by Yudhijit Bhattacharjee
[Readers of Rick On Theater will know that one of the subjects
in which I have an abiding interest is intelligence and espionage. The reason, as ROTters will know, is
my five years in the army as an intelligence officer during the Cold War. I spent 2½ years in occupied West Berlin as a
counterintelligence Special Agent.
[I’ve blogged on that
personal history several times: “Berlin Station,” 19 and 22 July 2009; “Berlin Wall,”
29 November 2009; and the 8-part “Berlin Memoir,” posted irregularly between 16
December 2016 and 13 April 2017. My military
experiences also bore on a number of other posts: “Der Illegale,” 5 July 2009; “Top Secret America,” 17
September 2010; “The Big Lift,” 31 August 2017; and FSB: Field Station
Berlin,” 13 May 2022.
[I didn’t have anything to
do with industrial espionage or the theft of intellectual property, which is
what Yudhijit Bhattacharjee’s “Spy Games,” published in the New
York Times Magazine of 12 March
2023, is about, but I was intrigued to see how many of the tactics the reporter
described are the same or similar, even after half a century.]
How the downfall
of one intelligence agent revealed the astonishing depth of China’s espionage
campaign against America.
In March 2017, an engineer
at G.E. Aviation in Cincinnati whom I will refer to using part of his Chinese
given name — Hua — received a request on LinkedIn. Hua is in his 40s, tall and
athletic, with a boyish face that makes him look a decade younger. He moved to
the United States from China in 2003 for graduate studies in structural
engineering. After earning his Ph.D. in 2007, he went to work for G.E., first
at the company’s research facility in Niskayuna, N.Y., for a few years, then at
G.E. Aviation.
The LinkedIn request
came from Chen Feng, a school official at the Nanjing University of Aeronautics
and Astronautics (N.U.A.A.), in eastern China. Like most people who use
LinkedIn, Hua was accustomed to connecting with professionals on the site whom
he didn’t know personally, so the request did not strike him as unusual. “I
didn’t even think much about it before accepting,” Hua told me. Days later, Chen
sent him an email inviting him to N.U.A.A. to give a research presentation.
Hua had always
desired academic recognition. “When I did my Ph.D., I initially wanted to be a
professor in China or in the United States,” he says. But because his studies
were focused more on practical applications than pure research, a career in
industry made more sense than one in academia. At G.E. Aviation, he was part of
a group that designed containment cases for the rotating fan blades of jet
engines. The use of carbon-based composites in fan blades and their casings,
instead of metal, means lighter engines and a commercial advantage.
“I felt honored to
be invited to give a talk,” Hua says. Being recognized back home was especially
fulfilling for Hua, who grew up poor in a small village and was the only child
there from his generation to go to college. Beyond the prestige, the invitation
also provided a free trip to China to see his friends and family. Hua arranged
to arrive in May, so he could attend a nephew’s wedding and his college reunion
at Harbin Institute of Technology. There was one problem, though: Hua knew that
G.E. would deny permission to give the talk if he asked, which he was supposed
to do. “Since G.E. is a high-tech company, it is difficult to get approval even
to present at conferences in the United States,” he says. The company was
concerned about giving away proprietary information.
Hua made it clear to
Chen that he would be able to discuss only research on composite materials
generally, without going into the specifics of what he did at G.E. Aviation. To
prepare, Hua told me, he went back over the work he had done for his doctorate
and gathered additional information from scientific papers. He also downloaded
a few G.E. training files onto his laptop. These contained instructions from
G.E. experts on using composites; Hua thought they would help him save time
when putting together his presentation, which he planned to do on his flight.
After he landed in
China, Hua took a high-speed train from Beijing to Nanjing, where Chen drove
him to a hotel on the Nanjing University campus. The next morning, Chen and Hua
went to a meeting with a man who was introduced as Qu Hui, deputy director of
the Jiangsu Provincial Association for International Science and Technology
Development. Qu gave Hua a welcome gift: loose Chinese tea nicely packaged in a
gift box. “I accepted it as an honor,” Hua says. “I’ve liked drinking tea since
I was a kid.”
A few dozen students
and faculty members attended Hua’s talk. They asked several questions that Hua
was happy to answer. “I remember one student asked specifically about the
architecture of the material I was talking about in my presentation,” he says.
“I said: This is G.E. proprietary information. I am just using this picture as an
example, but I cannot share the details of what we are designing or using.”
After the
presentation, Chen handed Hua an envelope filled with $3,500 in U.S. dollars —
reimbursement for his plane ticket and an honorarium for the talk. Then they
went to dinner with Qu and a couple of professors. That night, Hua took a train
back to Shanghai; the next day, he flew back to the United States. Once home,
he realized he had forgotten to delete his presentation from the computer at
the university auditorium in Nanjing. He was concerned because the slides
included some pictures with G.E.’s logo. “So,” Hua told me, “I emailed one of
the students and said, Hey, can you delete the presentation?” He thought that
would be the end of the matter.
