Counterintelligence and economic espionage – what it can mean for you and your company

The social media network request looked innocent: a young Asian woman from “Singapore” seemed to be looking to expand her technology contacts in America. A quick review of the social media profile showed a seemingly legitimate educational background, listing known universities and work history. You’ve probably received your fair share of same. But according to the FBI, the request isn’t innocent at all.

The network request, together with its unusual typos and all, was likely part of a broad nation-state effort to cobble any and all technology and corporate information, an operation called “a thousand grains of sand.” It is but one of many strategies and tactics designed to secure classified or secret information.

“The Risk to America”

FBI and NCIS Special Agents recently presented a wide-ranging counterintelligence and cybersecurity seminar called “The Risk to America,” coordinated by Purdue@WestGate near the $2 billion Naval Surface Warfare Center at Crane.

Here are some summary takeaways:

• Numerous countries today conduct a 24/7/365 intense “whole state approach” to illegally seek critical intelligence, technology secrets, corporation trade information, intellectual property, classified military information, and more. Many of these threats originate from China, Russia and Iran and represent harmful threats to American national security and economic advancement. Cyberwar is alive and well on many levels.
• The current greatest counterintelligence and economic espionage threat is from China. A new counterintelligence threat is identified from China roughly every 10 hours on average, and about half of the active FBI caseload involves “all in” counterintelligence organized activities from the People’s Republic of China.
• An estimated $300-$600 billion worth of economic and intellectual property secrets have been lost globally to China over the past few decades. At the 2022 Zhuhair Air Show in China, attendees viewed a vast array of what the Diplomat magazine described as “real gains…in missile, radar, unmanned systems and fighter technology.” What was disturbing? Many of the new planes, missiles and electronic military devices appeared to reflect stolen technology from American and other Western nations. As the magazine noted: “The FH-97 [drone], an unmanned combat aerial vehicle with a stark resemblance to the U.S.-built Kratos XQ-58 Valkyrie, was on full display at the Zhuhai Air Show. In true Chinese military fashion, the display was coupled with a video playing of the FH-97 working in tandem with a J-20 to take down a U.S. F-22 fighter jet.”

  

• China, Russia and other nations use a variety of means – large and small, macro and micro – to breach, infiltrate and illegally secure technology, strategic plans, economic secrets and much more. China is known to deploy a system called “a thousand grains of sand.” Hundreds (if not thousands) of agents masquerade as students, academic officials, “young” professionals and more to try every open avenue to seize even “one grain of information ‘sand’,” assembling everything from multiple sources to slowly paint a picture of advances – or how to illegally penetrate security walls to seize information.
• As a simple example, this can be reflected in seemingly innocent LinkedIn and other social media posts and requests. A rogue agent, adopting a false online identity, first “follows” an open LinkedIn account and exploits the open network nature of the app. AI and other algorithms scour social networks looking for posts and information that may eventually lead to classified or secret information. A “request to join your network” is issued from what looks like an innocent source. As soon as you accept, all of your contacts become visible (they may already be), which results in the process being applied to all of your 1,000+ contacts in your technology or other industry. The process goes through a digital “rinse and repeat” cycle continuously, mining your posts and information relentlessly. (To avoid this, you have to manually restrict access and individually “block” people who have already started “following” you).
• Counterintelligence “bad actors” are by no means limited to China. But while China continues as a critical trade partner and resource to America and other Western nations, Chinese leaders have made no secret of their desire to achieve global supremacy as the world’s pre-eminent power by 2049. To a Western view, this may seem like a long way off, but to the world’s oldest living civilization, that’s barely the blink of an eye. As Foreign Affairs magazine writes of top China leader Xi Jinping: “The end state he is pursuing requires the remaking of global governance. His explicit objective is to replace the modern nation-state system with a new order featuring Beijing at its pinnacle.” China believes it is free to achieve that goal of a new world order by any means.
• Accordingly, China puts direct pressure on foreign Chinese nationals living in the United States and elsewhere in Western countries to actively participate in information gathering and to support Chinese political and economic goals. In the state of Indiana, Purdue and Indiana University are “hot spots.” In 2021, Purdue President Mitch Daniels openly condemned efforts by the Chinese Ministry of State Security to censor Purdue students of Chinese background who had spoken out “on behalf of freedom and others martyred for advocating it.” In a blunt open letter to students and faculty, Daniels thundered: “Those seeking to deny those rights [of open expression] to others, let alone collude with foreign governments in repressing them, will need to pursue their education elsewhere.” Recognizing this situation is certainly no excuse for racism or racist tactics against anyone, but the fact remains it must be recognized. For the 2021-2022 academic year, more than a quarter of million students from the People’s Republic of China were students on American campuses. More than 2,500 students from China are enrolled in engineering, technology and other programs at Purdue.
• Nation-states conducting activities to illegally seize classified information actively seek to infiltrate and co-op professionals and executives in key industries, academic institutions, military installations and elsewhere. Through sophisticated rationalization methods, nation-states look for engineers, executives, entrepreneurs, government officials and more who exhibit classic vulnerabilities. They include people who appear to be sympathetic to their national systems, who are deeply in debt or having severe family/martial issues, people with security clearances, people who have complex problems and the like. These recruitment profiles are historically well known, but they still produce vulnerabilities. Companies with potentially vulnerable assets should be aware when employee behavior suddenly changes, when work restrictions are violated (e.g. insisting on like taking sensitive work “home” or copying corporate info on flash drives in violation of corporate or institutional policy), IT professionals note unusual access or downloading activity, other unusual behavior.
• Oftentimes the only notice is that “something does not seem right” or there is odd behavior. For example, a foreign national was once – by accident – recently observed to be digging in a remote farm field. The person was found to be digging up recently planted seeds. The FBI found that the seeds were being collected and sent back to the state-nation for analysis. It was part of an effort to steal proprietary agricultural secrets from a national seed company.

Major counterintelligence successes

Economic and potential IP theft efforts are unfortunately rampant and don’t exclude the Midwest. The FBI has made major arrests for industrial, agricultural, and technological espionage in Indiana, Ohio and Kentucky in recent years.

Counterintelligence and cybersecurity efforts in the United States have scored major successes, but continued high vigilance continues to be the required standard. Executives and IT professionals extensively use security experts to safeguard IP and corporate assets. Gartner and other resources regularly publish market guides for protection and response solutions.

To help understand and mitigate threats, basic information can be found on the Cybersecurity & Infrastructure Security Agency (CISA) website, as well as the FBI public website (terrorism, cybercrime, counterintelligence and more). The FBI also maintains a general “tip” website.  The national Annual Threat Assessment (ATA) can be accessed here.

A main takeaway? Americans live in a world that includes many unfriendly and hostile elements. An estimated 30,000 websites are hacked every day. Cybercrime costs Americans a reported $3.5 billion annually. Several nation-states – including China, Russia, Iran and others (as well as competitive corporations) – seek to breach and steal critical information and/or compromise systems and operations. Active defenses are being maintained, but a well-informed professional with a willingness to take steps to mitigate risk represents a critical and effective asset.

Several MEK clients engage in, provide consultation, or address cybersecurity issues; Managing Principal Michael Snyder has regularly written or presented current information on cybersecurity and privacy issues. Contact Snyder here.