It’s the embodiment of a saucy spy thriller.
Questions continue to swirl around Chinese woman Yujing Zhang, who was arrested on March 30 on the grounds of President Trump’s Florida abode, Mar-a-Lago. Her story suspiciously changed between security checkpoints, and she was in possession of two passports, four cellphones, a laptop, an external hard drive and a thumb drive that authorities later claimed contained malware. Moreover, more than $8,000 in U.S. and Chinese currency was discovered in her hotel room nearby.
Denied bail and still behind bars, federal authorities continue to dig deep.
“The Mar-a-Lago incident should be a wakeup call to all businesses and politicians that theft of digital assets does not just happen from nameless, faceless people an ocean away,” Theresa Payton, founder, and CEO of business and government protection agency, Fortalice Solutions told Fox News, via email. “Whether or not this was an independent attempted cybercrime or espionage, it should serve as a stark reminder that strong operational security is absolutely essential.”
Indeed, the strange case of Zhang is hardly the first “possible Chinese spook” story to hit the headlines in recent times, with dozens of individuals over the past two decades being charged in the U.S. with espionage at the behest of the People’s Republic of China. Just last week, New York woman Ying Lin – who worked for Air China – plead guilty to working as an agent for the Chinese government by placing unscreened packages on Beijing-bound flights as mandated by Chinese military personnel stationed at China’s permanent UN mission. Last October, the Justice Department unsealed new charges against ten Chinese hackers and officers, accused of taking part in a years-long and broad scheme aimed at stealing secrets and tradecraft from various fields.
But what do Chinese spies ultimately want from ordinary and not-so-ordinary Americans?
“A decade ago, the goal was more narrow. Efforts were focused on government espionage and intellectual property theft. Now, China and other nation-states cast a wide net,” Payton said. “They have learned that all information gathering can be useful, whether the end goal is espionage theft and exploitation of intellectual property or political influence.”
According to Michael Biggs, founder and chairman of Centurions Alliance Group – a global tier-one tactical training and security firm – it’s all about securing cutting edge recipes. He pointed to a recent case of a prominent athletic apparel company in the U.S., which he declined to name, whereby the research and development company had just developed its new clothing line that was slated for later release.
“Then, the (Chief Financial Officer) while on a trip to Asia saw the very same apparel already being sold as cheap knockoffs by street vendors,” Biggs contended. “A hostile group had tapped someone’s phone and pulled the images off, and then reproduced the line in China. Very fast job, no evidence left behind. A huge dollar loss for that company.”
While the likes of Larry Johnson, CEO of security firm CyberSponse and a 24-year veteran of the U.S. Secret Service views the Mar-a-Lago incident as being “too unsophisticated and poorly planned” to have been state-sanctioned, he stressed that the official Chinese espionage goals are as pronounced as ever.
“The Chinese rise to global power is dependent largely on espionage and theft of U.S. and western technologies. The United States is the yardstick against which they measure themselves,” he told Fox News. “They want to gather intelligence for any sort of competitive advantage they can obtain be it industrial secrets, trade secrets, political insights, military, you name it. Basically, anything they can get their hands on.”
And that makes all Americans ripe for targeting, experts caution.
“The most vulnerable targets are not computers, but people. Human intelligence gathering is an art,” Biggs said. “It’s about taking advantage of people’s vulnerabilities, no matter what they are, to get the information.”
And the arsenal to do so is said to be wide-ranging, from “IP intercept, ISMI catchers, dumpster diving, listening devices (bugs) and informants, to students at universities, Chinese businesses and their employees,” Johnson asserted.
“Very often, the Chinese use phishing emails to make the initial breach. However, they have highly skilled cyber teams which can also find and exploit network or software vulnerabilities, including the exploitation of zero-day flaws,” he continued, referring to a software security flaw that is known to the vendor but has yet to have been patched or guarded against.
Things to watch for, observed Carlos Perez – research and development practice lead for information technology consultants TrustedSec – are primarily “phishing emails, USB drives left around waiting for a curious person to plug and even phone calls where a person is tricked into downloading and running a piece of software on one’s behalf.”
There is also the issue of boots-on-the-ground recruitment.
“China has trained spies here with the responsibility to spot, assess, develop, recruit and handle individuals with placement and access in key areas of government and industry,” noted Andrew Lewis, President of private intelligence firm The Ulysses Group, emphasizing that “university-based networks are responsible for quite a bit of the information and intellectual property China collects from the U.S.”
In December, Bill Priestap Assistant Director, Counterintelligence Division for the FBI, testified before the Senate Judiciary Committee, elucidating that “China uses unconventional, economic espionage as a component part of a comprehensive strategy to promote China’s high-tech industries.”
Priestap claimed that “China is by far the most active practitioner of economic espionage today,” and its economic espionage alone costs the U.S as much as $600 billion annually.
He also illuminated the risks that universities and colleges pose, both in the sense that they are targeted for their cutting-edge research and technological development and they serve as an abundant grounds for spies to intimidate Chinese students and professors critical of the country’s policies, and shape academics in their favor.
“They combine this with an aggressive cyber-espionage effort,” Lewis said. “They want to have a much more active role in defining the international order and ensure it reflects Chinese interests.”
And in his view, even homegrown technology companies are moving more towards the firing line in exchange for their own bottom line.
“Agribusiness, financials, chip makers, aerospace – China is working to exploit the recent 737 incident in an effort to undercut Boeing and enhance their budding aerospace desires,” he claimed. “All of our giant tech companies are significant targets, (some) are deciding to end contracts with the government in exchange to access the Chinese market. The components or outsourced labor can and have been found to be faulty in the past.”