The images of a
Chinese spy balloon drifting through American airspace last month before being
shot down by a fighter jet off the coast of South Carolina were a conspicuous
reminder of the escalating geopolitical antagonisms between the United States
and China. Although world powers spying on each other is hardly unusual, the
impunity with which the Chinese were apparently conducting surveillance over
U.S. military sites alarmed many. The U.S. House of Representatives passed a
resolution condemning China’s “brazen violation of United States sovereignty”
in deploying the balloon, which was fitted with antennas capable of collecting
signals intelligence; the Chinese government condemned its downing as an
overreaction. The incident — reminiscent of Cold War confrontations — inflamed
tensions between two countries already locked in a race for military,
technological and economic supremacy.
The spy balloon’s
flight over U.S. territory was a very public display of China’s intelligence
gathering, but the Chinese government has for decades been conducting a much
less visible and possibly more damaging campaign to steal American trade
secrets and intellectual property. While weapons and military equipment have
always been a focus — Chinese agents and civilians have been implicated in the
theft or illicit transfer of various military technologies, including those
related to radar, fighter jets, submarines and weapons systems — China’s
espionage expanded in the 1980s and beyond to also target commercial
technologies as diverse as pesticides, rice seeds, robotic cars and wind
turbines.
Although China
publicly denies engaging in economic espionage, Chinese officials will
indirectly acknowledge behind closed doors that the theft of intellectual
property from overseas is state policy. James Lewis, a former diplomat now at
the Center for Strategic and International Studies in Washington, recalls
participating in a meeting in 2014 or so at which Chinese and American
government representatives, including an officer from the People’s Liberation
Army, discussed the subject. “An assistant secretary from the U.S. Department
of Defense was explaining: Look, spying is OK — we spy, you spy, everybody
spies, but it’s for political and military purposes,” Lewis recounted for me.
“It’s for national security. What we object to is your economic espionage. And
a senior P.L.A. colonel said: Well, wait. We don’t draw the line between
national security and economic espionage the way you do. Anything that builds
our economy is good for our national security.” The U.S. government’s response
increasingly appears to be a mirror image of the Chinese perspective: In the
view of U.S. officials, the threat posed to America’s economic interests by
Chinese espionage is a threat to American national security.
Like China’s
economy, the spying carried out on its behalf is directed by the Chinese state.
The Ministry of State Security, or M.S.S., which is responsible for gathering
foreign intelligence, is tasked with collecting information in technologies
that the Chinese government wants to build up. The current focus, according to
U.S. counterintelligence experts, aligns with the “Made in China 2025”
initiative announced in 2015. This industrial plan seeks to make China the
world’s top manufacturer in 10 areas, including robotics, artificial
intelligence, new synthetic materials and aerospace. In the words of one former
U.S. national security official, the plan is a “road map for theft.”
The Chinese
government relies not only on its intelligence services but also on businesses,
institutions and individuals to gather proprietary information. A 2019 report
from the U.S.-China Economic and Security Review Commission, a congressional
committee, lists the myriad ways in which Chinese companies, often backed by
their government, help transfer strategic know-how from the United States to
China. The maneuvers range from seemingly benign (acquiring American firms with
access to key intellectual property) to notoriously coercive (compelling
American companies to form joint ventures with Chinese firms and share trade
secrets with them in return for access to the Chinese market) to outright
theft. Cyberattacks have become an increasingly common tactic because they
can’t always be linked directly to the Chinese government. Over the past few
years, however, federal agents and cybersecurity experts in the U.S. have
identified the digital footprints left along the trails of these attacks —
malware and I.P. addresses among them — and traced this evidence back to
specific groups of hackers with proven ties to the Chinese government.
Perhaps most
unsettling is the way China has sought to exploit the huge numbers of people of
Chinese origin who have settled in the West. The Ministry of State Security,
along with other Chinese government-backed organizations, spends considerable
effort recruiting spies from this diaspora. Chinese students and faculty
members at American universities are a major target, as are employees at
American corporations. The Chinese leadership “made the declaration early on
that all Chinese belong to China, no matter what country they were born or
living” in, James Gaylord, a retired counterintelligence agent with the F.B.I.,
told me. “They started making appeals to Chinese Americans saying there’s no
conflict between you being American and sharing information with us. We’re not
a threat. We just want to be able to compete and make the Chinese people proud.
You’re Chinese, and therefore you must want to see the Chinese nation prosper.”
Stripped of its
context and underlying intent, that message can carry a powerful resonance for
Chinese Americans and expatriates keen to contribute to nation-building back
home. Not all can foresee that their willingness to help China could lead them
to break American laws. An even more troubling consequence of China’s
exploitation of people it regards as Chinese is that it can lead to the undue
scrutiny of employees in American industry and academia, subjecting them to
unfair suspicions of disloyalty toward the United States.
