China’s Techno-Kleptomania
Beijing’s schemes imperil American companies and national security. It’ll take a huge effort to stop them.
The news that the U.S. has arrested Peng Xuehua of Hayward, Calif., for allegedly funneling classified American secrets to China’s Ministry of State Security can’t be dismissed as an isolated incident. Beijing seems to be digging for technological secrets across the U.S. Director Christopher Wray said in July that the Federal Bureau of Investigation has 1,000 active investigations into attempted intellectual property theft in America, mostly involving China.
The Ministry of State Security, China’s sprawling espionage agency, is at the center of many of these efforts. The People’s Liberation Army coordinates with the ministry to steal U.S. military technology. In addition to government forces, ostensibly private Chinese companies are increasingly bent to party whims under President Xi Jinping.
Beijing’s tech theft is a danger to every American and every opponent of the Chinese Communist Party. The line between commercial and military technology is often blurry—artificial intelligence, for instance, has many commercial and military uses. The party has also directly gone after military secrets. The Navy secretary said in March that his branch and its commercial partners are under “cyber siege” by China.
Here are recent major incidents and allegations that have been publicly disclosed:
• In September the Justice Department filed fraud charges against a professor in Texas, Bo Mao, for allegedly stealing solid-state-drive computer technology from a Silicon Valley startup, CNEX Labs. Mr. Mao has pleaded not guilty. Though the criminal case does not explicitly cite Huawei, Mr. Mao was earlier accused of stealing technology for Huawei in a civil suit CNEX filed against the Chinese tech giant. A jury for the civil case concluded in June that Huawei misappropriated solid-state-drive technology from CNEX. The civil suit closely parallels the criminal one laid out against Mr. Mao. It’s reasonable to conclude the civil suit describes the same incidents covered under the criminal charges against Mr. Mao.
• In July an American court found an adjunct professor from the University of California, Los Angeles guilty of penetrating the systems of a company that makes monolithic microwave integrated circuits. These devices provide the data for enhanced target acquisitions in weapons systems by the Air Force, Navy and Defense Advanced Research Projects Agency. Yi-Chi Shih conspired with a co-defendant to transfer the technology to a company Mr. Shih ran in China, which was gearing up to manufacture the advanced chips. That company, Chengdu GaStone Technology Co., was placed on the Commerce Department’s Entity List in 2014 because “it had been involved in the illicit procurement of commodities and items for unauthorized military end use in China.” Mr. Shih faces a sentence of 219 years in prison.
• In March, Tesla Inc. filed a lawsuit against a former engineer at the company, Guangzhi Cao, who allegedly copied 300,000 files related to Tesla’s Autopilot system before taking a job at a Chinese self-driving car startup, Xiaopeng Motors. Mr. Cao denied stealing Tesla’s intellectual property, and a judge appointed a mediator last week. Developing electric cars, including autonomous vehicles, is one of the Chinese government’s goals. The technology also has clear military applications, such as creating unmanned combat vehicles.
• Perhaps the granddaddy of all recent incidents took place in December, when the Justice Department and FBI disclosed that they had broken up a roughly four-year operation by a hacking group known as APT10 in Tianjin, China, which worked with the Ministry of State Security. APT10 was able to penetrate America’s cloud computing systems using malware that fooled intrusion detection systems. It was then able to “hop” onto the systems of companies that relied on cloud computing firms, reportedly including IBM, to protect their data. One of the targets was the U.S. Navy. APT10 stole the names and personal details of 100,000 naval personnel and also stole ship maintenance information, which could have practical use in any naval showdown in the Pacific.
The U.S. needs a comprehensive strategy to combat this espionage. President Trump has proclaimed progress in a first phase of trade negotiations with Beijing, which includes some intellectual-property rules. But the White House doesn’t appear to have done anything at all to address Beijing’s hacking and spying in the U.S.
It will require Manhattan Project-like intensity and focus to harden America’s information-technology systems. It will take years and cost billions of dollars. U.S. government agencies will have to ask Congress for bigger budgets. Companies will have to devote more money and staff to IT, even if this puts pressure on profits. To be effective, they will also have to work with the government to root out economic espionage. Security experts say some companies seem reluctant to ask for federal help, perhaps fearing their dirty laundry will be aired in public. General Electric has led the way by agreeing to work with the FBI and Justice Department to break up two Chinese espionage operations, one involving turbines and the other the carbon composites used in jet engine fan blades.
Outside security, military and intelligence circles, the U.S. has been slow to wake up to the Chinese hacking and espionage campaign because it has been subtle and long-term. The Chinese have never engaged in North Korean-style antics like crashing Sony’s Hollywood studio’s computers because it made a critical film. But it’s time to piece together the pattern of China’s activities and forge a consensus across the government and private sector on how the U.S. can best respond.
Mr. Holstein is author of “The New Art of War: China’s Deep Strategy Inside the United States.”