San Francisco Chinese New Year Parade, 2017. CREDIT: <a href="">--Mark--</a> <a href="">(CC)</a>
San Francisco Chinese New Year Parade, 2017. CREDIT: --Mark-- (CC)

China's Spies in California with Zach Dorfman

Sep 11, 2018

"There is a significant counterintelligence threat on the West Coast of the U.S., and it differs in meaningful ways from what is commonly perceived of as counterintelligence work and targets on the East Coast," says Senior Fellow Zach Dorfman. He discusses shocking examples of Chinese espionage in particular, such as technology theft and spying on local politicians. The Chinese also exert pressure on diaspora communities to become more pro-PRC.

Podcast music: Blindhead and Mick Lexington.

DEVIN STEWART: Hi, I'm Devin Stewart here at Carnegie Council in New York City, and today I'm speaking with Zach Dorfman. He is a senior fellow at Carnegie Council. He is based in California, and we have him on the phone speaking from California.

Zach, great to speak with you, first of all.

ZACH DORFMAN: It is always a pleasure, Devin.

DEVIN STEWART: Zach, this is part of our ongoing Information Warfare series of interviews and podcasts. You've done a lot of work on trying to uncover what has been called a "den of spies" in Silicon Valley. Your article appeared in Politico magazine. You're looking at the "other" coast in the United States and Chinese and Russian intelligence operations in the West Coast.

First of all, how did you go about doing this research, uncovering the article, which is titled, "How Silicon Valley Became a Den of Spies"?

ZACH DORFMAN: First of all, thanks again for having me on, Devin.

This article was reported out over a very long period of time and was predicated on an intuition I had when I moved out here from working full-time at the Council that there was a great deal of foreign intelligence activity out here and a great deal of national security-related concerns, but these were not really being reported on in the press because I think, structurally and understandably, there is a concentration of that in the New York and DC areas.

I started having conversations with former U.S. intelligence community officials, and indeed, as many of them were eager to talk about, there is a significant counterintelligence threat on the West Coast of the United States, and it differs in meaningful ways from what is commonly perceived of as counterintelligence work and targets on the East Coast. That's how this thing all began.

DEVIN STEWART: What inspired you to look into this issue in the West Coast?

ZACH DORFMAN: The initial spark was the closure by the Trump administration in September 2017 of Russia's San Francisco consulate. There was a diplomatic back-and-forth where there were expulsions. This all goes back to Russian interference in the 2016 election, of course. There was a significant break by the Trump administration where they forcibly closed the San Francisco consulate, which is the oldest Russian consulate in the United States. After the Russian—or then Soviet—embassy was opened in Washington, DC, the very first consulate that the Soviets received accreditation for was San Francisco. It has always been their most important base of operations in the western United States and arguably outside of DC itself.

DEVIN STEWART: You've investigated these types of operations. What type of operations have you found in California?

ZACH DORFMAN: The Russian consulate story is interesting by itself. Basically, what I was told by former U.S. intelligence community officials was that the consulate was being used as a signals intelligence base, a way for them to spy on activities in Silicon Valley. Of course, the Valley is the heart of the U.S. technology industry and I think arguably the world's leader in research and development (R&D) in tech. Going back to the 1970s, the early days of Silicon Valley, the Russians used it as a base of operations to do collection on tech companies.

Of course, they have been historically interested in military installations as well, military contractors in the Bay Area, and then as a base for political collection because you have organizations like the Hoover Institution at Stanford, down the road about 45 minutes to an hour from San Francisco, and California and local San Francisco politics and California politics more broadly are launching pads for very important political careers such as our former governor Ronald Reagan, whose policy toward the Soviet Union was of acute interest to the Soviet spies based in the consulate in the 1970s and 1980s.

DEVIN STEWART: What would you say are the similarities and differences between a Silicon Valley spy versus a Washington, DC-based spy?