Hua didn’t regard
his visit to China to share his technical expertise as extraordinary in any
way. Many scientists and engineers of Chinese origin in the United States are
invited to China to give presentations about their fields. Hua couldn’t have
known that his trip to Nanjing would prove to be the start of a series of
events that would end up giving the U.S. government an unprecedented look
inside China’s widespread and tireless campaign of economic espionage targeting
the United States, culminating in the first-ever conviction of a Chinese
intelligence official on American soil.
Around noon on Nov.
1, 2017, a few hours after he scanned his security badge and entered his office
at G.E. Aviation, Hua received a call from the company’s I.T. desk asking him
to come meet with G.E.’s security officers. The call heightened a sense of
anxiety he had felt since that morning, when he and others in his group were
asked to hand over their removable hard disks for what I.T. described as a
computer security review. A while later, they were asked to turn in their work
laptops. Hua couldn’t help wondering if this had anything to do with the secret
of his Nanjing trip that he had been keeping from his employer.
Soon enough, his
fears were confirmed: The G.E. security officers waiting to interview him in an
auditorium wanted to know about his trip to China six months earlier. Where had
he visited, and why? Hua told them he had gone back home for a college reunion
and spent all his time reconnecting with friends and family.
Then the security
officers told Hua that the F.B.I. wanted to talk to him. Two F.B.I. agents, who
were already in the building, entered the room. One of them was Bradley Hull, a
bright-eyed man with a shaved head and a goatee. He started with the same
questions that G.E. security had asked about Hua’s China trip.
Hua was shaking with
nervousness, one of the agents told me in an interview. He repeated the answers
he had given to his employer’s security officers. Hull proceeded to ask more
questions about the trip, giving Hua several chances to amend his story and
signaling that he didn’t think Hua was being truthful. Finally, he confronted
Hua with evidence showing that Hua had met with people other than just friends
and family. He had also paid a visit to the Nanjing University of Aeronautics
and Astronautics.
Hua sank into his
chair as if knocked back. It was a crime to lie to a federal agent, Hull told
him. He advised Hua to relate everything he could remember about the visit to
N.U.A.A. Hua, in shock, wasn’t immediately forthcoming, but over the course of
the interview, as Hull pressed him with follow-up questions, Hua ended up
providing an account of why he visited Nanjing and what he did there. The agent
who spoke to me described the interview as incremental truth telling.
Hua finally
disclosed that he had given a presentation at N.U.A.A. about designing airplane
parts out of composite materials. He said he had been careful to not divulge
any information that was proprietary to G.E., even though he had downloaded
certain files that belonged to his employer to help prepare his slides. As Hua
provided more detail about his visit, Hull became convinced that he had been
hosted at Nanjing by Chinese intelligence officials looking to cultivate the
engineer as an asset, someone who could steal trade secrets for them.
Around 4:30 p.m., at
which point the interview had been going for a few hours, Hull suggested taking
a break to eat some pizza that he had ordered for everyone. He also made Hua an
offer: The F.B.I. wouldn’t recommend that charges be brought against him if he
agreed to cooperate and take part in a counterintelligence operation against
the Chinese. Hua had already been informed that the F.B.I. had been carrying
out a search at his home that afternoon, while he was being interviewed; his
car had also been towed away to be searched. And here at work, the agents had
already caught him lying, which he realized was enough to land him in trouble.
Even though he hadn’t shared any trade secrets at his Nanjing presentation,
some of the documents downloaded to his laptop before he went to China were
marked export-controlled — a government-mandated designation — for which he
could face criminal charges. He knew what he had to do to save himself and his
family.
“No one begrudges a
nation that generates the most innovative ideas and from them develops the best
technology,” John Demers, former assistant attorney general for national
security, said in a 2018 hearing before the U.S. Senate Judiciary Committee.
“But we cannot tolerate a nation that steals our firepower and the fruits of
our brainpower.”
The accusation that
China has been relentlessly stealing intellectual property from American
companies and institutions — although China is now a manufacturing giant, for
technology it still relies heavily on the United States and Europe — is neither
new nor unfounded. In 2008, a Chinese-born engineer named Chi Mak who worked
for a defense contractor in California was sentenced to more than 24 years in
prison for having stolen and passed on to China information about several
sensitive technologies, including systems for the U.S. Navy. The Chi Mak
investigation led to the uncovering of another Chinese spy, Dongfan Chung, an
engineer at Boeing who gave his handlers in China thousands of documents
containing designs and other technical specifications relating to American
fighter jets, the U.S. space shuttle and the Delta IV rocket. In the past
decade, individuals working for Chinese entities have been caught taking or
trying to take trade secrets across many industries. One notable case involved
six Chinese nationals in the United States attempting to steal proprietary corn
seeds from fields in Iowa and Illinois. A California engineer named Walter Liew
was caught stealing secrets relevant to the production of titanium dioxide,
which is used as a whitener in paint and toothpaste. Individuals of Chinese
origin have been indicted in recent years for the theft of proprietary
information relating to locomotives, semiconductors, solar panels and other
high-tech products.
