China’s successful recruitment of a former Defense Intelligence Agency (DIA) HUMINT (Human Intelligence) case officer was confirmed when Ron Rockwell Hansen entered his guilty plea in response to the charges levied upon him in the indictment of June 20, 2018, which accused him of espionage on behalf of China.
To recap, the indictment alleged that Hansen had traveled to China many times, been recruited by China’s intelligence service (Ministry of State Security), and actively targeted the U.S. defense sector, including its personnel.
While the indictment contained numerous additional charges, the plea agreement focused on the U.S. government (DIA and FBI) controlled case where Hansen had attempted to recruit a former colleague to commit espionage on behalf of the MSS. In December 2018 the U.S. Attorney offered Hansen the plea agreement, which included the recommendation that Hansen serve 15 years in prison.
Had Hansen not agreed, the U.S. Attorney was prepared to file a superseding indictment, one which would include additional charges and no doubt reveal additional activities in which Hansen was engaged for China.
The government provided Hansen’s attorney with over 70,000 documents outlining the years of Hansen’s collaboration with the Chinese – collaboration for which he had been remunerated approximately $800,000.
How Hansen Identified and Targeted Other Sources for China
The criminal complaint detailed how Hansen lived and worked in China from 2007 until 2011. Two of his “business partners” were identified as Chinese intelligence officers. From 2007-2018 he attended trade shows for the purpose of targeting technology and personnel on behalf of China. The criminal complaint charged him with violating ITAR regulations in sharing controlled technologies with China.
Furthermore, Hansen remained a cleared government contractor into at least 2011, working on a variety of projects which provided him access to U.S. classified information. Post 2011, at the direction of the MSS, he repeatedly attempted to garner employment within the U.S. intelligence community in various contractor or staff capacity.
He also actively used the LinkedIn platform to identify and connect with targets of interest to the MSS. No surprise that many of those individuals were within the defense and intelligence communities. And why not? He was an individual who had retired from the DIA, U.S. Army, and had a background in government independent contract work and who was simply looking for his next gig.
China showed their counterintelligence interest in Hansen when he was directed to offer himself up as a “double agent” to U.S. intelligence to work against his Chinese intelligence “business partners” and others in China. The logic behind this from the Chinese perspective most likely included the expectation that additional U.S. intelligence personnel would be identified. The operational tasking requirements which they hoped would be levied upon Hansen would reveal gaps in the U.S. knowledge of MSS modus operandi.
From the government optic it made sense to focus his plea on the period from May 2016 to June 2018, which encompasses the time Hansen was working a DIA case officer. They also obtained Hansen’s agreement to forfeit to the government the numerous devices and electronic storage containing evidence of Hansen’s collaboration.
What makes Hansen’s case so interesting is that his guilty plea arrives mid-March 2019, on the heels of the revelation that a former AFOSI officer, Monica Witt, defected to Iran and was helping Iran target defense intelligence personnel.
The commonality, and perhaps revelation to some, is how hostile intelligence services are using their assets (Hansen and Witt). Facility Security Officers should ensure their counterintelligence briefings warn cleared personnel to strictly adhere to “need to know” principles. Any attempt to elicit or acquire information outside of one’s normal swimlanes warrants reporting to the FSO. No longer is the counterintelligence threat wrapped in a flag of a hostile nation
There are more Hansens and Witts active right now. They just haven’t yet been identified.