Tiger Trap: America's Secret Spy War With China (35 page)

A lieutenant colonel in the Air Force, Fondren retired in 1996 and two years later set up a consulting business from his home. But his only client was Tai Shen Kuo. With a search warrant issued when Kuo was arrested, the FBI took Fondren's computer and discovered it contained many "opinion papers" containing classified information that he had written and e-mailed to Kuo for payment.

In March 1999 Fondren and Kuo had traveled together to China. Kuo introduced him to Lin Hong, whom he described as a "political researcher" and consultant to the Chinese government.

After the trip, Fondren began exchanging e-mails directly with Lin Hong, who responded cryptically in April: "Everything OK with you? The weather outside is not so kindly, please take care while working."

In May, Fondren assured Lin Hong that he was trying his best to obtain a Theater Missile Defense report before it was released. That same month Kuo gave him a check for $1,150. Fondren would have had to be exceptionally dim not to realize that his new friend Lin Hong was acting for, or an official of, the Chinese government. In fact, Fondren boasted to a friend that "the PRC government ... has already adopted some of my suggestions."

Then in 2001, Kuo and Lin got good news. Fondren was hired by the Pentagon as deputy director of the Washington liaison office of the US Pacific Command (PACOM), the unified armed forces command for the Asia-Pacific region. Now Fondren held a
TOP SECRET
and Sensitive Compartmented Information (SCI) clearance.

With Fondren on the inside, Lin Hong suggested that Kuo mislead him into thinking the information he was providing was going to the Taiwan military. Fondren kept batting out the classified "opinion papers" for Kuo, who said he would now have to pay him in cash.

In late October 2006, Kuo telephoned Fondren asking for a copy of a Pentagon antiterrorism publication. Although marked "For Official Use Only," Fondren agreed to get it. A week later, Lin Hong e-mailed Kuo asking where the publication was. The next day, the FBI intercepted a package sent by Fondren to Kuo with the document.

Then in February 2007, Lin complained to Kuo by telephone that his superior was not pleased with two of the papers Fondren had written and believed they did not reflect what Fang knew. In the future, Lin said, Fang should simply send the documents and not write papers, which took too much time.

That same month, Kuo asked Fondren to snag an advance copy of the Defense Department's annual report on the Chinese military. Early in March, Kuo called Fondren at home and asked if he had obtained the draft. Fondren replied, "I can't talk about uh—that stuff over the phone."
So Kuo flew to Washington, stayed at Fondren's home, and Fondren gave him the report, saying: "Let people find out I did that, it will cost me my job."

***

In August, the FBI conducted a pretext interview of Fondren, saying they were talking to government employees familiar with Asia. Fondren told them he knew and had worked with Kuo, but he smelled a rat. He sent an e-mail to Kuo reporting that the agents "wrote down only that information and didn't take notes
when I talked about Vietnam and other Southeast Asia countries."

Despite the suspicious FBI visit, Fondren continued to send classified data to Kuo. Then on May 13, 2009, the prosecutors acted. Fondren was charged with conspiring to disclose classified defense information to an agent of China. He surrendered to federal authorities and was released with electronic monitoring.

Fondren's trial in federal district court in Alexandria opened in September 2009. The chief witness against him, appearing in a green prison jumpsuit, was Tai Shen Kuo.
At the end of the five-day trial, the jury, on September 25, convicted Fondren on one count of unlawfully communicating classified data to an agent of a foreign government and two counts of making false statements to the FBI. In January 2010 Fondren was sentenced to three years in federal prison.

By the fall of 2009 Red Flower, Fang, and the other players in the bicoastal spy drama were history. Chi Mak and four other members of his family, as well as Dongfan Chung, Tai Shen Kuo, Gregg Bergersen, Katie Kang, and James Fondren—ten people in all—had been caught and convicted. Lin Hong's spy network had been broken.

Chapter 21

THE CYBERSPIES

I
N THE TWENTY-FIRST CENTURY
, spies have finally achieved what practitioners of their ancient craft could only dream of in the past: thanks to the Internet, they have become truly invisible.