In recent years,
China has been recruiting those it considers expat nationals through hundreds
of formal “talent” programs, which identify experts in American schools and
industries to help fill specific gaps in knowledge back home. “It’s a vehicle
to get them to travel back to China to attend conferences, to provide lectures,
which allows the opportunity to develop a relationship with them and later take
advantage of that relationship to get intellectual property,” Gunnar Newquist,
a former counterintelligence agent for the Naval Criminal Investigative
Service, told me.
The guests are often
hosted in luxury hotels, driven around in limousines, taken on sightseeing
tours. After receiving this lavish treatment, Gaylord says, some feel obligated
to provide information that they might not have initially planned to share.
While at the F.B.I., Gaylord interviewed many scientists and engineers of
Chinese origin who had been courted in this fashion. Some of them described how
they had been pressured. “They would say: ‘Everything in my presentation was
approved by my company. After I finished it and stepped down, a gaggle of
students surrounded me to ask more questions. And they kept pushing me for more
and more sensitive information,’” Gaylord says. “And a lot of them say: ‘You
know, after a while, you start to break down. You can’t keep saying, “I can’t
talk about this.” You then start answering around the edges, giving away more
and more.’”
The Chinese
government also offers financial incentives to help Chinese expats start their
own businesses in China using trade secrets stolen from their American
employers. Gaylord told me about Wenfeng Lu, an engineer who worked at Edwards
Lifesciences in Irvine, Calif. Lu’s employer reported him to the F.B.I. after
discovering that he had been downloading proprietary information about the
company’s heart catheters. Gaylord and his colleagues opened an investigation
and discovered, among other red flags, that Lu was often collecting this
material right before trips to China. Agents arrested him as he was preparing
to leave the country for another visit. On the laptop and thumb drives that he
was carrying, investigators found information he had taken from his employer.
Searching his house, agents found more documents he had collected from two
other U.S. medical device companies where he had worked. “Then, in his laptop,
we found agreements between him and municipal government officials in China
offering him research offices in an industrial park in Nanjing that would be
rent-free for the first three years,” Gaylord says. “In other words, he steals
the R. & D. cost our companies incur, and he goes there and develops it for
a lot cheaper. And has the whole China market without any revenues going to the
American companies.” Lu pleaded guilty to charges of unauthorized possession of
trade secrets and in 2019 was sentenced to 27 months in prison.
The F.B.I. is loath
to give away sources and methods, so the agency would not disclose to me how
agents learned of Hua’s visit to Nanjing. But from the start it suspected that
Hua’s hosts wanted more than an innocent academic exchange. As the
investigators learned more about the trip, they could see that it had all the
hallmarks of an intelligence operation — the initial contact through LinkedIn,
the introduction to people who had weaker ties to N.U.A.A. The F.B.I. suspected
that the Jiangsu science and technology association was a front for the Chinese
government and that Qu Hui, the man who gave Hua the tea, was an intelligence
officer.
The agents wanted to
learn more about Qu, who seemed to be the key figure behind the Chinese attempt
to recruit Hua, and they saw an opportunity to go further than just an
investigation into Hua. The agent who spoke to me likened their
counterintelligence operation to swimming upstream. And so, in exchange for an
assurance that he wouldn’t face charges, Hua became an asset for the F.B.I.,
willing to communicate with his Chinese contacts at the F.B.I.’s behest.
Deception often lies
at the heart of espionage and counterespionage; success for both spies and spy
hunters can hinge on finding a foolproof way to deceive their targets.
Describing Hua’s communications with his hosts in China, the agent emphasized
that the investigators didn’t type anything themselves. Hua wrote the messages
himself, to give them the veneer of authenticity that the F.B.I. wanted. A team
of agency linguists assisted Hull, who doesn’t know Mandarin, with figuring out
what Hua might say and how to say it. Ultimately, though, they needed to rely
on Hua’s own judgment about exactly how to phrase things.
After his return
from China, Hua stayed in touch with his hosts in Nanjing. “I will definitely
contact you again if I have a chance to visit China in the future,” he wrote to
Qu, keeping the door open for another academic exchange at the university. Now,
at Hull’s direction, he sent Qu a message over WeChat on Dec. 20, a month and a
half after the F.B.I. first interviewed him. He told Qu he would be willing to
return for another visit in February, a week before the Chinese New Year. In
earlier conversations with Qu, he talked about his responsibilities as the
oldest son in the family, and so it made sense for him to want to visit home
during the Chinese New Year.
Qu consented to the
offer. “I will touch base with the scientific research department here to see
what technology is desired and I will let you know what to prepare,” he texted
Hua on Jan. 9, 2018.
