To any counterintelligence or operational security professional, the vehicles used by the principals of a given government always have a home on the adversary’s target matrix. The United Kingdom’s ministers of parliament apparently are the most recent to realize their actions, conversations, and locations may be of interest to adversaries, in this case China.
The Case of the Chinese tracking Device in a Government Car
UK government found at least one (perhaps more) tracking devices within a government vehicle used to transport government officials, including ministers of parliament. According to British media, a SIM card that was capable of sending location data was discovered within a “sealed part that had been imported from China”
The Daily Mail, quoting a GCHQ (UK equivalent of the National Security Agency) source noted how China’s intent is “likely to be more about quantity than the quality of the trackers, as it helps to create a “pool of information” about potential sites of interest.”
The British media outlet, “I” quoted Conservative Party MP Alicia Kearns, “Our data reveals everything about us, from our locations, friendships and networks to our habits, vulnerabilities and activities – this information could be exploited by [Beijing] against government ministers and officials. If these SIM cards have been duplicitously installed, then this is CCP espionage. She continued, “If the SIM cards are operationally standard, then it is a failure of security not to have removed them to protect the data of our government and sensitive government sites.”
Not China’s First Rodeo
In October 2007, yes more than 15 years ago, the then U.S. Counterintelligence Executive issued a warning concerning “acquisition risk.” The topic was one of extreme import to the U.S. government then and should be now, especially when it comes to the potential for product manipulation. The questions he asked were, “What are we buying? What does “Made in USA” mean when components come from overseas and the software in the electronics may have been written by God-only-knows-whom? Unknown or sketchy provenance raises the risk that a foreign government or organization could program vulnerabilities into our most sensitive information systems.”
The discovery which occurred in the UK and the GCHQ source observation aligns with the tried and true tactic used by China in the past. For example, in 2007 hard drives were manufactured in Thailand by Seagate and sold to Taiwan. Part of the manufacturing supply chain used “Chinese subcontractors.” These subcontractors inserted a piece of trojan-horse malware that sent data from the drive to an IP address in China. Similar to the SIM insertion in a sealed part, the target set was broad, and only after installation and connection would China know if they had hit pay dirt.
Other Cases Around the World
And then we have the 2015 case of the Lenovo laptops which had the pre-loaded Superfish application preloaded which then connected the laptop to Lenovo servers. Lenovo had been sold to a Chinese entity by IBM in 2006. Thousands of these Lenovo devices had been purchased by the U.S. government, including the Department of State.
And who can forget the ballsy operation which China ran against the African Union from 2012 to 2017)? The Chinese gifted the African Union a new headquarters building in Addis Ababa, Ethiopia, paid for by China. At the time I opined the operation evidenced China’s cojones were the size of Chicago’s Millennium Park’s egg – China wired the AU’s headquarters’ infrastructure and then totally compromised it from the get-go. The IT infrastructure within the building was appropriately backed up to local servers, and then, these servers were then surreptitiously backed up to servers located in Shanghai.
FSOs – Check Your Equipment
The UK’s find shouldn’t be a surprise, indeed, every FSO should be mindful of every piece of equipment being used within the classified engagements with an eye toward the potential for “acquisition risk” as described above. Additionally, there should be no expectation China is going to slow down. When discovered, they deny everything and make counter-accusations – every time. Put your counterintelligence glasses on and assume the worst and be pleasantly surprised when it doesn’t materialize.