From the Pentagon to the State Department, from the Sandia nuclear weapons laboratory to the Department of Homeland Security, intruders have managed to hack into US government computers with increasing frequency. Many of the attacks appear to have originated in China.

In 2009 a group of Canadian researchers at the University of Toronto called "Chinese cyber-espionage" a "major global concern."
Their report strongly implied that the Chinese government, not just individual hackers, was behind widespread computer attacks aimed at the United States and 102 other countries.

The Chinese hackers, the researchers said, broke into computers in the United States, Taiwan, India, and other nations, directing them to download a Trojan horse—a destructive program masquerading as useful software—called Ghost Rat. As in typical hacker assaults, the program then allowed the attacker to gain real-time control over the computers, turning them into zombies or proxies, unknown to their owners.

Once the computers were controlled, the intruders could search and download files, and even covertly operate "microphones and web cameras," the Canadian report noted. According to Nart Villeneuve, one of the authors of the report, that Orwellian capacity means that if a computer has a webcam,
it can peer into a bedroom or office and allow the attacker secretly to watch what is happening, with sound. If a computer only has a microphone, that can be activated to eavesdrop on the room where the PC is located.

Beginning in 2003, a series of attacks on the Pentagon and other government agencies from websites in China was given the code name
TITAN RAIN
by US investigators. The government classified the attacks and has said very little about them. The veil was partially lifted on
TITAN RAIN
, however, by an extraordinary episode at the Sandia National Laboratories site in Albuquerque, New Mexico.

In 2004 Shawn Carpenter, a thirty-six-year-old computer security analyst at the nuclear weapons lab, studied a series of break-ins at Sandia
and tracked them to servers that appeared to be located in Guandong Province in southern China. On his own time he continued to trace back the technologically sophisticated, rapid intrusions to their source, sharing his information first with Army counterintelligence and later the FBI.

Instead of appreciating what Carpenter had done to protect the lab, Sandia yanked his Q clearance and fired him for going outside established channels. Carpenter sued, and in 2007 won a whopping $4.7 million jury award
in a New Mexico court. The jury found that his firing by Sandia was "malicious, willful, reckless, wanton, fraudulent or in bad faith."

The attacks on the Defense Department and other government computers are ongoing. Air Force general Kevin P. Chilton, head of the US Strategic Command, said in 2008 that defense networks were taking a million suspicious "hits" a day.
Without pinpointing China, he said he believed the break-ins could be attributed to "espionage work."

It is not only defense-related targets that are vulnerable to computer attacks. The
Wall Street Journal
reported in 2009 that cyberspies from China, Russia, and elsewhere had penetrated the power grid
in the United States, and inserted malware, or malicious software, programs that could be used to disrupt the system. It quoted unnamed officials as saying that water, sewage, and other infrastructure systems were also at risk.

Later that year, former CIA director James Woolsey drew a stark portrait of what could happen. "Taking down the grid for months comes as close to a nuclear attack
with many weapons on the United States as anything could. You'd have mass starvation and death from thirst and all the rest."

A year earlier, Tom Donahue, the CIA's chief cybersecurity official,
told a meeting in New Orleans of security officials from utility and energy companies that hackers had in fact breached the computers of power companies in another country and caused a power outage in several cities, a report later questioned.

In 2008 the Tennessee Valley Authority, which provides power to nine million people in seven southern states, was criticized by the Government Accountability Office for lax security.
The chairman of the House panel on cybersecurity said that the TVA, the nation's largest generator of electric power, "risks a disruption of its operations as the result of a cyber incident."

And the nation's electrical grid is vulnerable. Researchers at DOE's Idaho National Laboratory demonstrated in 2007, in an experiment called the Aurora Generator Test, that a cyberattack could in fact knock out a power system. In a startling video released by the Department of Homeland Security,
a power turbine like many in use across the United States was forced to overheat and shut down after receiving computer commands in a simulated hacker attack. In the video, the huge turbine shakes and shudders and belches black-and-white smoke as pieces fly off.