By now federal
agents had obtained search warrants for two email addresses that Qu had used for
his correspondence with Hua: jastxyj@gmail.com and jastquhui@gmail.com. In what
would prove to be a lucky break, the investigators found that each email
address was the Apple ID used for an iPhone, linked to an iCloud account where
data from the phones was periodically backed up. The agents were later able to
obtain search warrants for the two iCloud accounts. The one linked to
jastquhui@gmail.com opened a treasure trove.
This included
confirmation of what they had suspected all along: that Qu worked for Chinese
intelligence. His real name was Xu Yanjun. He had worked at the Ministry of
State Security since 2003, earning six promotions to become a deputy division
director of the Sixth Bureau in the Jiangsu Province M.S.S. Like so many of us,
he had taken pictures of important documents using his iPhone — his national ID
card, pay stubs, his health insurance card, an application for vacation — which
is how they ended up in his iCloud account. There, investigators also found an
audio recording of a 2016 conversation with a professor at N.U.A.A. in which Xu
had talked about his job in intelligence and the risks associated with
traveling. “The leadership asks you to get the materials of the U.S. F-22
fighter aircraft,” he told the professor. “You can’t get it by sitting at
home.” The discovery of evidence of Xu’s identity in an iCloud account makes
for a kind of delicious reversal. The ubiquitous use of iPhones around the
world — a result of America’s technological prowess — was helping to fight back
against a rival nation’s efforts to steal technology.
The revelation that
the target of their investigation was a senior-level M.S.S. officer raised the
stakes for the F.B.I. The agent characterizes the unmasking of Xu as a
significant milestone in the effort to combat economic espionage by the
Chinese, for reasons that go beyond this one case. When F.B.I. agents go out to
talk to companies and universities about the threat, he says, skeptical
listeners ask for the evidence that proves the theft of trade secrets is part
of a campaign directed by China’s government. In Xu Yanjun, the F.B.I. now had
the example it needed. Here was an intelligence officer working as a
puppet-master, in one agent’s characterization of the events, cultivating
people at American companies in order to steal trade secrets. The F.B.I. was
determined to build a case against him and even arrest him if it could.
Hua was put on leave
without pay by G.E. Aviation right after the F.B.I. interviewed him in November
2017. As he struggled to find paid work in the weeks that followed, his efforts
on behalf of the F.B.I. kept him engaged. Under the agency’s direction, he kept
up his exchanges with Xu over WeChat and email, expressing eagerness to share
information from G.E. “Just recently I’ve heard the speculation about laying
off in my department. I, of course, don’t want to be affected, but the
possibility is there,” he wrote in a message on Jan. 23. “That’s why I’m trying
my best to collect as much information as possible.” Xu asked if Hua could send
material relating to the specifications and design process for building an
encasement for fan blades. Hua obliged with a document titled “G.E.9X Fan
Containment Case Design Consensus Review.” It had the appearance of being
useful but didn’t contain anything of real value — G.E. Aviation, which was
cooperating with the F.B.I., had altered the document. This bait worked: Xu,
emboldened, sent a list of “domestic requirements” that he wanted Hua to
collect information for, such as the type of software used in designing
composite structures.
On Feb. 5, about a
week before Hua arranged with Xu to visit Nanjing again, Xu asked him to copy
the table of contents of his G.E. laptop’s directory into a file that he could
bring with him. He provided instructions on how to create the file in Notepad.
The document would give a high-level picture of the work Hua’s group at G.E.
was doing — and more important, it would indicate what information Hua had
access to.
The F.B.I. never
intended for Hua to travel to China. On Feb. 7, he sent Xu a message saying he
couldn’t make the trip because his boss had asked him to go to France in March
for work. There was a lot to do in preparation for that trip, he explained, so
he wasn’t being allowed to take any time off. “Because the ticket already
booked is not refundable,” he wrote, “even my parents are very disappointed.”
He asked if he could
still be reimbursed for the airfare. Xu, presumably disappointed that the
meeting wasn’t going to happen, was noncommittal. He messaged in response: “Can
we resolve all these issues the next time you come back?”
Xu’s interest was
rekindled a week later, however, when Hua emailed him a copy of his laptop
directory, stripped of any information that G.E. regarded as sensitive. Xu
proposed that they get together somewhere in Europe after Hua traveled to
France in March. Until this point, they had been communicating by email and
WeChat, but on Feb. 27, apparently eager to finalize his suggested meeting, Xu
attempted to make a video call to Hua when it was nearly 10 p.m. in Cincinnati.
Hua was at home, but with no F.B.I. agents by his side to instruct him on what
to do, he couldn’t risk answering. About an hour later, at Hull’s direction, he
messaged Xu: “Sorry missed your call. I was trying to put the child to sleep.”
He added that he would be visiting France from March 25 to April 6.
When Xu and Hua
spoke the next day to arrange a meeting place, Hua suggested Belgium or Germany
or the Netherlands — that way, he said, he could get away from his G.E.
colleagues.
