A bombshell new report in Foreign Policy reveals that up to 30 CIA agents and assets working in China were identified and executed by Chinese counterintelligence over a two year period after the CIA's encrypted communications system was infiltrated.
The report is based on former and current unnamed CIA officials who were part of the program, which established a network of spies across China. The in-country spies communicated with their CIA handlers via an online system capable of being logged into from any laptop or computer.
But when starting in late 2010 Chinese authorities began to sweep up the network of spies for interrogation and eventual execution, the CIA was "shellshocked" in the words of one former official, and for eight years a joint FBI-NSA-CIA investigation has sought answers as to what went wrong in what is widely considered "one of the CIA’s worst failures in decades".
For the first time, it appears answers have been made public. Foreign Policy asks, "How were the Chinese able to roll up the network?" and begins by answering:
Now, nearly eight years later, it appears that the agency botched the communication system it used to interact with its sources, according to five current and former intelligence officials. The CIA had imported the system from its Middle East operations, where the online environment was considerably less hazardous, and apparently underestimated China’s ability to penetrate it.
The CIA officials paint a picture of both hubris on the part of American operatives and shockingly sophisticated abilities of the Chinese to gain access to the CIA communications system, which the Americans wrongly thought impenetrable.
One officials is cited as saying, “The attitude was that we’ve got this, we’re untouchable.”
“You could tell the Chinese weren’t guessing. The Ministry of State Security [which handles both foreign intelligence and domestic security] were always pulling in the right people,” one of the officials told Foreign Policy. “When things started going bad, they went bad fast.”
News of the roundup and detention of a dozen or more spies in China was first revealed in a May 2017 story in the New York Times, but Foreign Policy's sources say it was actually around 30, with some offering a high figure. The FP report contains this stunning line: "All the CIA assets detained by Chinese intelligence around this time were eventually killed, the former officials said."
The officials told FP that the only plausible explanation for how Chinese counterintelligence was able to accurately expose that many US spies as quickly as they did could only be chalked up to hacking the secret communication system.
The officials explained that when a new asset was recruited, the person at first communicated with their CIA handlers via an "interim" or "throwaway" system set up to shield the rest of the network from the possibility that the new asset could either be a double agent or be quickly tracked or exposed. Later, the agent was brought into the main covert communication platform — exploitation of which was considered potentially far more disastrous as it would risk revealing broader clandestine operations in China, however unlikely.
Foreign Policy explains how the temporary system may have been used to penetrate the permanent platform:
Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In theory, if the interim system were discovered or turned over to Chinese intelligence, people using the main system would still be protected—and there would be no way to trace the communication back to the CIA. But the CIA’s interim system contained a technical error: It connected back architecturally to the CIA’s main covert communications platform. When the compromise was suspected, the FBI and NSA both ran “penetration tests” to determine the security of the interim system. They found that cyber experts with access to the interim system could also access the broader covert communications system the agency was using to interact with its vetted sources, according to the former officials.
Ultimately, as one CIA official is cited in the FP report as saying, the CIA had “fucked up the firewall” between the two systems.
It's believed that either a sole double-agent, or single exposure and arrest of a US asset therefore could have led to a breach in the entire China-wide covert network, which up till then the CIA had worked to keep highly compartmentalized.
And this brings up another key factor in how the communication network could have been initially penetrated...
Jerry Chun Shing Lee, 53, was arrested in January after entering the US from Hong Kong. He was found to be in possession of handwritten notebooks containing the names and contact information of CIA employees and informants. Lee is an American citizen who left the CIA in 2007, where he had been a case officer running Chinese sources since 1994.
FP explains of the possible role that former CIA officer Jerry Chun Shing Lee, indicted earlier this year on conspiring to give Chinese spies highly classified information about the CIA activities in China, played in exposing agents' identities:
During the investigation, the task force identified three potential causes of the failure, the former officials said: A possible agent had provided Chinese authorities with information about the CIA asset network, some of the CIA’s spy work had been sloppy and might have been detected by Chinese authorities, and the communications system had been compromised. The investigators concluded that a “confluence and combination of events” had wiped out the spy network, according to one of the former officials.
Eventually, U.S. counterintelligence officials identified Lee, the former CIA officer who had worked extensively in Beijing, as China’s likely informant. Court documents suggest Lee was in contact with his handlers at the Ministry of State Security through at least 2011.
But the CIA officials involved in China operations emphasized that not even Lee — though occupying a relatively high position in operations — himself had enough access to be able to expose the full network of operations.
The officials explained to FP that, "Information about sources is so highly compartmentalized that Lee would not have known their identities," resulting in the following conclusion: "That fact and others reinforced the theory that China had managed to eavesdrop on the communications between agents and their CIA handlers."
The other interesting detail from FP's report is that the CIA decided to use an internet-based communications system previously utilized in the Middle East, but not suited to evade China's much more sophisticated surveillance and security detection systems.
As FP explains, "The system was not designed to withstand the scrutiny of a place like China, where the CIA faced a highly sophisticated intelligence service and a completely different online environment."
Meanwhile one particular pressing question, which Foreign Policy doesn't seem to address, remains: with perhaps the entirety of the CIA's clandestine eyes and ears and China wiped out through agency hubris and underestimating Chinese hacking capabilities, is the United States now flying completely blind on China?