President Obama confirmed in 2009 that "cyber intruders have probed our electrical grid" and "in other countries cyber attacks have plunged entire cities into darkness."
Although he did not elaborate, CBS News reported that an attack in Brazil
in 2005 affected three cities and another in 2007 in that country caused blackouts affecting more than three million people, but the CBS report was disputed by Brazilian officials, who blamed the blackouts on sooty insulators
.

China has vehemently denied responsibility for any computer attacks directed against the United States or other countries. In answer to reports that Beijing had broken into the Pentagon's computers, for example, Jiang Yu, the spokesman for the Chinese Foreign Ministry, declared: "The Chinese government has always opposed any Internet-wrecking crime, including hacking,
and cracked down on it according to the law."

The denials are frequent but not entirely persuasive. The Chinese government tries to tightly control all aspects of the Internet in that country, sharply restricting the web content that its citizens may view. In recent years, Internet activists outside China have provided software that has enabled a relatively small percentage of Chinese computer users to circumvent the government's firewall. Even so, it is not credible that large numbers of private Chinese hackers, supposedly acting on their own, could engage in repeated attacks on US defense and intelligence agencies—unless the government of China either organized, directed, or encouraged those intrusions, or at the very least condoned them.

In a book published more than a decade ago, two Chinese Internet specialists acknowledged that "using hackers to obtain military information from computer networks is a very effective method." A more recent book published in China in 2003,
Deciphering Information Security,
discusses a university specializing in computer security, a sort of "Hacker U," with courses on "Computer Virus Program Design and Application,"
and "A Study of Hacker Attack Methods."

Efforts to prove that the Chinese government might be behind the
TITAN RAIN
-type attacks on the United States run up against what computer security experts call the problem of "attribution." Because it is relatively easy for hackers to disguise their country of origin and precise location, today's cyberspies can hide behind a virtual cloak, and their dagger is electronic. A hacker in eastern Europe can make it appear that his e-mail has been sent via a server in Shanghai.

For that reason, when Google early in 2010 revealed attacks on its e-mail service and on thirty-four American companies, many of them engaged in defense work, it did not pinpoint the precise source but made clear that it believed the intrusions had originated in China. Later, some investigators thought the attacks could be traced to two schools in China, one with close ties to the military.

FBI director Robert Mueller described the problem in a speech in San Francisco in 2009. "At the start of a cyber investigation, we do not know whether we are dealing with a spy, a company insider, or an organized criminal group,"
he said. "Something that looks like an ordinary phishing scam may be an attempt by a terrorist group to raise funding for an operation."

The government has tried to thwart assaults on critical defense networks. NASA, the target of cyber intrusions at both the Kennedy Space Center in Florida and the Johnson Space Center in Houston, initiated a program code-named
AVOCADO
to block suspected Chinese computer attacks. The Department of Homeland Security's
EINSTEIN
program has provided government agencies with sensors designed to detect computer intrusions.

In 2002 the US Naval War College was the site of a war game called Digital Pearl Harbor.
Mock attacks by computer security experts simulated attacks by other countries on vital US infrastructure. The exercise found that the Internet and digital financial networks were the most vulnerable. Other experts have warned that telecommunications networks and the air traffic control system could be disrupted by cyberattacks.

Like the United States, China has devised plans to disrupt the digital networks of an adversary in a war. According to the 2009 report by the University of Toronto researchers, "China is actively developing an operational capacity in cyberspace,
correctly identifying it as the domain in which it can achieve strategic parity, if not superiority over the military establishments of the United States and its allies."

The role of the People's Liberation Army was also highlighted in the Defense Department's 2008 annual report to Congress on Chinese military power: "The PLA has established information warfare units to develop viruses
to attack enemy computer systems and networks." The report added that the PLA sees computer network operations "as critical to achieving 'electromagnetic dominance' early in a conflict."