The real reason was
different. The F.B.I. wanted the meeting to happen in a country that would be
amenable to arresting Xu. The French government was unlikely to agree.
Xu asked if Hua
could bring along the contents of the directory he had sent. “I think that is
pretty good stuff,” Xu said.
Hua said he planned
to bring his laptop to their meeting.
“The thing is, can
you export the stuff out?” Xu asked.
Hua confirmed that
he could and assured him again that he would have the files with him.
“All right,” Xu
said. “Let’s try our best to meet in Europe.”
In the last week of
March 2018, Hua flew to Brussels, accompanied by Hull and other agents. For
months he had been playing an active role in their investigation; now he was
about to participate in a field operation. His wife was worried. “I tried to
explain to her that everything would be fine,” he told me.
Xu had flown to
Amsterdam. He wanted Hua to meet him there, but the F.B.I. wanted Xu to go to
Belgium. Behind the scenes, U.S. authorities had been working to secure
cooperation from a European country, which they ultimately got from the Belgian
government. Hull had Hua explain to Xu that he couldn’t come to Amsterdam on
March 31 as planned because his boss had asked him to visit a plant in Belgium.
He could meet on April 1 instead, and it would have to be in Brussels.
The change of plans
flustered Xu. It would be difficult for him to change his itinerary, he
messaged back; he suggested they stick to meeting in Amsterdam. In a voice call
to Hua over WeChat, he explained that traveling to a new country for the
meeting without prior approval from his superiors in China would be considered
serious misconduct. He then proposed they meet in Rotterdam — Hua could make it
to the Dutch city and return to Brussels the same day.
The F.B.I. had to
come up with a reason for Hua to reject Xu’s proposal. “Sunday is Easter, which
my boss takes seriously,” Hua messaged Xu over WeChat. “He has reserved an
Easter lunch for the traveling team and asked us better to attend.” There was
no way he could leave Brussels.
Xu finally gave in,
and Hua sent him a photo of a coffee shop in the Galleries of Saint Hubert, a
historic landmark in central Brussels whose grand, high-pillared architecture
and arched glass-paned roof are a draw for tourists.
The meeting was set
for 3 in the afternoon. But Xu went to check out the coffee shop a few hours
earlier, accompanied by a colleague from the M.S.S. The two men walked through
the galleries. As they approached the coffee shop, Belgian federal police
officers placed them under arrest. In addition to two smartphones and about
7,000 euros, Xu and his colleague had $7,000 in hundred-dollar bills — cash
that they presumably planned to give to Hua that afternoon. Six months later,
Xu was extradited to the United States to face charges of economic espionage.
I saw Xu at a
pre-sentencing hearing on Aug. 23 last year, in federal court in Cincinnati,
dressed in an orange-and-white prison jumpsuit. Despite being somewhat tall, Xu
looks compact, with a squarish face that didn’t betray much emotion as the
day’s proceedings got underway, except for one moment early on when he was
struggling with shackled hands to review some papers his lawyers were showing
him. At the judge’s direction, a federal marshal unshackled him. Freed, even if
only in a limited sense, Xu gave a nod of gratitude.
It was striking,
based on a court filing submitted by Xu’s lawyers, to note the parallels in the
early lives of Xu and Hua in China. Like Hua, Xu was born into a family of
modest means. Like Hua, he devoted himself to the pursuit of good grades,
studying late into the night and on weekends — excelling in academics was one
way to build a better life. Like Hua, Xu became the first person in his family
to go to college, where he earned undergraduate and graduate engineering
degrees. That’s where the similarities between the paths of their two lives
end. In 2003, the year Hua left for the United States, Xu started working for
the Ministry of State Security.
During a two-week
trial in Cincinnati that began in October 2021 — more than three years after
Xu’s extradition to the United States — federal prosecutors laid out their
case. Xu was represented by a team that included five attorneys from Taft,
Stettinius and Hollister, a leading Midwest law firm, which suggests that the
hundreds of thousands of dollars required in legal fees was paid by the Chinese
government. (The firm declined to comment for this article.) The defense argued
that Xu had been tricked; the intent behind his correspondence with Hua was not
to steal trade secrets but simply to facilitate an academic exchange between
Hua and Chinese scientists. Ralph Kohnen, one of the defense attorneys, said in
his closing argument, “What’s happened here is Mr. Xu, my client, has become a
pawn, a pawn in the tense place between U.S. industries trying to exploit China
and trying to get along with China.”
