Chinese State Hackers are Actively Recruiting Corporate Insiders

The F.B.I began October, 2018, by putting out a plea to U.S. companies: Work with us to stop malicious insiders from stealing your secrets and sending them to foreign competitors. To be more specific, stop China from infiltrating your company and stealing your secrets. “It’s no surprise to anyone…that China, in particular, seeks our information, our technology, and our military secrets.” According to F.B.I Director, Christopher Wray, “Every company is a target. Every single bit of information, every system, and every network is a target. Every link in the chain is a potential vulnerability.”

China’s not really making any pretense about being innocent. Their last 5-year plan openly states that it wants to “make breakthroughs in key technologies such as core chips, basic software, key components, and major machinery systems.” And they will do this anyway they can, even if it means infiltrating company networks around the world to reach these goals. Sectors that need to be especially on guard include any involved in high tech development, agriculture, healthcare, transportation, manufacturing and communication. Since this includes the constellation of companies that surround all of these sectors, basically nothing is safe.

Wray further elaborates on how the Chinese will use any tactic to get to the information they need. We’re not only talking about cyber attacks here. In one case, the Chinese set up a legitimate-looking company to lure victims to leave a target company. They offered them cash incentives and high paying positions. What did they want?  Information on something called syntactic foam. This may seem strange until you realize that such foam is a key component in stealth bombers and ship construction. The compromised employees used their connections with friends in their former company to get the information the Chinese needed.

At times, the Chinese recruitment efforts have not been altogether subtle. In August, LinkedIn announced that it was working with U.S. law enforcement agencies to weed out fraudulent accounts that were being used to recruit some of its members. According to one source, China was using information on the 22 million government workers it stole during the infamous Office of Personnel Management hack of 2014-15 to target LinkedIn members.

Kevin Mallory was one such person. He was recruited through LinkedIn, promised wealth and fame for a few secrets, and is now serving prison time. Here is the profile through which he was recruited.

linkedin mallory

It is not known precisely who contacted Mallory, but the Chinese have a penchant for using attractive women in LinkedIn profile pictures. Here is an example. The photo used can be found on a number of fashion sites. Although she purportedly works in the shipbuilding industry, the most she probably knows about ships is that they are supposed to float.

linkedin zhu

China is also using less obvious ways of getting access to insider information. They are apparently trying to buy it through deep web portals.

Such sites are notoriously hard to find and change their addresses frequently for security reasons. Often, individuals will post on forums either claiming that they have important information for sale or are willing to buy it. One site that I found gives advice to people who want to work for them by selling inside information. Potential insiders will be vetted because the value of information varies, and some may have little use to buyers. They, then, suggest a number of ways to get this valuable information.

Here are some of their suggestions.

Try to get a job in a large company. You can begin by getting an education in a potentially lucrative field, which would be anything connected to technology. Getting into such a large company may give you access to its network and potentially valuable/saleable information. If you are in a large company but do not have such access, try to befriend people who do. “Be genuine and build a rapport. People love to share their successes and failures with their friends. It can be as simple as a quick conversation during a lunch meeting between two well-connected friends. Sometimes, you don’t even need to ask them. One day, they’ll tell you. Just keep your ears and eyes open.”

They suggest attending company events. “Company parties are awesome occasions where the best information is being shared.” This is because, “attendees begin to loosen up as the night goes on and the people love to brag. Reach out to these folks and talk to them when the time is right. It’s easier than you might think. There are many talkative people who will tell you anything about the company.”

And here’s another clever trick the insider spy can use. “You can ‘accidentally forget’ your cell phone in the conference room at the right time.” In other words, you can record what is going on in an important meeting by, in a sense, bugging the room. If caught, you can always say you were recording a meeting you were at and forgot to turn off the recorder. Have them delete anything you recorded to protect yourself.

This website, which I don’t want to advertise any more than I just have, claims they will pay $100,000 a year for a good flow of information. That will certainly make a disgruntled employee consider the risk.

It is no surprise that recruiters, spies, and malicious insiders will go to where the action is. In the U.S., that means Silicon Valley. According to a recent article in Politico, “there’s a full-on epidemic of espionage on the West Coast right now. And even more worrisome, many of its targets are unprepared to deal with the growing threat.” The article quotes a member of the intelligence community who claimed that, spies “are very much part of the everyday environment”.

Chinese government officials, or others associated with the Chinese government, are known to pressure Chinese students or Chinese employees of U.S. firms to gather information for them. They may use anything from financial incentives to threats to achieve compliance. They are also known to pressure U.S. citizens of Chinese descent to help them reach their goals. They do this by threatening, either implicitly or explicitly, family members who still reside in China. “You get into situations where you have really good, really bright, conscientious people, twisted by their home government,” commented one chief security officer of a Silicon Valley firm.

As a result of such maneuvers, many Silicon Valley firms claim to be caught in an ethical dilemma. On the one hand, they want to be seen as embracing diversity by hiring Chinese or ethnic Chinese employees, while, on the other, the very diversity they embrace may result in the destruction of their company. Some companies will not allow Chinese or ethnic Chinese employees to work on certain sensitive projects, but, in so doing, they worry about facing charges of racism.

It has long been known that the Chinese government maintains control over Chinese students in the U.S. It is unlikely that they would give up this control when the students graduate and enter U.S. firms. The Chinese are well-aware of the liberal views on diversity prevalent in California universities and Silicon Valley in particular and leverage these views whenever they feel it benefits them. In addition, they have considerable power in influencing government officials and have infiltrated the region’s government at many levels. This linking of political influence and social leverage is potent combination. If you don’t believe this, remember that San Francisco senator, Dianne Feinstein, had a Chinese spy working as her driver and office director for over 20 years. Remember that  Dianne Feinstein is the head of the Senate Intelligence Committee. Need I say more?

So, expect the U,S. intelligence community’s cybersecurity focus to shift from Russia to China. Expect to see more high profile arrests, like the recent arrest of Yanjun Xu, the Chinese intelligence officer who has been extradited to the U.S. for stealing company secrets. The main problem for U.S. intelligence agents, however, is to convince companies, firstly, that a problem exists and, secondly, that embracing diversity could lead to embracing disaster. The entanglement of cybersecurity, politics, and social issues may thwart any attempt at achieving a malicious-insider free workplace. Be advised.





2 thoughts on “Chinese State Hackers are Actively Recruiting Corporate Insiders

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s