Chinese Intelligence Targeting of GE Aviation Reveals Chinese Mode of Operations

Cybersecurity

DoD Photo by U.S. Navy Petty Officer 1st Class Dominique A. Pineiro

Kudos to GE Aviation for their ability to maintain secrecy and for their cooperation with the Department of Justice (DOJ) in thwarting an attempt by the Chinese Ministry of State Security (MSS) to steal aviation and aerospace secrets. On October 10, the DOJ unsealed an indictment of Yanjun Xu, aka Qu Hui, aka Zhang Hui, who is a senior officer, Deputy Division Director, within the MSS’s Jiangsu State Security Department. Xu was quietly arrested in Belgium in April 2018 and extradited to the U.S. in early-October.

ClearanceJobs readers will recognize the targeting of U.S. aerospace industry by the MSS as being front and center of the MSS attempt to seed Ji Chaoqun, a Chinese citizen into the U.S. Army Reserves via the MAVNI program. While Xu targeted GE Aviation and two additional companies, including the one which employed Ji, it should be reiterated that the arrest of Ji evolved from the counterintelligence actions by the FBI directed toward Xu.

MSS Modus Operandi

Facility Security Officers putting together their counterintelligence briefs will be well served to take a few moments and pull from the following highlights of the modus operandi of the MSS for inclusion. The MSS modus operandi is tried and true, and waivers little from target to target and sector to sector.

  • Targeting – The MSS will scour the net in an effort to identify those individuals who may have access to technology which is on the MSS requirements list.
  • Research – They will task their stable of assets in the U.S. (as they did Ji Chaoqun) to conduct commercial background checks on the individuals and meld that into the open-source research they are able to conduct by scraping the internet.
  • Target Folio – Collation of this material is then melded with the information which has been culled from their covert collection efforts. For cleared personnel, that will include the information which was stolen from the Office of Personnel Management clearance processing database. It will also include information which was stolen from numerous government health insurance providers to include Tricare and Anthem. And will also include information garnered from the breaches of the various credit reporting agencies. In a nutshell, before contact with a target is made, the MSS has put together their mosaic of the target.
  • Engaging the Target – The target will be contacted. The MSS will use any number of entities where their officers are able to operate clandestinely undercover. Xu used the alias Qu Hui, and the position of “Deputy Secretary-General of Science and Technology Association” in engaging the GE Aviation employee. The unidentified GE Aviation employee was invited to visit China, specifically the Nanjing University or Aeronautics and Astronomics (NUAA) for technological exchanges and to present to academia. Seemingly all above board.
  • Let the Espionage Begin – Once the individual shows up in China, the dance to get the individual to provide information, preferably via a collaborative “commercial arrangement” begins. The individual has all their expenses covered by the MSS, and a stipend/honorarium is also provided. During the visit the individual will be introduced to MSS officers, like Xu, who appeared to be a senior official of an S&T tech association. This contact will suggest another visit, and collaborate to determine what will be of high interest China’s academia.
  • Go Bold or Go Home – As brazen as it may sound, the MSS officer will dig and query about current work, ask for a list of projects, even suggest topics which the target might be able to research within their company. In the GE Aviation instance, Xu asked for the employee to copy their work computer’s hard drive’s directory and send it along via email for perusal. Once it is ascertained employee has information of interest, the MSS moves quickly to get access. Either in China or elsewhere. In this instance, they invited the employee to bring his work laptop with him, make a copy of the info on his laptop to a USB or external hard drive, and to acquire information which he did not have natural access.
  • Foreign Meeting Arrangements – They then solidify travel arrangements to move their clandestine operation forward. In this instance, it was a meeting in Belgium. Xu showed up expecting to collect the information on the hard drive of the target’s work laptop, full of proprietary and the intellectual property of GE Aviation. That didn’t work out so well for Xu, who traveled to Belgium and was arrested.
  • Counterintelligence Programs Work –  GE Aviation’s cooperation with the Federal Bureau of Investigation (FBI) made this counterintelligence / counterespionage coup possible. The cooperation led to the arrest of Xu, but also led to the discovery of an MSS attempt to seed personnel into the U.S. Armed Forces.

What’s next for chinese intelligence?

The MSS has been set back with the arrest of Xu. They will most likely retaliate and double down on their attempts to penetrate the United States defense sector. Cleared contractor personnel should take to heart the admonishment to report every foreign contact to their FSO, and those in government to their security office. The MSS cannot elicit information or compromise an individual if sustained contact does not take place.

As has been said many times, you don’t get to decide if you are a target of the MSS, they will decide who is a target. What you can do is be prepared for the day when you find yourself in the center of the MSS bullseye.

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008).

More in Cybersecurity