The prosecution
contended that Xu had been systematically going after intellectual property at
aerospace companies in the United States and Europe through cyberespionage and
the use of human sources. It’s not often that prosecutors find a one-stop shop
for much of their evidence, but that’s what Xu’s iCloud account was — a
repository of the spy’s personal and professional life. That’s because often Xu
used his iPhone calendar as a diary, documenting not just the day’s events but
also his thoughts and feelings. Several entries from 2017, for instance,
indicate rising tensions with his boss, a man named Zha Rong. “Zha rejected a
meal receipt today,” he wrote on March 27. Then, on April 28: “Relationship
with Zha has dropped to freezing point.” Other entries from that period — when
he started corresponding with Hua — reflect an unhappiness in Xu’s personal
life. Such as one from Aug. 17, in which he lamented the breakup of what
appears to have been an extramarital romance. She “saw me in the rain yesterday
morning, didn’t stop and she walked away with her umbrella.” Things weren’t
going well financially, either, as evidenced by a snippet from an entry on May
19: “I lost so much in the stock market. I got myself into this financial
hole.”
Also backed up to
the cloud were messages that Xu had exchanged with several other U.S.
aerospace-industry employees, which prosecutors laid out at trial. One of them
was Arthur Gau from a Honeywell division in Phoenix, who testified at trial
that Rong and Xu paid him $5,000 and covered his airfare to China for a 2017
visit to Nanjing to make a technical presentation. (In May 2021, Gau pleaded
guilty in Arizona to a charge of exporting controlled information without a
license. Bloomberg Businessweek covered Xu’s case extensively in an article
published last September.) Another was an engineer at the aviation company
Fokker, who accepted Xu’s invitation to visit China to share information with a
Chinese research institute after Xu arranged to help the engineer’s parents,
who had lost their home in China when their building was set to be demolished
as part of a development project. An I.T. specialist from Boeing, who testified
at the trial under the alias Sun Li, described how Xu attempted to cultivate a
relationship with him, first reaching out through an email in which he
mentioned having contacted the witness’s dad, an academic in China. The witness
subsequently met with Xu, who repeatedly offered to reimburse his round-trip
tickets to China in exchange for sharing his knowledge of and experience in
I.T. The witness finally stopped communicating with Xu after realizing that Xu
was not actually interested in his expertise, which was project management, but
in “something else that I could not provide.”
“What they call
exchanges are not just a nice invitation,” Timothy Mangan, who led the
prosecution, told me, encapsulating a point he made to the jury. “It’s part of
a recruiting cycle. Some pan out, some don’t, but this is them throwing the
fishing lines out, trying to vet people.”
At Xu’s trial,
Mangan buttressed the argument about the so-called exchanges being anything but
benign by citing an audio recording of a four-hour meeting between Xu and
several Chinese engineers. Why Xu should have recorded this conversation is
inexplicable — and surprisingly imprudent in hindsight, given that it ended up
in an iCloud account — but in it he explains the approach to soliciting
information from Chinese expatriates. “As experts abroad, it would be very
difficult for them to directly take large batches of materials due to the fact
that their companies’ security is very tight,” Xu tells the engineers,
emphasizing the need to consider the risks involved for sources being targeted.
At another point in the conversation, he talks about how to spot potential
recruits while targeting specific technologies. “For example, if I am an
aircraft person, then I would search into Boeing or Lockheed, right? Find it at
Lockheed Martin,” Xu said. “After I found the person, I would find out if this
person is doing something? Like in charge of overall design or avionics.”
The messages in Xu’s
iCloud account enabled investigators to make another damning discovery. Xu had
helped coordinate a cyberespionage campaign that targeted several aviation technology
companies. Those attacks — described in a report by CrowdStrike, a
cybersecurity firm — started in 2010, shortly after the state-owned Commercial
Aircraft Corporation of China (COMAC) announced that it had chosen a joint
venture between G.E. Aviation and Safran to supply a custom-made engine for
China’s first domestically manufactured commercial airliner, the C919. The plan
behind the campaign, which was directed against Honeywell, Capstone Turbine and
Safran, among others, became clear only later when security researchers
connected the dots. “When I started putting all these victims together — I was
like, OK, these are all component manufacturers for different pieces of the
C919,” Adam Kozy, a cybersecurity expert who runs the security firm SinaCyber
and was the lead author of the CrowdStrike report, told me. Although COMAC was
prepared to procure components needed to build the aircraft from these
companies, the Chinese government was evidently also working to steal
intellectual property from those suppliers in order to make domestic
manufacturing possible in China, according to the report.
Xu played a role in
these efforts, the prosecution argued at trial. In his iCloud account were
several messages that Xu had exchanged with a manufacturing engineer employed
with Safran named Tian Xi, indicating that they had been plotting to hack into
the company’s computer network. The plan was to have Tian — who was working at
a Safran plant in Jiangsu — install malware provided by Xu onto the laptop of a
Safran employee visiting from France. It took many weeks for the plan to
succeed. Tian sent Xu a triumphant text on Jan. 25, 2014, saying, “The horse is
planted” — a reference to a Trojan horse, a type of malware. (Tian was indicted
on related charges; the case is pending.)
