The FBI has released a “Wanted by the FBI” for Xinjian Jin aka Julien Jin, a Chinese software engineer and former employee of Zoom who allegedly provided operational support to the Chinese government’s intelligence and security services in the United States and China between January 2019 and November 2020. The 47-page criminal complaint details how Jin cooperated with the government, going beyond his assigned duties as the primary liaison contact between Zoom and the government of China.
Zoom’s Julien Jin
Jin, a 39-year old, PRC citizen, resided and worked in the Zhejian Province of the PRC, and he was employed by Zoom since 2016. His role carried the title of “Security Technical Leader” with responsibilities that included ensuring that users of Zoom’s services did not “commit violations of the law or engage in activities that otherwise violated [Zoom’s] Terms of Service.”
The U.S. Department of Justice describes Jin as the individual who “participated in a scheme to disrupt a series of meetings in May and June 2020 held to commemorate the 04 June 1989 Tiananmen Square massacre.”
Acting U.S. Attorney DuCharme notes, “As alleged, Jin worked closely with the PRC government and members of PRC intelligence services to help the PRC government silence the political and religious speech of users of the platform of a U.S. technology company.” DuCharme continued, “The charges announced today make clear that employees working in the PRC for U.S. technology companies make those companies—and their users—vulnerable to the malign influence of the PRC government.
Beginning in 2017, the criminal complaint tells us, the PRC government required service providers to store data for Chinese users who were within China’s borders. As detailed within Clearance Jobs, we know that China’s security and intelligence services don’t stop at their borders, as seen in the recent case involving a New York police officer serving as the Chinese eyes and ears.
Jin, cooperating with PRC officials, put together a means to disrupt and identify those individuals located in the United States who were organizing Zoom calls in commemoration of the 1989 Tiananmen Square massacre. To affect this disruption, Jin and colleagues fabricated violations of the Zoom Terms of Service, and then directed a colleague in the U.S. to terminate the user’s meetings and suspend or cancel their accounts.
Not surprisingly, social media monitoring was used to identify individuals who were hosting the Zoom calls. The Chinese Ministry of State Security asked Jin to keep meetings open, which the FBI deduced to ensure that the MSS would be able to “obtain additional details on meeting participants.” The MSS demanded Zoom evolve a “one-minute” termination of meeting capability – meaning within one minute of being informed by the MSS that a meeting violated PRC law, Zoom would be required to terminate the meeting.
The complaint evidences Jin’s collaboration, beyond that expected of the normal liaison function between a company and government, by Jin’s insistence with colleagues to keep his requests out of company email and his repeated (and often successful) efforts to garner access to U.S. centric aspects of the company’s infrastructure so that he could provide his covert support to the Chinese.
This support included identifying U.S. based account holders, meeting identifiers (links) and passwords for the meetings.
Now a word from Zoom
Zoom, understanding the significance of their China problem issued their own statement describing how the company cooperated with the investigation, opened their own internal investigation, and determined Jin shared “a limited amount of individual user data with Chinese authorities.” They added that no more than 10 users who were not located in China had their information shared with the Chinese authorities. Zoom concludes that Jin was fired for violating company policies.
Counterintelligence caution
While Jin’s crime involves China’s efforts to monitor dissident behavior both domestic and abroad, it does not take many steps to recognize that the methodology used by the MSS to achieve these results have wider applicability. Facility Security Officers will be well-served to highlight this case to their constituents. While Zoom meetings are encrypted, and password utilization prevents Zoom-bombing from occurring, it is clear the technical specs of a given meeting are available.
