Home » Physical Security » Critical Infrastructure

In Depth

Nation States' Espionage and Counterespionage

An overview of the 2007 Global Economic Espionage Landscape

By Christopher Burgess

Page 3

China, Taiwan's victim

In the November 9, 2007, edition of the "Across the Strait" (Hai Xia Liang An) television program, a group called the Taiwanese "Tiger Group"—led by Li Fangrong, who is believed to be affiliated with Taiwan's military—was described as actively attacking the Chinese government's Internet presence, engaging government employees in chat-room discussions, planting Trojan programs and eliciting secret information.

According to a China resident and military expert, Xu Guangyu, the Tiger Group consists of full-time military employees, as well as systems under the control of the national security department and the military intelligence department, which employ part-timers who are paid on a project basis. Xu noted that the revelation of Liâ¬Üs identity was intended to send a message to Taiwan that China has the ability to trace the whereabouts of their Internet spies, regardless of where they are based, as well as to demonstrate China's ability to counterattack in Internet warfare.

Meanwhile, Zhang Zhaozhong, a professor from China's National Defense University, describes Taiwan's Internet warfare capability as more advanced in terms of its ability to steal secret information from the Internet, especially as it started out doing such things earlier. Taiwan is expected to expend 12% of its military budget in the next five years on Internet warfare, Zhang says.

Perhaps it is in the collective interest to accept the possibility that China vectors of this sort of activity may include activity originating from Taiwan.

Taiwan, China's victim

In mid-November 2007, Taiwan's investigation bureau reported that hard-disk drives manufactured by Seagate in Thailand and sold in Taiwan had been contaminated with Trojan horse malware while the drives were in the hands of "Chinese sub-contractors" during the manufacturing process. The malware automatically uploaded information saved on the hard drive and, if the computer was connected to the Internet, forwarded the saved information to a Beijing Internet address without the user's knowledge. Seagate warned that drives with a manufacture date after August 2007 may be so infected. While no information has developed indicating that the contamination of the hard drives were made at the behest of the Chinese government—be it the People's Liberation Army (PLA) or the MSS—it is interesting how this event aligns with precision to the very acute warning issued by the U.S. National Counterintelligence Executive Joel Brenner about insertion of exploitable factors during the manufacturing process (see below).

On November 21, 2007, the Taipei Prosecutors Office indicted two individuals for conducting espionage work at the behest of China in exchange for money. The individuals were identified as Lin Yu-Nung, an agent within the Ministry of Justice's Investigation Bureau's (MJIB) Economic Crime Prevention and Control Center, and a retired agent, Chen Chih-kao. According to the indictment, Chen left the bureau in 1997 and was recruited by the Chinese in Shanghai, where he had published a magazine about business, trade and traveling. Chen subsequently recruited Lin in 2005, to help collect information and intelligence. Chen claims that he never revealed national security information and that he only agreed to work with the Chinese in Shanghai after being coerced with the threat that his family could be harmed if he refused. The two were arrested in Taipei in September 2007, when Lin was caught handing files over to Chen for $3,000 (USD).