shop for much of their evidence, but that's what Xu's iCloud account was — a repository of the spy's personal and professional life. That's because often Xu used his iPhone calendar as a diary, documenting not just the day's events but also his thoughts and feelings.... The messages in Xu's iCloud account enabled investigators to make another damning discovery. Xu had helped coordinate a cyberespionage campaign that targeted several aviation technology companies....

At the end of the trial, Xu was convicted of conspiring and attempting to commit economic espionage and theft of trade secrets.... According to Timothy Mangan, who led the prosecution, the evidence laid out during Xu's trial goes far beyond merely proving his guilt — it uncovers the systematic nature of China's vast economic espionage. The revelation of Xu's activities lifts the veil on how pervasive China's economic espionage is, according to the F.B.I. agent. If just one provincial officer can do what he did, the agent suggests, you can imagine how big the country's overall operations must be.
The article notes that the Chinese government "also offers financial incentives to help Chinese expats start their own businesses in China using trade secrets stolen from their American employers." It also cites a 2019 report from a congressional committee's security review that found "myriad ways in which Chinese companies, often backed by their government, help transfer strategic know-how from the United States to China." The maneuvers range from seemingly benign (acquiring American firms with access to key intellectual property) to notoriously coercive (compelling American companies to form joint ventures with Chinese firms and share trade secrets with them in return for access to the Chinese market) to outright theft. Cyberattacks have become an increasingly common tactic because they can't always be linked directly to the Chinese government. Over the past few years, however, federal agents and cybersecurity experts in the U.S. have identified the digital footprints left along the trails of these attacks — malware and I.P. addresses among them — and traced this evidence back to specific groups of hackers with proven ties to the Chinese government.
One 2020 indictment blamed five "computer hackers" in China for breaching more than 100 organizations.

Thanks to Slashdot reader schwit1 for sharing the article.

Re:

[Pinky's Brain]

I think the Chinese employers will be a little less pre-occupied with civil rights of American immigrant employees, so even if it happens, it won't be as easy.

Re: Someday, the tables will turn.

[MobileTatsu-NJG]

Okay. I accept what you say at face-value. What shall I do with your insight? Learn mandarin?

Re:

[LifesABeach]

creativity.
and theft are different.
but both can work together.
but theft will always be second

Re:

[ewibble]

I disagree "theft" of idea and creativity are intertwined using other peoples ideas build on creativity allowing new ideas to emerge. Think of Edison, did he come up with glass, or electricity, no but he combined it into a light bulb. Since then we have improved light bulb, to make them more efficient, many colors, remotely switch on. All of which have lead to more innovation. The use of other peoples ideas is what drives innovation not stifles it. What stifles it is a patent system that is so expensive tha

Re:

[LifesABeach]

tao of software.
ideas are as tangible as any other object.
also one cannot take that which does not exist

Re:

[Handpaper]

Edison didn't invent the incandescent light bulb, Joseph Swan did.
The patent system allowed Edison access to Swan's design, which Edison improved.
Others improved further on Edison's (also patented) designs.

This is how the patent system works.

Re:

[ewibble]

Do you think its not happening now? Do you think China or the US or for that matter any country advertises the fact that they do it. People stealing other peoples secrets has probably being going on for as long as their have been secrets.

I know China bad, West good, but really all just act in our own interests.

Re:

[phantomfive]

No one serious is calling for war against China. And such a thing would be disastrous, they have nukes.

Re:hmm

[XXongo]

war with china seems unavoidable,

Nothing of the sort. We managed to go through fifty years of the cold war without starting a nuclear war with Russia, we can avoid starting a nuclear war with China too.

Re:

[arctor]

But with Russia, we had people to talk to. When we called, someone picked up. In the new China (and Russia) power is so concentrated at the top that (my guess) generals and politicians are afraid to pick up the phone unless the leader has already formulated a plan.

Avoiding a war only works if there's someone to talk to. Hell, the new China head of the army is under US sanctions. That tells you how much the Chinese want to talk to us.

Re:

[phantomfive]

Yeah, it would be insane to fight against Russia, too.

Re:

[Linux Torvalds]

One key difference between China and Russia is that China's nukes probably work.

Re:

[Gavagai80]

The problem is, China explicitly promises not to nuke anyone who doesn't nuke them first (and doesn't maintain as large an arsenal as those with an offensive stance). Since a war between the USA and China will inevitably take place in Taiwan and the South China Sea, the USA feels free to start it without fear of any retaliation at home.

Re:

[phantomfive]

the USA feels free to start it without fear of any retaliation at home.

That isn't likely.

Re:

[arctor]

"China explicitly promises not to nuke anyone who doesn't nuke them first"

The Chinese government isn't trustworthy in any sense. Absolutely nothing said can be believed. In fact, to strike first then claim that it was in self defense would be very "China."

