STRATEGY CENTRAL

By Practitioners, For Practitioners

By Monte Erfourth - November 23, 2024

Introduction

In response to China's growing espionage activities, the United States has crafted a robust counterintelligence strategy to mitigate the theft of critical information and intellectual property. The "National Counterintelligence Strategy of 2024" outlines key measures to outmaneuver and constrain foreign intelligence entities, particularly China, which the U.S. sees as one of its most significant espionage threats. Chinese intelligence operations target everything from advanced technologies to sensitive government data, infiltrating not only federal systems but also private industries, research institutions, and academic settings. Recent high-profile incidents, such as the dismantling of Flax Typhoon and other botnets, have heightened awareness across sectors and driven immediate enhancements in countermeasures, reinforcing the need for coordinated responses.

The U.S. strategy to combat this threat is multi-pronged, focusing on defensive and offensive measures. It emphasizes the need to "Detect, Understand, & Anticipate Foreign Intelligence Threats" by expanding innovative intelligence collection methods, integrating these capabilities across federal, state, and local levels, and enhancing information sharing among intelligence agencies, local governments, and international allies. Offensively, the strategy aims to "Counter, Degrade, & Deter Foreign Intelligence Activities & Capabilities" through advanced tools like artificial intelligence and cyber operations. Protecting America's technological edge, combating cyber intrusions, and addressing influence operations are critical pillars of this approach. The National Counterintelligence Strategy aims to provide a comprehensive framework to outpace adversaries by developing an integrated, proactive, and resilient posture, ensuring the U.S. retains its strategic advantages in an era of persistent threats.

Does the U.S. have the right approach to counter China’s espionage? Countering certainly won’t be enough, as a passive defense is already failing. As the Typhoon series of attacks highlights, the U.S. is vulnerable to Chinese information attacks. This article explores the evolving attack angles of Chinese espionage, the U.S. response, and the broader national and global security implications.

 A Global Web of Espionage

China’s use of technology for espionage has reached unprecedented levels. A significant disruption occurred with the FBI and allied intelligence agencies dismantling a botnet network, Flax Typhoon, comprising 260,000 infected routers, cameras, and other devices. Operated by a Chinese state-affiliated contractor, Integrity Technology Group, the network targeted the United States, Taiwan, Vietnam, and Germany, collecting sensitive government, corporate, and military data. Another network, Salt Typhoon, infiltrated major U.S. telecommunications providers, potentially compromising sensitive data through vulnerabilities in Cisco routers and core network systems. These operations illustrate Beijing’s capacity to exploit commercial telecommunications carriers for surveillance.

Exploiting telecommunications is the tip of a staggering iceberg.  Here is a small sample of China’s espionage activities across a swath of U.S. information vulnerabilities:

• Telecommunications: A Gateway to Espionage. China has exploited vulnerabilities in U.S. telecommunications infrastructure to collect sensitive data. In one of the most advanced operations, hackers linked to the Chinese Ministry of State Security compromised major mobile networks in a campaign named Salt Typhoon. Over eight months, these operatives infiltrated systems at Lumen Technologies and other carriers, stealing call logs, unencrypted texts, and audio from high-value targets, including senior U.S. officials and political figures like Donald Trump and J.D. Vance. This breach highlighted the systemic weaknesses in telecommunications networks and the dangers posed by state-backed cyber adversaries.

Further complicating matters, a congressional investigation revealed that Chinese-manufactured cargo cranes used at U.S. ports could function as espionage tools. These cranes, built by ZPMC, were found to have embedded cellular modems capable of bypassing firewalls and gathering intelligence. Investigators flagged these vulnerabilities as potential tools for sabotage during a conflict, particularly in scenarios involving Taiwan.

• Infrastructure Espionage: Targeting Critical Systems. Volt Typhoon has been active since at least 2021 and primarily focuses on U.S. critical infrastructure. This group employs stealth techniques known as living-off-the-land (LOTL), which means they utilize built-in system tools rather than traditional malware, making detection more challenging. Volt Typhoon’s operations have mainly targeted communications infrastructure, particularly in Guam, a crucial U.S. military hub. The group often gains access through compromised Fortinet devices. Then, it extracts credentials to move further into the network, which remains hidden using proxy devices such as SOHO routers and firewalls.

• Academic Espionage: Targeting Knowledge and Innovation. China’s espionage efforts extend into U.S. academia, exploiting the open nature of educational institutions. Beijing recruits researchers to transfer intellectual property and sensitive technologies through programs like the Thousand Talents Program. A Center for Strategic and International Studies study documented numerous cases where Chinese nationals exploited access to cutting-edge research in fields such as quantum computing and artificial intelligence, often redirecting these innovations to support China’s military and economic objectives.

