FBI files espionage charges against California man who allegedly spied for China

Xuehua Edward PengThe United States has pressed espionage charges against a naturalized American citizen who operated as a courier for Chinese intelligence while working as a tour operator in California. On Monday federal prosecutors in San Francisco filed espionage charges against Xuehua “Edward” Peng, a 56-year-old Chinese-born American citizen. Peng, a trained mechanical engineer, reportedly entered the United States in June 2001 on a temporary visa. In 2012 he became a naturalized American citizen. By that time he was working for US Tour and Travel, an independent tour operator in California.

On Friday, officers with the Federal Bureau of Investigation arrested Peng at his home in Hayward, California, and charged him with spying on behalf of the Ministry of State Security (MSS), which is China’s primary external intelligence agency. At a press conference held on Monday, David Anderson, US Attorney for the Northern District of California, said that Peng began working for the MSS in June 2015 and continued to do so until June of 2018. Throughout that time, Peng participated in at least six dead drops on behalf of the MSS, said the FBI. But he was unaware that the agent on the other end of the dead drop was in fact an FBI informant, who had lured Peng and the MSS into an elaborate sting operation. The informant is referred to in the indictment as “the source”. The FBI said it paid the informant nearly $200,000 to facilitate the sting operation.

Most of the dead drops took place at a hotel in Newark, California. Peng would book a room in the hotel using a popular online booking service. He would check in and go to his hotel room, where he would hide envelopes containing as much as $20,000 in cash. He would then leave the room key at the front desk for his contact to pick up. The contact (the FBI informant) would pick up the key and the cash, and leave memory sticks with classified US government information for Peng to pick up. Peng would then travel to China to deliver the classified information to the MSS.

Unbeknownst to Peng, the FBI was monitoring him all along, and managed to secretly tape his alleged espionage activities. The surveillance footage is now part of the federal affidavit that was unsealed on Monday. Moreover, the FBI appears to have given Peng classified information that was approved for the purposes of the counterespionage operation against him. It is not known whether the classified information was real, deceptive, or a mixture of the two. It is worth noting that Peng is not a foreign diplomat and is therefore not subject to the rules of diplomatic immunity. He now faces a maximum of 10 years in prison and a fine of up to $250,000 if convicted.

Author: Joseph Fitsanakis | Date: 01 October 2019 | Permalink

Advertisements

In unprecedented move, US plans to block undersea cable linking US with China

undersea telecommunications cableIn a move observers describe as unprecedented, a United States government regulator is preparing to recommend blocking the construction of an 8,000-mile long undersea cable linking America with China, allegedly due to national security concerns. Washington has never before halted the construction of undersea cables, which form the global backbone of the Internet by facilitating nearly 100% of Internet traffic. Much of the undersea cable network is in the process of being replaced by modern optical cables that can facilitate faster Internet-based communications than ever before.

One such scheme is the Pacific Light Cable Network (PLCN), an 8,000-mile undersea cable construction project funded by Google, Facebook and Dr. Peng Telecom & Media Group Co., one of China’s largest telecommunications-hardware manufacturers. The PLCN’s completion will produce the first-ever direct Internet link between Los Angeles and Hong Kong, and is expected to increase Internet speeds in both China and the United States. Most of the PLCN has been laid and its completion is projected for this year.

But now an American regulatory panel plans to recommend blocking the PLCN’s final construction phase. According to The Wall Street Journal, the panel fears that the $300 million undersea cable project may facilitate Chinese espionage. The Justice Department-led panel is known as Team Telecom and consists of officials from several American government agencies, said the paper, citing “individuals involved in the discussion” about PLCN.

Never before has the US blocked the construction of an undersea cable, reported The Journal. National security concerns have been raised with reference to past undersea cable projects, some of whom were partially funded by Chinese-owned companies. But the projects eventually went ahead after the manufacturers were able to demonstrate that the design of the undersea cables forbade the installation of wiretaps. If the PLCN project is blocked, therefore, it will be the first such case in the history of the Internet in America.

The paper said that supporters of the PLCN argue that it would give American government regulators more control over the security of Internet traffic before it even reaches US territory. Additionally, PLCN investors claim that the completion of the project will provide American companies with broader access to consumers in Asia. Google, Facebook, Dr. Peng Telecom and the US government declined to comment on the news report.

Author: Joseph Fitsanakis | Date: 29 August 2019 | Permalink

Swiss to extradite brother of ‘leading biochemist’ who spied for Chinese firm

GlaxoSmithKlineA Swiss court has ordered the extradition to the United States of the brother of one of the world’s leading biochemists, who spied on a British pharmaceutical firm to help a Chinese startup. The extradition is part of a large corporate espionage case centered on Yu Xue, a Chinese scientist described by US federal prosecutors as “one of the world’s top protein biochemists”. Yu specializes in drug research for cancer and other serious terminal illnesses. From 2006 until 2016 he worked in the US for GlaxoSmithKline (GSK), a leading British pharmaceutical group.

