Britain Warned Businesses of Threat of Chinese Spying
British business executives dealing with China were given a formal warning more than a year ago by Britain’s security service, MI5, that Chinese intelligence agencies were engaged in a wide-ranging effort to hack into British companies’ computers and to blackmail British businesspeople over sexual relationships and other improprieties, according to people familiar with the MI5 document.
The warning, in a 14-page document titled “The Threat from Chinese Espionage,” was prepared in 2008 by MI5’s Center for the Protection of National Infrastructure, and distributed in what security officials described as a “restricted” form to hundreds of British banks and other financial institutions and businesses. The document followed public warnings from senior MI5 officials that China posed “one of the most significant espionage threats” to Britain.
Details of the document were confirmed Sunday by two people familiar with its contents, who both spoke on an anonymous basis because of the sensitivity of the subject. The document’s existence was first reported in the British newspaper The Sunday Times.
Last month, Google announced that it was considering ending its operations in China after a “sophisticated and targeted” cyberattack that it said aimed primarily to gain access to the e-mail accounts of Chinese human rights activists. Google said it was no longer willing to cooperate with China in what amounted to censorship of its search engine, which Google had operated in a way that prevented millions of Chinese from reaching Web sites deemed hostile by Beijing.
Secretary of State Hillary Rodham Clinton has called on China to investigate the cyberattacks, and said that companies like Google should refuse to support “politically motivated censorship.” Without acknowledging any government involvement in the attacks, China has responded by saying that Internet companies like Google are welcome to do business in China “according to the law.” A Foreign Ministry spokesman said that “Chinese law proscribes any form of hacking activity.”
But a starkly different picture emerges from the document circulated by MI5, Britain’s domestic security service. The Sunday Times account, quoting from the document, said that officers from the People’s Liberation Army and the Ministry of Public Security had approached British businesspeople at trade fairs and exhibitions with offers of “gifts” that included cameras and computer memory sticks that were found to contain bugs that provided the Chinese with remote access to the recipients’ computers.
“There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware,” the document said, according to The Sunday Times. The accuracy of the paper’s citations from the document was verified by the two people contacted by The New York Times who said they had seen the document.
The MI5 report described how China’s computer hacking campaign had attacked British defense, energy, communications and manufacturing companies, as well as public relations companies and international law firms. The document explicitly warned British executives dealing with China against so-called honey trap methods in which it said the Chinese tried to cultivate personal relationships, “often using lavish hospitality and flattery,” either within China or abroad.
“Chinese intelligence services have also been known to exploit vulnerabilities such as sexual relationships and illegal activities to pressurize individuals to cooperate with them,” it warned. “Hotel rooms in major Chinese cities such as Beijing and Shanghai which have been frequented by foreigners are likely to be bugged. Hotel rooms have been searched while the occupants are out of the room.”
Britain’s powerful Joint Intelligence Committee, responsible for analyzing and coordinating policy between MI5 and MI6, the Secret Intelligence Service that is responsible for Britain’s foreign intelligence activities, warned last year that China’s growing sophistication in cyberespionage could enable it to shut down critical services, including power, food and water supplies.