Re:

[VeryFluffyBunny]

I think blackomegax meant to refer to the John Pilger documentary, "The Coming War on China" (2016) See: https://www.imdb.com/title/tt6... [imdb.com] (M), where he lays out the arguments for why this may be the case. Probably worth a re-watch to see how right or wrong he's been so far. I think it's available on Pilger's Vimeo channel.

Re:

[phantomfive]

Here it is [youtube.com].

It looks pretty deeply in conspiracy theory territory. "Nuclear war is planned." Seems very unlikely.

If you watch it, let me know if anything in there is worth looking at.

Re:

[VeryFluffyBunny]

"Planned" in what sense? I'd be surprised if the Pentagon, NSA, NORAD, etc., didn't have detailed analyses & a wide range of plans for nuclear war with all the other nuclear powers & then some.

Re:

[rossz]

How long have you been working for the CCP as a sock puppet?

And the moral of the story is ...

[JamesTRexx]

... your data in the cloud is not secure and private.

Oh yeah, and spies do exist outside of James Bond movies.

Not really.

[Gravis Zero]

The real lesson is that all services (free or paid) are bound by the laws in every nation in which they do business.

Your data has only ever been private if you have encrypted it.

Re:

[timelorde]

and wrote the encryption software yourself. in machine code. toggled it into memory yourself. using a computer you built yourself, from discrete components. maybe.

Re:Not really.

[Gravis Zero]

Since someone voted this "insightful" I will point out this is hyperbolic non-sense. If your software has been intentionally compromised then either a ransom gang has attacked you (and thus already has access to your data) or a nation-state has. Assuming it's a ransom gang then they really don't care about your data, just your wallet. Compromised hardware always means you're up against a nation-state. Anything else and it means you have a greater than 99.99% of encryption successfully keeping your data private.

If you are against a nation-state which you are inside of then perfect security is a moot point. [xkcd.com]

Company phone

[Waccoon]

All this does is point out the importance of using a company phone to do work. Using a personal device to illegally collect data, and that data is automatically backed-up on a cloud platform meant for drooling idiots?

Wow. You can't steal intelligence if you have none to begin with.

Reversal

[phantomfive]

The discovery of evidence of Xu's identity in an iCloud account makes for a kind of delicious reversal. The ubiquitous use of iPhones around the world — a result of America's technological prowess — was helping to fight back against a rival nation's efforts to steal technology.

How is that a reversal? It sounds like...normal.

Re: Reversal

[SleepingEye]

It is... but the "privacy privacy privacy" mantra is yet again proven false. Not news to anyone who's actually paying attention but the unwashed masses it is

I wonder if this was the stooge!

[oldgraybeard]

Who was put out there to get caught. So all the real spies could keep doing business with the government and corps off the radar.

Re:I wonder if this was the stooge!

[XXongo]

It doesn't work that way.

Maybe in fiction, spy agencies say "we caught one spy, that means we're good and can stop looking," but in the real world, they say "we caught one spy, that means there are others out there and we need to look harder."

Re:

[quantaman]

It doesn't work that way.

Maybe in fiction, spy agencies say "we caught one spy, that means we're good and can stop looking," but in the real world, they say "we caught one spy, that means there are others out there and we need to look harder."

It also gives you some idea of the kinds of patterns to look for elsewhere.

But more to the point, there's not much reason to set up one of your own people to get caught. You just waste a potentially useful asset, alienate any of your own people who know the story, and catch some bad PR for getting caught.

More likely, spies tend to be ordinary people doing jobs, and thus have a tendency to do the same dumb things ordinary people do. For an extreme case look at the FSB agents who poisoned Alexey Navalny, afte

Re:

[columbus]

But more to the point, there's not much reason to set up one of your own people to get caught.

Sun Tzu says otherwise. His writings are the first time I encountered the concept of doomed spies. And this is China we're talking about after all.

In this case, I agree with you though. This one doesn't seem to me to be a spy deliberately sent to his death in order to spread misinformation or misdirect the enemy.

Re:only an idiot uses icloud backup

[Gavagai80]

A spy who uses a phone from a company in the country he's spying on is pretty much the definition of an idiot, regardless of icloud or not. You never know what other tricks the feds compel Apple to enable which would be more sensitive to reveal than icloud.

Re:

[Canberra1]

Too bad the cause for the warrant was not published. It sure looks like a 'fishing' one. In other news US is getting rid of sharp focus surveillance cameras, and putting in inferior fuzzy ones to ensure other operatives have less risk of getting caught. I wonder if the politicians who were on the take - will get bitten.

Moral of the story

[Bu11etmagnet]

Serves him right, buying a phone from capitalist pigdogs. If you don't want the Americans spying on you, buy Chinese!

Um...