In 2018, Yu was arrested by US authorities for stealing trade secrets from a GSK research facility in the US state of Pennsylvania, and giving them to a Chinese startup pharmaceutical company called Renopharma. He eventually pleaded guilty to stealing proprietary data from GSK, in a case that the US Department of Justice described as a textbook example of Chinese “economic warfare” against America. US government prosecutors also claim that Renopharma is almost wholly funded the Chinese government. The three co-founders of the Chinese firm have also been charged with corporate espionage targeting a US firm.

On May 28 Yu’s brother, Gongda Xue, was arrested in Basel, Switzerland. According to the US government, Gongda used GSK data stolen by his brother to carry out drug experimentation at the Friedrich Miescher Institute for Biomedical Research, where he worked as a post-doctoral trainee between 2008 and 2014. On Tuesday, the Swiss Federal Office of Justice (FOJ), ruled in favor of a request by the US government to extradite Gongda so he can be tried in Pennsylvaia. According to the FOJ, the Chinese scientist will be extradited as soon as his 30-day appeal period expires.

Author: Ian Allen | Date: 17 July 2019 | Permalink

Poland frees on bail former intelligence officer arrested for spying for China

Orange PolskaThe Polish government has authorized the release on bail of a former counterintelligence officer who was charged in January of this year with spying for China. The man has been identified in media reports as Piotr Durbajlo and is believed to have served as deputy director of the Internal Security Agency, Poland’s domestic counterintelligence service. A cyber security expert, Durbajlo also served in Poland’s Office of Electronic Communications with a top security clearance and unrestricted access to classified systems of Poland and the North Atlantic Treaty Organization, of which Poland is a member.

However, at the time of his arrest on January 10, Durbajlo had left government service and was a mid-level executive at Orange Polska. The company operates as the Polish branch of a French multinational telecommunications carrier with sister companies in several European Union countries. Along with Durbajlo, Polish authorities arrested Wang Weijing, a Chinese national who worked for the Chinese telecommunications manufacturer Huawei. Orange Polska is Huawei’s main domestic partner in Poland. Wang reportedly learned Polish at the Beijing Foreign Studies University. In 2006 he was posted by the Chinese Ministry of Foreign Affairs at the Chinese consulate in Gdansk, Poland’s largest Baltic Sea port. In 2011 he left the Foreign Service and joined the Polish office of Huawei. Following his arrest on January 10, he was charged with espionage. Huawei denied it had any role in espionage against the Polish state, but fired Wang nonetheless. Both Wang and Durbajlo have been in pretrial detention since their arrest in January.

On Friday, July 5, Durbajlo’s legal team announced that he would be set free on July 7, on a $31,500 bail that must be paid within 30 days to secure his release. His lawyers explained that the charges against him had not been dropped, but did not explain why he was being released. It is worth noting that Durbajlo’s release on bail was announced during a visit to Poland by a high-level Chinese delegation, aimed at discussing economic and political ties between Warsaw and Beijing. Late on Tuesday it was announced that Wang would remain in pretrial detention for at least three more months.

Author: Joseph Fitsanakis | Date: 10 July 2019 | Permalink

Attack by Chinese hacker group targeted high-profile individuals around the world

Operation SOFTCELLA hacker attack of impressive magnitude targeted specific individuals of interest to the Chinese government as they moved around the world, in what appears to be the first such operation in the history of cyberespionage. The attack was revealed late last month by Cybereason, an American cybersecurity firm based in Boston, Massachusetts. Company experts described the scope and length of the attack, dubbed Operation SOFTCELL, as a new phenomenon in state-sponsored cyberespionage. Cybereason said SOFTCELL has been in operation since at least 2017, and identified the culprit as APT10, a hacker group that is believed to operate on behalf of China’s Ministry of State Security.

The operation is thought to have compromised close to a dozen major global telecommunications carriers in four continents —the Middle East, Europe, Asia and Africa. According to Cybereason, the hackers launched persistent multi-wave attacks on their targets, which gave them “complete takeover” of the networks. However, they did not appear to be interested in financial gain, but instead focused their attention on the call detail records (CDRs) of just 20 network users. With the help of the CDRs, the hackers were able to track their targets’ movements around the world and map their contacts based on their telephone activity. According to The Wall Street Journal, which reported on Cybereason’s findings, the 20 targets consisted of senior business executives and government officials. Others were Chinese dissidents, military leaders, as well as law enforcement and intelligence officials.

An especially impressive feature of SOFTCELL was that the hackers attacked new telecommunications carriers as their targets moved around the world and made use of new service providers. The attacks thus followed the movements of specific targets around the world. Although this is not a new phenomenon in the world of cyberespionage, the geographical scope and persistence of the attacks are unprecedented, said The Wall Street Journal. Speaking last week at the 9th Annual International Cybersecurity Conference in Tel Aviv, Israel, Lior Div, Cybereason’s chief executive officer and co-founder, said SOFTCELL attacks occurred in waves over the course of several months. The hackers used a collection of techniques that are commonly associated with identified Chinese hacker groups. If detected and repelled, the hackers would retreat for a few weeks or months before returning and employing new methods. The Cybereason security experts said that they were unable to name the targeted telecommunications carriers and users “due to multiple and various limitations”.