ZACH DORFMAN: One thing that I heard from individuals that I spoke with—and this is not just in terms of Russia but also particularly China—was that much more collection activity goes on here outside of the consulates themselves. You have what are known as "nontraditional collectors"—businesspeople, travelers, students, and then employees of tech firms themselves.

What you get, too, are not necessarily intelligence officers, either. You don't have somebody who is actually a trained intelligence officer of China's Ministry of State Security (MSS), their main foreign counterintelligence body, or a trained intelligence officer of the FSB or the SVR, two of Russia's foreign intelligence organizations. You'll have individuals—especially again in the Chinese context—who are actual employees of a company and for various reasons, whether because of remuneration or—again, particularly in the Chinese context—threats or coercion, will be asked to provide a piece of proprietary technology to a Chinese company that is state-owned, or even, let's say, to click on a link. A company-wide email gets a link, and it's a phishing email, and they say: "Look, all we're asking that you do is that you click on this link. You'll have plausible deniability about knowing that it was in fact a phishing operation."

That's the main difference. Indicative of California style, it's informal out here. It's more business-oriented. You have people in venture capital (VC) firms, you have people in tech companies, and then you have the more traditional diplomatic consular activities as well.

DEVIN STEWART: Would you say that Russian and Chinese spies are after different things, and how effective are they? Can you get a sense?

ZACH DORFMAN: If you talk to former intelligence community officials with knowledge of activities out here in the Bay Area, you get the sense that they are quite successful, and that China in particular has had a very good go at doing collection in the Bay Area, especially in terms of technology theft.

Also, it has to be mentioned in this context, collection on members of the Chinese American community or Chinese émigré community within the Bay Area. Because China is so internal-security-focused historically, they are very concerned and interested in the activities of communities of Chinese descent abroad, and San Francisco has one of the oldest, most established, and now one of the most successful in the world. So you have collection going on in that sense, too.

Also, what they call "perception management" activities, which is trying to bring the Chinese émigré communities more toward a pro-People's Republic of China (PRC) orientation and then the larger political community into a more pro-PRC orientation. I had multiple people mention to me: "Walk around San Francisco Chinatown and look at the number of flags hanging above the different familial associations or community associations. You'll now see maybe 50-50 PRC versus Republic of China (ROC) or Taiwan." They said 20-30 years ago it was 80 percent ROC or Taiwan and 20 percent PRC, and there has been a concerted campaign over time to bring people into a more pro-PRC direction.

DEVIN STEWART: Can you give us a sense of how they do that? How do they bring the Chinese diaspora more toward a more pro-Chinese mainland point of view?

ZACH DORFMAN: Strategic deployment of economic benefits is a really important one. Over time as the PRC has become the economic powerhouse that it is, there has been a use of those cross-Pacific connections to try to enhance ties. There is also funding through cultural organizations to try to subsume cultural events under bodies that are affiliated or funded by the PRC.

One good example in San Francisco is the Chinese New Year's parade, which was funded via an organization called the Chinese Chamber of Commerce, which was run de facto for many years by an individual named Rose Pak, who was a major political power broker in San Francisco. Multiple sources that I had conversations with said that there were real concerns that Pak had been co-opted and was specifically affiliated—there was a formal trail of affiliation—with United Front-oriented organizations.

What they did in San Francisco was they used the leverage—by "they" I mean the PRC—that they had over the Chinese Chamber of Commerce to bring the New Year's parade into a specifically pro-PRC direction. That meant banning the Falun Gong, that meant banning Tibetans; banning pro-Taiwan elements, banning pro-Uyghur elements, banning pro-democracy elements.

This was all going on in the open, by the way. That's part of another thing that I think is important to think about in the Chinese context, at least what I know in the Bay Area and what I've read about and heard from experts elsewhere in the United States is that this stuff goes on overtly, and because it's overt we tend not to think about it as broadly intelligence activity. But it is. That's what has gone on in San Francisco all the time.

Of course, there is the recruitment and cultivation of local politicians, not just community leaders like Rose Pak but also mayors, state senators, assembly people, that kind of thing. This stuff goes on over time.