At the end of the
trial, Xu was convicted of conspiring and attempting to commit economic
espionage and theft of trade secrets. In a sentencing memorandum filed last
November, Xu’s lawyers painted a sympathetic portrait of the spy, describing
him as a kind man who loved playing soccer with his son and routinely carried
groceries up several flights of stairs for elderly neighbors. Xu was simply
doing his job, they pointed out, adding that “he was not a rogue operator or
criminal mastermind.” A lenient sentence would be appropriate, the memo argued,
because the U.S. government couldn’t hope to deter China’s theft of
intellectual property by harshly punishing a single intelligence officer. The
judge wasn’t swayed. On Nov. 16 last year, Xu was sentenced to 20 years in
prison. His conviction is now being appealed.
Xu’s arrest and
prosecution could be likened to the capture of an enemy combatant who is then
made a prisoner of war, but for an important distinction that U.S. officials
make — that this war, or economic espionage offensive, is being waged
unilaterally by China. The Chinese government, which maintains that America’s
accusations of economic espionage are “slanderous,” has described the charges
against Xu as “made out of thin air.” According to Mangan, the evidence laid
out during Xu’s trial goes far beyond merely proving his guilt — it uncovers
the systematic nature of China’s vast economic espionage. The revelation of
Xu’s activities lifts the veil on how pervasive China’s economic espionage is,
according to the F.B.I. agent. If just one provincial officer can do what he
did, the agent suggests, you can imagine how big the country’s overall
operations must be.
A sense of that
scale comes from a pair of indictments unveiled in federal court in the
District of Columbia in 2019 and 2020 naming five computer hackers in China
responsible for intrusions into more than 100 businesses, nonprofits and
government agencies in the United States and other countries. The hackers
belong to the group APT41, which the Department of Justice says is backed by
the Chinese government, and it didn’t restrict itself to the theft of
intellectual property and business information. Investigators say the hackers
also purloined more than a million detailed call records from telecom
companies. APT41 appears to have developed a data-modeling way to mine this
type of information and map the social networks of specific targets, including
a Tibetan monk living in India and pro-democracy activists in Hong Kong. The
cases are pending.
One day last
September, I traveled to Cincinnati to ask Hua about what he had gone through.
He agreed to meet on the condition that I protect his identity. Even though he
testified in court under his real name, he wanted to draw as little attention
to himself as possible, especially out of a concern for his family. We met at a
Chinese restaurant for lunch. Walking over to the table where I was sitting
with his attorney, he greeted me with a gentle handshake and asked me to excuse
him for speaking softly because of a rib injury he’d suffered while jogging.
Hua told me he had
spent the past few years rebuilding his life. During the time he was helping
the F.B.I. with its investigation, he was effectively unemployed — G.E. fired
Hua after he was on leave for several months — except for a couple of weeks when
he worked as a driver for Uber Eats. He finally found a job with an engineering
company unrelated to his expertise. Still, he didn’t see himself as a victim.
“Why did I have to accept the invitation without consulting my employer, my
family?” he said. “I bear the consequences of what I did.”
He brightened when I
asked him about his interest in composites. “It’s a fascinating field,” he
said. “You can design a composite in many ways. You can think out of the box,
you have a lot of flexibility in engineering it.” When I asked if he’d thought
about returning to the field, however, he shook his head. “I don’t want to,” he
said. He seemed worried that going back to designing composite structures would
somehow open a fresh portal to the trauma he was trying to leave behind.
A few times during
our conversation, I saw his eyes glisten and his lips quiver. But whenever I
pressed him to describe how he felt about what he had been through, his face
would take on a stoic expression, as if he was trying to keep his emotions in
check. “If you ask me, are there days when I have trouble falling asleep? Yes,
there are. I regret what I did. But I always tell myself, that’s the past, what
can I do? I can only look forward, to see what I can do tomorrow.”
When Hua told me how
he agreed to assist the F.B.I. to save himself and his family, I couldn’t help
thinking of him and Xu as chess pieces in a geopolitical game that they had
little control over — two men of similar background whose lives had collided,
with unfortunate results for both. I asked Hua if he felt any anger toward Xu
for arranging his visit to Nanjing. “No,” Hua replied. “He was just doing what
he was asked to do.” Weeks later, after Xu’s sentencing on Nov. 16, Hua relayed
a message to me through his attorney to say that he was saddened to hear that
Xu would be spending such a long time in prison. “He’s not my enemy,” Hua said.
“We are all just normal people.”
[If, after reading Bhattacharjee’s
account of “The Daring Ruse That Exposed China’s Campaign to Steal American
Secrets,” you have the stamina to peruse “Berlin Station” or, if you can manage
the fortitude, “Berlin Memoir,” you may spot some of the similarities I did.]
[Yudhijit Bhattacharjee is
the author of The Dinner Set Gang (Audible
Originals, 2020) and The Spy Who Couldn’t Spell (New American Library,
2016). He last wrote for the New York Times Magazine about scam calls and where they come from (”Tracing The Call,”
31 January 2021).]