Author: Joseph Fitsanakis | Date: 09 July 2019 | Permalink

Despite spying allegations, African Union deepens ties with Chinese telecoms firm

African UnionDespite allegations in the French press that China has been spying for years on the internal communications of the African Union, the organization appears to be deepening its ties with a leading Chinese telecommunications firm. The allegations surfaced in January of last year in the Paris-based Le Monde Afrique newspaper. The paper claimed in a leading article that African Union technical staff found that the computer servers housed in the organization’s headquarters in Addis Ababa, Ethiopia, were secretly communicating with a server facility in Shanghai, China. The secret communications reportedly took place at the same time every night, namely between midnight and 2 in the morning. According to Le Monde Afrique, the African Union servers forwarded data to the servers in Shanghai from 2012, when the building opened its doors, until early 2017.

Beijing donated $200 million toward the project and hired the state-owned China State Construction Engineering Corporation to build the tower, which was completed in 2012. Since then, the impressive 330 feet, 19-storey skyscraper, with its reflective glass and brown stone exterior, has become the most recognizable feature of Addis Ababa’s skyline. The majority of the building material used to construct the tower was brought to Ethiopia from China. Beijing even paid for the cost of the furniture used in the impressive-looking building. The paper noted that, even though the organization was allegedly notified about the breach by its technical staff in January of 2017, there was no public reaction on record. However, according to Le Monde Afrique, African Union officials took immediate steps to terminate the breach. These included replacing the Chinese-made servers with new servers purchased with African Union funds, without Beijing’s mediation. Additionally, new encryption was installed on the servers, and a service contract with Ethio Telecom, Ethiopia’s state-owned telecommunications service provider, which uses Chinese hardware, has been terminated.

Last week, however, the African Union deepened its ties with Huawei Technologies, the Chinese telecommunications firm that provided all the hardware, as well as much of the software, used in the organization’s headquarters. Last week, at a meeting in the Ethiopian capital, Thomas Kwesi Quartey, deputy chair of the African Union’s Commission signed a memorandum of understanding with Philippe Wang, Huawei’s vice president for North Africa. According to the memorandum, Huawei will increase its provision of hardware and services to the African Union “on a range of technologies”. These range from broadband telecommunications to cloud computing, as well as 5G telecommunications capabilities and artificial intelligence systems. The Chinese firm will also continue to train African Union information technology and telecommunications technicians. Both the African Union and the government of China have denied the Le Monde Afrique allegations.

Author: Joseph Fitsanakis | Date: 07 June 2019 | Permalink

German spies dismiss US warnings about Huawei threat to 5G network

Huawei 2German intelligence officials appear to be dismissing Washington’s warning that it will limit security cooperation with Berlin if China’s Huawei Telecommunications is allowed to build Germany’s 5G network. The company, Huawei Technologies, is a private Chinese venture and one of the world’s leading telecommunications hardware manufacturers. In recent years, however, it has come under scrutiny by some Western intelligence agencies, who view it as being too close to the Communist Party of China. More recently, Washington has intensified an international campaign to limit Huawei’s ability to build the infrastructure for 5G, the world’s next-generation wireless network. Along with Britain, Australia and Canada, the US is concerned that the Chinese telecommunications giant may facilitate global wiretapping on behalf of Beijing’s spy agencies.

In the past several months the United States has repeatedly warned Germany that intelligence sharing between the two countries will be threatened if the Chinese telecommunications giant is awarded a 5G contract by the German government. In March, Washington informed German officials that intelligence cooperation between the two allies would be severely impacted if Chinese telecommunications manufacturers were given the green light to build Germany’s 5G infrastructure. The warning was allegedly included in a letter to Peter Altmaier, Germany’s Minister of Economic Affairs and Energy, written by Ambassador Richard Grenell, America’s top diplomat in Germany. The letter urged the German government to consider rival bids by companies belonging to American allies, such as the Swedish telecommunications equipment manufacturer Ericsson, Finland’s Nokia Corporation, or the South Korean Samsung Corporation.

But a report by Bloomberg on Wednesday said that German authorities were not convinced by Grenell’s argument. Citing “four people with knowledge on the matter”, the news agency said that Germany’s intelligence community see Washington’s warnings as “political grandstanding”. The US and Germany “need each other’s resources to tackle global conflicts” and “rely on each other too much to risk jeopardizing crucial data sharing”, said the report. The anonymous officials told Bloomberg that Germany does benefit from America’s “vast array” of intelligence. However, German spy agencies also provide their American counterparts with crucial intelligence from several regions of the world, they said. The US Department of State did not comment on the Bloomberg report. The Chinese government has repeatedly dismissed allegations that Huawei poses an espionage threat to Western nations.

Author: Ian Allen | Date: 18 April 2019 | Permalink