We're seeing the cracks in this a little bit now in terms of the way there is a divide between the way that China is trying to present itself in front of the world community as un-ideological, but then you have reports of up to a million people in concentration camps in Western China. There has been an attempt to do this over time, to manage perceptions of what China is and the relationship of the party state to the Chinese communities abroad that has been quite successful over the last 20 years.

DEVIN STEWART: In part of your research and reporting you looked at United States Senator Dianne Feinstein's office. She is, of course, the senator from California. What happened at Senator Feinstein's office?

ZACH DORFMAN: I'm really glad you brought this up. This was a pretty astounding part of what I was told about activities in the Bay Area.

Just to take a step back, Senator Feinstein has been a political powerhouse in San Francisco and California since the 1970s. She is almost institutional at this point. She is running for another term this year. I want to say she's 83 or 84 years old. [Editor's note: Senator Feinstein is 85.] She has been at times the chairperson of the Senator Select Committee on Intelligence and I think she has been on the Judiciary Committee as well. So you have a senior senator from California who has been part of some extremely sensitive committee assignments in the U.S. Senate.

What I was told was that in the late 2000s there was a staffer in her San Francisco office, which is her main California office—the headquarters for her operations across California—who was recruited by the Ministry of State Security (MSS), China's main foreign intelligence organization, and that this person—although this did not get too far because the Bureau basically disrupted it by exposing the operation to Feinstein, who then fired this individual—this person was Feinstein's liaison to the Chinese community in the Bay Area.

I was told from my own sources, and subsequently Feinstein's staff released a statement saying that this person did not have access to classified intelligence—which is, as far as I understand it, true, and not just from what she has publicly said—but, if you step back and think about it, just because something is not classified does not mean it is not sensitive. If you are the liaison to the Chinese community in a place like San Francisco, you have tremendous placement, and you can serve as a conduit to Chinese intelligence to describe the activities within that community, and it really helps keep a watchful eye, on again, a community that the PRC has long attached great importance to.

It was pretty shocking in that this had gone on. It's not a surprise in some sense because well-placed congressional staffers have been a foreign counterintelligence target since literally forever, but the fact that the MSS managed to actively recruit somebody in the position that this individual was was pretty shocking nonetheless.

DEVIN STEWART: Before we get to some of the feedback you've been getting from your reporting, besides Russian and Chinese operations, are there other countries doing operations in Silicon Valley?

ZACH DORFMAN: There certainly are. This is an interesting and highly sensitive topic. There is a triage aspect to this. The U.S. intelligence community rightfully focuses on foreign intelligence services operating on U.S. soil—Russia, China, Iran, Cuba. I'm not particularly aware of a lot of North Korean activity, but that doesn't mean it's not there. You're talking about those services, the ones that actively threaten American interests at home and abroad.

That said, there is a long history of what is known as "economic espionage," theft of trade secrets, by friendly services, and there are certain services whose names kept popping up in conversations that I had. The French, at least through the 2000s, were known to be highly active in the Valley, the South Koreans were known to be active, and the Israelis very much active in the Valley. There is a sub rosa world of friendly services using their connections in business environments to gain economic intelligence to maybe provide a leg up for their national champion organizations or industries.

We don't have quite the tradition of that here. I was speaking to a former intelligence community member recently, and they said that explicitly the Central Intelligence Agency (CIA) was forbidden to do that kind of collection abroad because we just don't have the relationship with our industries like some of our allies do with theirs.

DEVIN STEWART: Do you get a sense of other American cities that are vulnerable to these types of operations?

ZACH DORFMAN: Certainly Seattle. I think when you have Boeing, Microsoft, and Amazon in one city you're going to have a great deal of interest. I think that the subsequent closure of Russia's Seattle consulate, which got significantly less attention than the closure of the San Francisco consulate, is a good example of that. I would say cities like Boston, any kind of tech or academic hub. Obviously, New York and DC will always be of acute interest to these services.