[YuppieScum]

The ubiquitous use of iPhones around the world — a result of America's technological prowess...

Not quite.

The iPhone is a copy of the earlier HTC (Taiwan) smartphones, based on ARM (UK) CPUs made by TSMC (Taiwan again), displays from Sharp (Japan), LG (Korea) or Samsung (also Korea), RAM and flash chips from Japan, Taiwan or Korea, with physical design by Jonny Ive (UK again) and assembled by Foxconn (China).

The OS is from the US, but quite a few of the coders were on H1-Bs.

In fact, the only real American prowess involved was in the marketing.

Re:

[NoMoreACs]

The ubiquitous use of iPhones around the world — a result of America's technological prowess...

Not quite.

The iPhone is a copy of the earlier HTC (Taiwan) smartphones, based on ARM (UK) CPUs made by TSMC (Taiwan again), displays from Sharp (Japan), LG (Korea) or Samsung (also Korea), RAM and flash chips from Japan, Taiwan or Korea, with physical design by Jonny Ive (UK again) and assembled by Foxconn (China).

The OS is from the US, but quite a few of the coders were on H1-Bs.

In fact, the only real American prowess involved was in the marketing.

You don't really believe all that bullshit, do you?

Re:

[YuppieScum]

Well, I only have anecdotal evidence regarding the number of H1-Bs working on iOS, from a friend at Apple.

You're entirely welcome to attempt to refute any of the other statements, rather than being insulting dismissive.

Your question does, however, serve to reinforce my assertion regarding Apple's marketing.

Re:

[NoMoreACs]

Well, I only have anecdotal evidence regarding the number of H1-Bs working on iOS, from a friend at Apple.

You're entirely welcome to attempt to refute any of the other statements, rather than being insulting dismissive.

Your question does, however, serve to reinforce my assertion regarding Apple's marketing.

Sorry, it doesn't work that way.

They are your assertions. Defend or Retreat.

Re:

[YuppieScum]

So, that's not really how things work. If you believe I'm wrong, then stating why provides a basis for intelligent discussion in good faith. However, this is Slashdot, and social norms typically take a back seat to abuse.

Still, I can take an educated guess as to why my statements have you so agitated, so here's a little history...

Apple launched their first smartphone in 2007*. It had rounded corners, and a round control button centred below the screen - design features which Apple then took legal steps to

Re:

[NoMoreACs]

Apple launched their first smartphone in 2007*. It had rounded corners, and a round control button centred below the screen - design features which Apple then took legal steps to protect

You say you want intelligent discourse; but then your opening argument is the "rounded corners" Claim? Well, alrighty, then!

It had a CPU fabbed by Samsung - Apple didn't switch to TSMC until a few years later.

That "CPU" (SoC) may have been Fabbed by Samsung back then; but it was Designed by Apple. . .

Re:

[YuppieScum]

You say you want intelligent discourse;

Yes, I do...

Well, alrighty, then!

...but I don't seem to be getting it.

...your opening argument is the "rounded corners" Claim?

Well, it's not an "argument" or a "claim," it's a statement of fact - Apple took legal steps to prevent others from using design features that they themselves had copied from smartphones which had existed for at least five years. That Apple created a smartphone five years after HTC (and others) had done so required neither innovation nor particular technical prowess - the real work had already been done. Had Apple done the same thing before the others would

Re:

[jonadab]

> In fact, the only real American prowess involved was in the marketing.

Honestly, marketing may be the most advanced technology humans have thus far developed. And Apple is undeniably good at it.

Did they do anything we do not do?

[Zemran]

I do not see any daring ruse here, just routine practices that we all do.

Amateur?

[VeryFluffyBunny]

Was this guy a poorly-informed amateur? Did he have no INFOSEC training from Chinese spy agencies, i.e. "How not to get caught while spying." This is laughably bad trade-craft. Please don't tell me that $billions in trade secrets from US corporations are so easy to get hold of that even inept, amateurish guys like this can do it?

They are still only copying

[Growlley]

What the cia did on behalf of american companies to Airbus years ago. Oh wait becuase your American NOW it's not fair!

F22 secrets

[johanw]

The Chinese apparently are not interested in F35 secrets. That flying brick is apparently not considered a threat.

That's Why They Also Use TikTok

[Vandil X]

People literally just post their stuff for the world to see, and all the delicious usage data goes to China.

The Feds demonstrate the risk of all app data, not

[frogmaw]

"the investigators found that each email address was the Apple ID used for an iPhone, linked to an iCloud account where data from the phones was periodically backed up. The agents were later able to obtain search warrants for the two iCloud account" Isn't this the exact equivalent of what the US Govt says it's the risk of TikTok? As a US citizen, I'm worried far more about my data in the hands of the US Govt than in Chinese Govt hands.