American universities have become a battleground for Chinese intelligence operations. While many Chinese students and researchers contribute positively, a minority act under directives from the Chinese Communist Party. This has increased scrutiny over collaborations with Chinese institutions, especially in high-tech and sensitive areas.

• Artificial Intelligence (AI): The Ultimate Intelligence Amplifier. Beijing’s espionage strategy centers on utilizing advanced AI capabilities. By analyzing massive datasets, China can create detailed profiles of individuals, aiding in intelligence operations. Data stolen from sources like the Office of Personnel Management and Marriott International is used to identify potential recruits, monitor undercover operatives, and build comprehensive dossiers on American leaders.

AI-driven tools also enhance China’s ability to exploit telecommunications data. For instance, Salt Typhoon hackers reportedly applied AI algorithms to the stolen information, enabling Beijing to map social and professional networks of American political and military figures. This level of insight significantly bolsters China’s strategic capabilities, providing a framework for both espionage and influence operations.

• Influence Operations: Shaping Public Opinion and Policy. China’s influence campaigns are designed to shape public opinion and policy within the United States. A high-profile example involves Linda Sun, a former aide in the New York governor’s office who acted as an agent for Beijing. Sun promoted Chinese interests through her position, influencing U.S. policymakers and suppressing criticism of China’s human rights abuses.

Additionally, Chinese operatives have infiltrated cultural and community organizations, particularly in American Chinatowns. These efforts propagate Beijing’s narratives while gathering intelligence on Chinese-American communities and U.S. political figures.

The most egregious act of influence this year was when U.S. authorities uncovered a covert Chinese police station operating in New York City, designed to intimidate and collect information on Chinese nationals residing in the area. The clandestine station, set up in the heart of Manhattan, was part of China's broader campaign to monitor and exert influence over members of the Chinese diaspora, often using coercion to silence dissidents critical of Beijing. U.S. law enforcement agencies conducted a thorough investigation, leading to the arrest of individuals involved in managing the site, and emphasized that such operations posed significant threats to national sovereignty and individual freedoms.

• Cyber Espionage on the Rise. Recent revelations from Bloomberg and other outlets underscore the breadth of China’s cyber-espionage campaign. Beijing has been accused of orchestrating a “broad and significant” hacking effort that penetrated multiple sectors. This includes compromising wiretap systems law enforcement uses, further underscoring the vulnerabilities in U.S. digital infrastructure.  Chinese government-linked hackers have burrowed into U.S. critical infrastructure and are waiting "for just the right moment to deal a devastating blow," FBI Director Christopher Wray said in a speech at Vanderbilt University in April of this year.

Wray explained that an ongoing Chinese hacking campaign known as Volt Typhoon has successfully gained access to numerous American companies in telecommunications, energy, water, and other critical sectors. Twenty-three pipeline operators were targeted. China is developing the "ability to physically wreak havoc on our critical infrastructure at a time of its choosing," Wray said at the 2024 Vanderbilt Summit on Modern Conflict and Emerging Threats. It plans to land low blows against civilian infrastructure to induce panic."

• Espionage in Action: High-Profile Targets. Revelations indicate that Beijing may have targeted prominent figures like Donald Trump and Senator J.D. Vance. Chinese hackers have monitored U.S. political and corporate systems by embedding spyware in telecommunications networks. Other breaches include voter registration systems in the U.K., Indian power grids, and U.S. water and energy networks, demonstrating Beijing’s ability to disrupt critical services.

• Espionage in Action: Military Targets. In 2024, two U.S. sailors were arrested and charged with espionage for allegedly passing sensitive military information to China in exchange for cash payments. The sailors, Jinchao Wei and Wenheng Zhao were based in California. They held positions that provided them access to classified information, which they are accused of sharing with Chinese intelligence officials over several months. Wei, stationed on the USS Essex, allegedly shared operational plans. At the same time, Zhao, who worked at a naval base in Ventura County, provided photographs, videos, and documents about the Navy's operational strategies. These revelations underscored the growing threat posed by Chinese intelligence operations targeting U.S. military personnel for espionage purposes.

Counterintelligence and Countermeasures

In response to China's growing espionage activities, the United States has crafted a robust counterintelligence strategy to mitigate the theft of critical information and intellectual property. The "National Counterintelligence Strategy of 2024" outlines key measures to outmaneuver and constrain foreign intelligence entities, particularly China, which the U.S. sees as one of its most significant espionage threats. Chinese intelligence operations target everything from advanced technologies to sensitive government data, infiltrating not only federal systems but also private industries, research institutions, and academic settings.