But over time, too, what you're going to start seeing in conversations that I had with folks is a nationalization of counterintelligence concerns. If tech firms can no longer afford to be based in the Bay Area and employees can no longer afford to live here and firms are going to places like Chapel Hill, North Carolina, where you have the Research Triangle, or Boulder, Colorado, where things are a little cheaper and the weather's great and there's a really nice community of tech companies, then you're necessarily going to have those actors following those companies. This is something that I think is going to play out over the next few decades in a real way.

DEVIN STEWART: Going back to China, Zach, you also uncovered a story about a botched CIA communications system in China. I suppose an American communications system with sources in China was exposed to the Chinese government, ending up in my understanding as some killings of the people who I suppose were helping with American intelligence gathering. What did you find in that story?

ZACH DORFMAN: That was a slow-motion tragedy. What happened, as far as I understand from my own reporting and some very good prior reporting in the Times and elsewhere is that in 2011 and 2012 CIA assets started being grabbed and thrown in Chinese prisons. When it happened, it started going down fast, and all of a sudden you had networks of—these are not CIA officers; these are Chinese assets in China who had a relationship with the CIA. They were agents of the CIA; they were reporting back to the CIA.

There were a lot of theories bouncing around when the Times initially broke this story about what went wrong. There was an individual, a CIA employee named Jerry Lee, who ended up becoming a mole for the Chinese intelligence services. He has been charged with conspiracy to commit espionage and mishandling of classified information. His trial—if it ever goes to trial—is forthcoming.

That was one theory. Another was that there was bad tradecraft. Another was that the covert communications (COVCOM) system, which is a system by which the CIA officer communicates remotely with his or her assets, had somehow been compromised by the Chinese.

What I was told—and the story that I broke—was that this was in fact the case, and the system was far more rudimentary than it should have ever been, working in a highly circumscribed, controlled environment like China. It was Internet-based, and it was rolled out initially for use in war zones in the Middle East, and eventually it migrated to China. So you had something that was not designed to withstand the scrutiny of a highly persistent and capable intelligence apparatus like China has. All of a sudden that's in China, and you have CIA officers communicating with agents.

What I was told and established in my reporting was that there were two COVCOM systems. There was the main one, which is how vetted assets speak to their intelligence officers or their "handlers" in the CIA, and there was something called the "transitional" system or the "throwaway" system, and that's what the CIA would give its assets before they established trust. You could burn an asset that way if that person ends up being a double agent or for whatever other reason. That's fine, right? You have a communications channel that's supposed to be secret, so if something doesn't work out, it goes away.

But what I was told was that there was a really significant flaw in the firewall between these two systems, that they were basically established on the same platform, so the Chinese were able to hack into the transitional system, and from there they managed to get into the main system. That allowed them to track and eventually disrupt the entire network of individuals who were using this covert communications platform within China itself.

The death toll was, I was told, at least roughly 30, and I heard some significantly higher estimates as well. You're talking about everybody who eventually was brought in by the Chinese intelligence and security services, was killed.

DEVIN STEWART: That's pretty significant pushback.

Zach, I'd like to also talk about and understand what the reaction has been and the result has been from your reporting from I guess three sectors: (1) Is the American government paying more attention? Has it become more alarmed by these stories? (2) What do you think of the media's reaction to your reporting? I know there was a Wall Street Journal article about your Dianne Feinstein story. (3) Is there a reaction from Chinese people and Chinese Americans in California?

ZACH DORFMAN: I would say on the COVCOM story there has been some reaction. There's a seven- or eight-year lag when this went down in 2011 and 2012 to the reporting on it now for some very good reasons, just because the CIA is a secretive organization by its very nature. So when you have intelligence screw-ups, things don't get out for quite some time.

That said, there are indications that there was significant internal soul-searching on the wisdom of using Internet-based communications in a world where you again have some really formidable cyber actors like China. That's all I'm going to say on that for now, for various reasons.

