The Daring Ruse That Exposed China’s Campaign to Steal American Secrets

The Daring Ruse That Exposed China’s Campaign to Steal American Secrets

During a two-week trial in Cincinnati that began in October 2021 — more than three years after Xu’s extradition to the United States — federal prosecutors laid out their case. Xu was represented by a team that included five attorneys from Taft, Stettinius and Hollister, a leading Midwest law firm, which suggests that the hundreds of thousands of dollars required in legal fees was paid by the Chinese government. (The firm declined to comment for this article.) The defense argued that Xu had been tricked; the intent behind his correspondence with Hua was not to steal trade secrets but simply to facilitate an academic exchange between Hua and Chinese scientists. Ralph Kohnen, one of the defense attorneys, said in his closing argument, “What’s happened here is Mr. Xu, my client, has become a pawn, a pawn in the tense place between U.S. industries trying to exploit China and trying to get along with China.”

The prosecution contended that Xu had been systematically going after intellectual property at aerospace companies in the United States and Europe through cyberespionage and the use of human sources. It’s not often that prosecutors find a one-stop shop for much of their evidence, but that’s what Xu’s iCloud account was — a repository of the spy’s personal and professional life. That’s because often Xu used his iPhone calendar as a diary, documenting not just the day’s events but also his thoughts and feelings. Several entries from 2017, for instance, indicate rising tensions with his boss, a man named Zha Rong. “Zha rejected a meal receipt today,” he wrote on March 27. Then, on April 28: “Relationship with Zha has dropped to freezing point.” Other entries from that period — when he started corresponding with Hua — reflect an unhappiness in Xu’s personal life. Such as one from Aug. 17, in which he lamented the breakup of what appears to have been an extramarital romance. She “saw me in the rain yesterday morning, didn’t stop and she walked away with her umbrella.” Things weren’t going well financially, either, as evidenced by a snippet from an entry on May 19: “I lost so much in the stock market. I got myself into this financial hole.”

‘If you ask me, are there days when I have trouble falling asleep? Yes, there are. I regret what I did.’

Also backed up to the cloud were messages that Xu had exchanged with several other U.S. aerospace-industry employees, which prosecutors laid out at trial. One of them was Arthur Gau from a Honeywell division in Phoenix, who testified at trial that Rong and Xu paid him $5,000 and covered his airfare to China for a 2017 visit to Nanjing to make a technical presentation. (In May 2021, Gau pleaded guilty in Arizona to a charge of exporting controlled information without a license. Bloomberg Businessweek covered Xu’s case extensively in an article published last September.) Another was an engineer at the aviation company Fokker, who accepted Xu’s invitation to visit China to share information with a Chinese research institute after Xu arranged to help the engineer’s parents, who had lost their home in China when their building was set to be demolished as part of a development project. An I.T. specialist from Boeing, who testified at the trial under the alias Sun Li, described how Xu attempted to cultivate a relationship with him, first reaching out through an email in which he mentioned having contacted the witness’s dad, an academic in China. The witness subsequently met with Xu, who repeatedly offered to reimburse his round-trip tickets to China in exchange for sharing his knowledge of and experience in I.T. The witness finally stopped communicating with Xu after realizing that Xu was not actually interested in his expertise, which was project management, but in “something else that I could not provide.”

“What they call exchanges are not just a nice invitation,” Timothy Mangan, who led the prosecution, told me, encapsulating a point he made to the jury. “It’s part of a recruiting cycle. Some pan out, some don’t, but this is them throwing the fishing lines out, trying to vet people.”

At Xu’s trial, Mangan buttressed the argument about the so-called exchanges being anything but benign by citing an audio recording of a four-hour meeting between Xu and several Chinese engineers. Why Xu should have recorded this conversation is inexplicable — and surprisingly imprudent in hindsight, given that it ended up in an iCloud account — but in it he explains the approach to soliciting information from Chinese expatriates. “As experts abroad, it would be very difficult for them to directly take large batches of materials due to the fact that their companies’ security is very tight,” Xu tells the engineers, emphasizing the need to consider the risks involved for sources being targeted. At another point in the conversation, he talks about how to spot potential recruits while targeting specific technologies. “For example, if I am an aircraft person, then I would search into Boeing or Lockheed, right? Find it at Lockheed Martin,” Xu said. “After I found the person, I would find out if this person is doing something? Like in charge of overall design or avionics.”

The messages in Xu’s iCloud account enabled investigators to make another damning discovery. Xu had helped coordinate a cyberespionage campaign that targeted several aviation technology companies. Those attacks — described in a report by CrowdStrike, a cybersecurity firm — started in 2010, shortly after the state-owned Commercial Aircraft Corporation of China (COMAC) announced that it had chosen a joint venture between G.E. Aviation and Safran to supply a custom-made engine for China’s first domestically manufactured commercial airliner, the C919. The plan behind the campaign, which was directed against Honeywell, Capstone Turbine and Safran, among others, became clear only later when security researchers connected the dots. “When I started putting all these victims together — I was like, OK, these are all component manufacturers for different pieces of the C919,” Adam Kozy, a cybersecurity expert who runs the security firm SinaCyber and was the lead author of the CrowdStrike report, told me. Although COMAC was prepared to procure components needed to build the aircraft from these companies, the Chinese government was evidently also working to steal intellectual property from those suppliers in order to make domestic manufacturing possible in China, according to the report.

Source link