The U.S. strategy to combat this threat is multi-pronged, focusing on defensive and offensive measures. Central to the plan is the drive to "Detect, Understand, & Anticipate Foreign Intelligence Threats" by expanding innovative intelligence collection methods, including artificial intelligence, technical tools, and human sources. The strategy emphasizes integrating these capabilities across federal, state, and local levels to ensure a coordinated and efficient approach. Moreover, the United States is enhancing information sharing among intelligence agencies, local governments, private sectors, and international allies to address this growing challenge.

Offensively, the strategy highlights the need to "Counter, Degrade, & Deter Foreign Intelligence Activities & Capabilities." This includes utilizing advanced tools, such as artificial intelligence and cyber operations, to disrupt adversaries' espionage campaigns and dismantle their infrastructure. The United States is increasingly proactive in detecting and preempting Chinese intelligence activities, ensuring American policymakers are equipped with actionable insights to counter these operations effectively. Efforts are also being made to degrade Chinese intelligence operations by targeting their non-traditional assets, which include embedded researchers and commercial proxies that facilitate espionage.

Protecting America's technological edge is a significant priority under this strategy. The United States aims to safeguard critical technology and economic sectors essential to national security. China has actively sought advanced technologies, often leveraging commercial espionage and intellectual property theft. In response, U.S. counterintelligence efforts have ramped up engagement with the private sector and academia, which are frequent targets of Chinese espionage, to better protect critical innovations. The emphasis is on strengthening supply chain security and mitigating risks that foreign actors could exploit.

Another critical strategy pillar is combating China's cyber operations to steal U.S. secrets. Chinese hackers often target government databases, research institutions, and private firms to acquire sensitive information. To counter these threats, the United States is building a coalition of partners at home and abroad to share threat intelligence and develop innovative tools to respond to cyber intrusions. By fostering strong public-private partnerships, the U.S. aims to introduce more significant uncertainty for foreign intelligence actors, increasing the costs of their activities.

Finally, the U.S. approach includes "Protecting Democracy from Foreign Malign Influence," addressing the growing concern over influence operations that aim to manipulate public opinion and policy. The U.S. sees China's activities in this area as an effort to undermine the integrity of democratic processes, often using social media platforms to spread disinformation. The strategy includes expanding cooperation with social media companies, improving the detection of covert influence campaigns, and enhancing transparency to expose and counteract these tactics.

The National Counterintelligence Strategy provides a comprehensive framework to ensure that America retains its strategic advantages in the face of persistent Chinese espionage. It prioritizes resilience through investment in emerging technologies, the development of a skilled counterintelligence workforce, and strengthening alliances domestically and internationally. In an era of strategic competition, the United States seeks to outpace its adversaries by developing an integrated, proactive, and resilient counterintelligence posture.

Despite China’s long-standing espionage activities, recent actions have heightened awareness and countermeasures:

• Botnet Disruptions: U.S.-led operations dismantled Flax Typhoon and other networks, underscoring the importance of international cooperation.

• Corporate Accountability: Governments increasingly hold companies accountable for network security. Firms like Cisco and Microsoft play crucial roles in identifying vulnerabilities.

• Public Warnings: Intelligence agencies have intensified efforts to educate businesses and individuals about Chinese espionage risks, emphasizing vigilance in digital and interpersonal interactions.

As mentioned above, will the counterintelligence strategy and actions be enough to stem the massive tide of information pilferage?  It is difficult to see behind the veil of counterintelligence actions and activities, so public trust in the intelligence communities will likely have to suffice for now.  Given the breadth, depth, and volume of Chinese information gathering and outright spying, and despite a seemingly sound strategy and abilities, it is hard to believe our open society can stay ahead of the Chinese to guard our valuable intellectual, industrial, personal, governmental, or intellectual information. 

 Strategic Implications

In response to China's growing espionage activities, the United States has crafted a robust counterintelligence strategy to mitigate the theft of critical information and intellectual property. This article explores the evolving tactics of Chinese espionage, the U.S. response, and the broader national and global security implications. The "National Counterintelligence Strategy of 2024" outlines key measures to outmaneuver and constrain foreign intelligence entities, particularly China, which the U.S. sees as one of its most significant espionage threats. Chinese intelligence operations target everything from advanced technologies to sensitive government data, infiltrating not only federal systems but also private industries, research institutions, and academic settings. Recent high-profile incidents, such as the dismantling of Flax Typhoon and other botnets, have heightened awareness across sectors and driven immediate enhancements in countermeasures, reinforcing the need for coordinated responses.