The second thing is that in terms of the Feinstein story there has been a highly unfortunate politicization of the story that I saw afterward. After the piece was published in Politico I noticed three or four days afterward there was significant blowing up on far-right media of the real problem being the Democrats' collusion with Chinese intelligence services or something like that, which is on its face ridiculous based on what I reported and everything I heard from U.S. intelligence community officials in terms of the substance of the story to what happened with Feinstein's staffer.

Eventually, President Trump himself started tweeting about it, frankly to my dismay, because of course as this entire presidency has gone you have this right-wing media, it percolates upward so you get a willfully incorrect interpretation of a set of facts, in this case the facts that were laid out about the Feinstein staffer, and then it ends up all the way to the very top of the American government. It's like a circular network of deception.

There has been hay that has been made in The Wall Street Journal. Lindsey Graham has been talking about it more than I expected. What Lindsey Graham has said is: "Well, the Federal Bureau of Investigation (FBI) did the right thing in alerting Dianne Feinstein about the particular issues with this staffer. Why did they not alert the Trump campaign when there was evidence that Trump campaign staffers like George Papadopoulos may have been talking to Russian assets?"

The obvious answer is that because that was an ongoing investigation with multiple moving pieces and the potential for actual conspiracy with members of the then-Trump campaign, whereas the U.S. intelligence community was very sure that the damage in the Feinstein story was limited to that particular staff. There was no larger investigation of which it was part that they felt like they needed to continue doing surveillance and looking at it further.

They are very different, but they have been filtered through American partisan politics. This is something that is, I think, deeply regrettable for a lot of reasons, but one is that because of what happened in 2016 we have not been able to have a serious, sober national conversation about the threats posed by not only Russian adventurism and Russia's intelligence services but even more so China's.

We're at a hinge point where the policies that are made or not made in these years are going to have a big effect in the decades to come, and we're not having that conversation. When we do have a conversation about Chinese intelligence services it's often demagogued. I find that really regrettable and worrisome. That's pretty much consensus among people who follow this stuff—like I know you do—really closely. But it bears mentioning because the way it plays out in our national press is often disquieting.

DEVIN STEWART: How about Chinese communities in California, whether Chinese American or otherwise?

ZACH DORFMAN: I have heard a few things from some individuals I've spoken with who have said, "Yeah, we know this stuff is going on." But I would like to do a lot more reporting in that vein.

I will say that there is a lot of fear out there because not everybody but a lot of people have family back in mainland China. If you speak out or you stick your neck out, it can be dangerous for your family. Again, this is a country that has a million people in concentration camps. This is a country that, as I've reported previously, is not afraid to resort to mere kidnapping in order to return what it considers refugees back to China, including threatening family members living in the United States, that you return or your family members are going to stay in prison, where they have been tortured. That's a real case. I've reported that in a prior story. This stuff is real. It's happening. People are being coerced remotely all over the world, including in the United States, to provide information about themselves and their family members back in China or in other third countries.

We don't take China's long arm seriously enough, and in the process there are people—many of whom are American citizens—who are being preyed upon by the PRC within America's borders. I completely understand why people are too afraid to speak up about it, but it's incumbent on the American government to treat this as a serious security and equally so as the civil rights or human rights threat that this is.

I don't have great answers on how to do that to be honest, but it's something that I think bears much greater public scrutiny in the days and months ahead.

DEVIN STEWART: Zach, thank you so much for telling us about your research and reporting. We appreciate it.

ZACH DORFMAN: You're very welcome, Devin. Anytime.

DEVIN STEWART: Zach Dorfman is a senior fellow at Carnegie Council speaking to us over the phone from California. Let's keep in touch, Zach.

ZACH DORFMAN: Absolutely.

You may also like

CREDIT: <a href="">Ryan Anderson</a> (<a href="">CC</a>)

AUG 7, 2018 Article

The Rise and Fall (and Rise) of Chemical Weapons

"Chemical weapons have been used in almost every decade since their advent just over a century ago. They are not a specter, like nuclear weapons. ...

Not translated

This content has not yet been translated into your language. You can request a translation by clicking the button below.

Request Translation