Has China learned how to build the perfect U.S. spy?

June 17, 2015
An illustration picture shows projection of binary code on man holding aptop computer in Warsaw

An illustration picture of a projection of binary code on a man holding a laptop computer, June 24, 2013. REUTERS/Kacper Pempel

Washington’s intelligence community had a bad week. Deep Panda, a hacker collective supposedly backed by Beijing, breached the security of the U.S. Office of Personnel Management and made off with the personal records of 4 million government employees.

A few days later, Washington revealed it had discovered a second hack that was far worse. Deep Panda had nabbed the personnel records of 14 million federal workers, including a detailed form filled out by all military, civilian and intelligence employees.

Analysts fear China will use the information to expose American spies or blackmail government employees. The Sunday Times reinforced those fears when it reported Moscow and Beijing had cracked encrypted files in the possession of former National Security Agency contractor Edward Snowden.

Part of the building of 'Unit 61398,' a secretive Chinese military unit, seen in the outskirts of Shanghai

Part of the building of ‘Unit 61398′, a secretive Chinese military unit tied to cybersecurity, on the outskirts of Shanghai, February 19, 2013. REUTERS/Carlos Barria

It seemed that negligent security practices and tenacious hackers had exposed the West and all its spies. But Tom Harper, the reporter who wrote the Sunday Times piece, said on CNN that he was repeating what Downing Street had told him and had done no independent reporting to substantiate the claim. It looks like fears in the West of exposed spies were overwrought.

That doesn’t mean we shouldn’t be very afraid, however. Deep Panda’s breach of the government employee files has frightening implications.

Americans now fear blackmail or the loss of field agents when they should be alarmed about a coming deluge of undetectable spies and sleeper agents. Because Beijing has the blueprints to create a perfect mole.

When any federal employee applies for a security clearance, the first stop is the Office of Personnel Management. The stolen records go back 35 years and include Standard Form 86. This is a 127-page questionnaire that asks applicants to reveal every dirty little secret about their lives.

The same hackers breached several health insurance companies last summer and made off with the medical records of 11 million people, including members of Blue Cross/Blue Shield’s District of Columbia affiliate CareFirst.

Media pundits spent all week talking about how Deep Panda could compile all this information to craft a potential blackmail database on U.S. operatives for its patron, presumably China. But that’s ridiculous. Beijing is smarter than that.

Espionage is a long game, not a race, and countries are patient. Blackmail is a quick, brutal method of acquiring information in the short term.

It typically begins when foreign agents play on a target’s existing weakness — a penchant for gambling, for example, or deviant sexual behavior — enticing the target to indulge in it and then threatening exposure.

That’s a lot of work for a short-term gain. Blackmail targets are almost always found out, or turn on their blackmailers or end their lives. No, a better use for that database is as a reference to create the background for the perfect mole.

Guy_burgess

Guy Burgess, one of the posh Cambridge spy ring of well-connected young men who served as Soviet moles in the highest levels of British intelligence for decades. WIKIPEDIA

Let’s say Beijing wants an agent who is an attractive candidate for the State Department. It needs people with strong foreign-language skills and cultural ties to China. But it wants to make sure those people — or their family members — aren’t too closely connected to the Chinese Communist Party.

A Beijing spymaster could load up Deep Panda’s database and search for previous successful applicants who speak Chinese and have family on the mainland. Having relatives in China doesn’t necessarily exclude applicants, even those who work for Beijing.

That kind of connection might lend legitimacy to the cover Beijing wants to craft for an agent.

It may even help because Washington often seeks out dissidents in foreign countries to consult with its intelligence agencies. A mole with a clever story about, for example, arguing over politics with a brother back home is the kind of cover that makes a faux-dissident believable.

But some family ties are too close for comfort. It is highly unlikely that Washington would ever give clearance to the child of a powerful general or party official, for example, no matter how that daughter or son appears to loathe their father.

Before last week, China didn’t know where the line was. Thanks to Deep Panda’s database, however, Beijing now probably knows how close it can place an operative to the Communist Party before Washington denies them a security clearance.

Security clearances also involve lengthy interviews. Deep Panda vacuumed up not just Form 86, but all supporting documentation. Which means its database will include virtually every question Washington asks potential employees.

An agent prepared by Deep Panda’s database would be like a college student taking a final — after they’ve seen all the answers.

Security clearances also involve polygraph tests. The lie detectors are supposed to help root out potential foreign agents. But the machines are notoriously finicky, and a person administers the test and interprets its results. An experienced agent can manipulate the tester. It’s happened before.

In the 1960s, Karl Koecher made a name for himself in Czechoslovakia with a satirical radio show that lambasted the Soviet Union and the Communist Party. He and his wife fled the country and immigrated to the United States in 1965. He earned a doctorate from Columbia University, became an U.S. citizen in 1971 and started working for the CIA in 1973.

Koecher gained a high-level security clearance and began translating and analyzing sensitive information for the agency. He worked off and on for the CIA over the next 10 years.

He was sending reports back home to the Soviet Union the entire time.

Soviet intelligence officers had carefully constructed Koecher’s entire life — from his days as a dissident radio personality to his desire to flee communism — in order to convince Washington it could trust him.

Koecher actually failed his polygraph test in 1973. But he was able to talk his way out of that failure. He offered the person administering the test a litany of excuses. The agency bought his bundle of lies and Koecher passed CIA secrets back to the Soviets for roughly a decade.

If a Kremlin agent can talk his way through a failed polygraph test during the Cold War, a Chinese agent with sophisticated training and stolen information could do the same today.

It may seem ridiculous to invest years of a person’s life into penetrating the state secrets of a foreign power. But the information sleeper agents and moles provide is often critical.  So it’s not a question of if we will see a Chinese version of Koecher — but when.

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/