The U.S. strategy to combat this threat is multi-pronged, focusing on both defensive and offensive measures. It emphasizes the need to "Detect, Understand, & Anticipate Foreign Intelligence Threats" by expanding innovative intelligence collection methods, integrating these capabilities across federal, state, and local levels, and enhancing information sharing among intelligence agencies, local governments, and international allies. Offensively, the strategy aims to "Counter, Degrade, & Deter Foreign Intelligence Activities & Capabilities" through advanced tools like artificial intelligence and cyber operations. Protecting America's technological edge, combating cyber intrusions, and addressing influence operations are key pillars of this approach. The National Counterintelligence Strategy provides a comprehensive framework to outpace adversaries by developing an integrated, proactive, and resilient posture, ensuring the U.S. retains its strategic advantages in an era of persistent threats.

China's espionage campaign demands an intensive and effective U.S. effort to safeguard American information. The American people must be made aware of the evolving threat posed by Chinese espionage, the multifaceted response outlined in the U.S. counterintelligence strategy, and the necessity for resilience in protecting national security. Despite the challenges presented by an open society, the United States must be transparent about the nature of these attacks and be prepared to respond decisively, fostering a deterrent effect. For too long, China has been allowed to draft off the intellectual work of Americans. It is imperative that the U.S. remains vigilant, ready to defend its technological and intellectual assets, and committed to preventing further exploitation by foreign adversaries.

Former President Donald Trump’s return to the political stage raises questions about his cybersecurity policies. While Trump’s administration previously took a hard line on China, his inclination to reduce regulations could weaken U.S. defenses against espionage. For instance, Trump’s focus on deregulation may make it easier for Chinese firms to penetrate critical sectors under the guise of business investments. Reports suggest that Trump’s cyber policy will likely prioritize economic concerns over national security. This approach could relax scrutiny on Chinese tech companies operating in the U.S., potentially enabling espionage under the pretext of trade and investment agreements. Critics argue that balancing economic and security interests will be crucial to countering Beijing’s growing influence.

The incoming administration's choice of security or economic priorities could open the door to the Chinese even wider or curtail the steady hemorrhage of information to China.  The advantage for China is enormous, and no short-term economic gain would be worth it.

 Bibliography

• Colchester, Max, and Daniel Michaels. "Scale of Chinese Spying Overwhelms Western Governments." Wall Street Journal, October 14, 2024. 

• Krouse, Sarah, Robert McMillan, and Dustin Volz. "Chinese-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack." Wall Street Journal, September 26, 2024. 

• McMillan, Robert, Dustin Volz, and Aruna Viswanatha. "China Is Stealing AI Secrets to Turbocharge Spying, U.S. Says." Wall Street Journal, December 25, 2023. 

• Menn, Joseph, and Ellen Nakashima. "U.S. and Allies Seize Control of Massive Chinese Tech Spying Network." Washington Post, September 18, 2024. 

• Peterson, Kristina, et al. "Was There a Chinese Agent Working in the New York Governor’s Office?" Wall Street Journal, September 6, 2024. 

• Office of the Director of National Intelligence. National Counterintelligence Strategy 2024. Washington, D.C.: Office of the Director of National Intelligence, 2024.

• National Intelligence Council. Foreign Malign Influence Lexicon. August 2022.

• Executive Order 14017. "America's Supply Chains." February 24, 2021.

• Colchester, Max, and Daniel Michaels. "Scale of Chinese Spying Overwhelms Western Governments." Wall Street Journal, October 14, 2024. 

• Volz, Dustin, et al. “China Hack Enabled Vast Spying on U.S. Officials, Likely Ensnaring Thousands of Contacts.” Wall Street Journal, November 5, 2024. 

• Volz, Dustin. “Chinese Cargo Cranes at U.S. Ports Pose Espionage Risk, Probe Finds.” Wall Street Journal, September 12, 2024. 

• “Have Chinese Spies Infiltrated U.S. College Campuses?” News Nation Now. 

• Center for Strategic and International Studies. “Survey of Chinese Espionage in the United States: 2000–2022.” 

• “U.S. Accuses China of Broad and Significant Cyber-Spying Effort,” Bloomberg News, November 13, 2024. 

• “Trump’s Cyber Policy Likely to Focus on China, Relaxing Regulation,” Bloomberg News, November 8, 2024. 

• Cooper, Helene, and Edward Wong. The New York Times, August 4, 2024; Stelloh, Tim. NBC News, August 3, 2024.

• Kanno-Youngs, Zolan, and Karen Zraick. "U.S. Arrests Two in Connection with Secret Chinese Police Station in New York." The New York Times, July 10, 2024.

• Reuters. "FBI Says Chinese Hackers Preparing to Attack U.S Infrastructure." Reuters, April 18, 2024.