How China built databases to track US flights, passenger lists for espionage purposes

How China built databases to track US flights, passenger lists for espionage purposes


The discovery by China that US Central Intelligence Agency (CIA) seriously compromised telecommunications company Huawei’s China-based servers and jarred Chinese officials, touched off a ferocious response that left the former groping in the dark with one eye open.

According to Foreign Policy magazine expose, the retaliation by the Chinese intelligence community struck at the heart of the US public service – Office of Personnel Management (OPM), during which Chinese hackers stole detailed, often highly sensitive personnel data of 21.5 million current and former public servants.

Details of the Chinese hack were the backbone of the 2013 Edward Snowden leaks that for first time laid bare the National Security Agency’s (NSA) deep penetration of the telecommunications company Huawei’s China-based servers, also jarred Chinese officials.

“Chinese officials were just beginning to learn how the internet and technology has been so thoroughly used against them in ways they didn’t conceptualise until then,” a former analyst says.

“At the intelligence level, it was driven by this fundamental [revelation] that, ‘This is what we’ve been missing: This internet system we didn’t create is being weaponised against us.’”

There were other ripple effects. By the late 2000s, US intelligence officials had observed a notable professionalising of the Ministry of State Security, China’s main civilian intelligence agency.

Before China President Xi Jinping purges that began in 2013, petty corruption within the agency was ubiquitous, former US intelligence officials say, with China’s spies sometimes funnelling money from operations into their own “nest eggs”.

Chinese government-affiliated hackers operating under the protection of the Ministry of State Security would also sometimes moonlight as cybercriminals, passing a cut of their work to their bosses at the intelligence agency.

Under Xi’s crackdown, these activities became increasingly untenable. But the discovery of the CIA networks in China helped supercharge this process, said current and former officials – and caused China to place a greater focus on external counterespionage work.

“As they learned these things,” the Chinese realised they “needed to start defending themselves,” said the former CIA executive.

By about 2010, two former CIA officials recalled, the Chinese security services had instituted a sophisticated travel intelligence programme, developing databases that tracked flights and passenger lists for espionage purposes.

“We looked at it very carefully,” said the former senior CIA official. China’s spies “were actively using that for counterintelligence and offensive intelligence. The capability was there and was being utilised.”

China had also stepped up its hacking efforts targeting biometric and passenger data from transit hubs, former intelligence officials say – including a successful hack by Chinese intelligence of biometric data from Bangkok’s international airport.

To be sure, China had stolen plenty of data before discovering how deeply infiltrated it was by US intelligence agencies. However, the shake-up between 2010 and 2012 gave Beijing an impetus not only to go after bigger, riskier targets, but also to put together the infrastructure needed to process the purloined information.

It was around this time, said a former senior NSA official, that Chinese intelligence agencies transitioned from merely being able to steal large datasets en masse to actually rapidly sifting through information from within them for use.

US officials also began to observe that intelligence facilities within China were being physically co-located near language and data processing centres, said this person.

For US intelligence personnel, these new capabilities made China’s successful hack of the US Office of Personnel Management (OPM) that much more chilling. During the OPM breach, Chinese hackers stole detailed, often highly sensitive personnel data from 21.5 million current and former US officials, their spouses and job applicants, including health, residency, employment, fingerprint and financial data.

In some cases, details from background investigations tied to the granting of security clearances – investigations that can delve deeply into individuals’ mental health records, their sexual histories and proclivities and whether a person’s relatives abroad may be subject to government blackmail – were stolen as well.

Though the United States did not disclose the breach until 2015, US intelligence officials became aware of the initial OPM hack in 2012, said the former counterintelligence executive. (It’s not clear precisely when the compromise actually happened.)

When paired with travel details and other purloined data, information from the OPM breach likely provided Chinese intelligence potent clues about unusual behaviour patterns, biographical information, or career milestones that marked individuals as likely US spies, officials say.

Now, these officials feared, China could search for when suspected US spies were in certain locations – and potentially also meeting secretly with their Chinese sources. China “collects bulk personal data to help it track dissidents or other perceived enemies of China around the world,” Evanina, the top US counterintelligence official, said.

Many felt the ground give way immediately. For some at the CIA, recalled Gail Helt, a former CIA China analyst, the reaction to the OPM breach was, “Oh my God, what is this going to mean for everybody who had ever travelled to China? But also, what is it going to mean for people who we had formally recruited, people who might be suspected of talking to us, people who had family members there? And what will this mean for agency efforts to recruit people in the future? It was terrifying. Absolutely terrifying.”

Many feared the aftershocks would be widespread. “The concern just wasn’t that [the OPM hack] would curtail info inside China,” said a former senior national security official. “The US and China bump up against each other around the world. It opened up a global Pandora’s box of problems.”

Others were more resigned, if no less disturbed. “You operate under the assumption that good tradecraft”—and not the secrecy provided, in theory, by cover – “will protect your assets and operations,” said Duyane Norman, a former senior CIA official.

“So OPM wasn’t some kind of eye-opener. It was confirmation of new threats we already knew existed.”

There were other bad omens. During this same period, US officials concluded that Russian intelligence officials, likely exploiting a difference in payroll payments between real State Department employees and undercover CIA officers, had identified some of the CIA personnel working at the US Embassy in Moscow.

Officials thought that this insight may have come from data derived from the OPM hack, provided by the Chinese to their Russian counterparts. US officials also wondered whether the OPM hack could be related to an uptick in attempted recruitments by Chinese intelligence of Chinese American translators working for US intelligence agencies when they visited family in China.

“We also thought they were trying to get Mandarin speakers to apply for jobs as translators” within the US intelligence community, recalled the former senior counterintelligence official. US officials believed that Chinese intelligence was giving their agents “instructions on how to pass a polygraph.”

But after the OPM breach, anomalies began to multiply. In 2012, senior US spy hunters began to puzzle over some “head-scratchers”: In a few cases, spouses of US officials whose sensitive work should have been difficult to discern were being approached by Chinese and Russian intelligence operatives abroad, according to the former counterintelligence executive.

In one case, Chinese operatives tried to harass and entrap a US official’s wife while she accompanied her children on a school field trip to China. “The MO is that, usually at the end of the trip, the lightbulb goes on [and the foreign intelligence service identifies potential persons of interest]. But these were from day one, from the airport onward,” the former official said.

Worries about what the Chinese now knew precipitated an intelligence community-wide damage assessment surrounding the OPM and other hacks, recalled Douglas Wise, a former senior CIA official who served deputy director of the Defence Intelligence Agency from 2014 to 2016.

Some worried that China might have purposefully secretly altered data in individuals’ OPM files to later use as leverage in recruitment attempts.

Officials also believed that the Chinese might sift through the OPM data to try and craft the most ideal profiles for Chinese intelligence assets seeking to infiltrate the US government – since they now had granular knowledge of what the US government looked for and what it didn’t, while considering applicants for sensitive positions.

US intelligence agencies altered their screening procedures to anticipate new, more finely tuned Chinese attempts at human spying, Wise said.

The Chinese now had unprecedented insight into the workings of the US system. The United States, meanwhile, was flying with one eye closed when dealing with China. With the CIA’s carefully built network of Chinese agents utterly destroyed, the debate over how to handle China would become increasingly contentious – even as China’s ambitions grew.

  • A Tell report
About author

Your email address will not be published. Required fields are marked *