China reportedly demanded that big Chinese tech companies like Alibaba process stolen US data for the nation's top spies upon request

Advertisement
China reportedly demanded that big Chinese tech companies like Alibaba process stolen US data for the nation's top spies upon request
Madoka Ikegami - Pool/Getty Images; Samantha Lee/Business Insider
  • China has demanded that the nation's tech companies process stolen data for Chinese intelligence agencies upon request, according to a Wednesday report from Foreign Policy.
  • The outlet spoke to 36 US officials who said the arrangement represents the "commercial wing" of the Communist Party. Authorities are able to view data stolen in breaches like the 2015 attack on the US Office of Personnel Management, as well as the attacks on Marriot, Equifax, and Anthem.
  • One source told the outlet that it would be like if the CIA stole data for insight into the Chinese government and gave it to "Google or Amazon or Microsoft" to process before handing it off to US officials.
  • The stolen data processing gives China an edge against competitors on the world stage and could potentially aid the eastern nation in targeting foreign governments, as well as getting ahead in industries like defense contracting and hotel operations.
  • The companies that are reportedly required to process data for Chinese spy services when asked include e-commerce giant Alibaba.
Advertisement

China's Ministry of State Security (MSS) has demanded that big tech companies in the nation process stolen data for Chinese intelligence agencies, including data stolen from the US, according to a Wednesday report from Foreign Policy.

The outlet spoke to 36 current and former US officials who told the publication that the nation's spy services order Chinese firms that are equipped with tools to handle large amounts of data to process sets of stolen information, according to the report.

That includes data stolen in the 2015 breach of the US Office of Personnel Management, per the outlet, as well as recent Chinese hacker attacks on Marriot, Equifax, and US healthcare giant Anthem. That information is then shared with the Chinese government, according to officials, which would give authorities insight into the American healthcare system or how to expand into the hotel market, for example.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Per the report, there was already somewhat of an arrangement between spy agencies and Chinese firms. But the ties have grown stronger between China's commercial sector and the nation's intelligence agencies, giving the Communist Party a leg up in potentially targeting foreign governments and industries across the world, as the outlet notes. The arrangement amounts to what is essentially the Chinese government outsourcing data analytics services to its firms instead of building those features itself, per the report.

Officials said the coordination between Chinese spy agencies and Chinese firms have become a "daily" occurrence, with evidence of data transfers between the two sides. The firms that would be required to process data at China's request are ones that have "footprints all over the world," like Alibaba and Baidu, according to the report.

Advertisement

Business Insider has reached out to firms named in the report for comment but did not immediately hear back.

Steve Ryan, the former deputy director of the National Security Agency's Threat Operations Center, told the outlet that China was enlisting its firms for data processing to target US defense contractors heavily since 2006 - Chinese hackers infiltrated networks of contractors to the Pentagon's US Transportation Command 20 times over the course of a year, per a 2014 Senate report according to the outlet. A Chinese company would then form that offers similar services, like new fighter jets and weapons systems based on stolen US designs, putting that "US-side interest out of business," Ryan told Foreign Policy.

According to one source, the Chinese companies' involvement represents the "commercial wing of the party."

"They of course cooperate with intelligence services to achieve the party's goals," the source told Foreign Policy.

Another source likened the arrangement to a fictitious scenario in which the CIA was seeking to collect information on China and stole data and gave it to "Google or Amazon or Microsoft" to process and deliver analytics to the US government.

Advertisement

Some of the Chinese companies forced to process data for the intelligence agencies have done so begrudgingly, per the publication.

According to the report, the CIA found that 20-year-old Tencent received funding from the Ministry of State Security around the time of its founding. Tencent denied that detail to Business Insider.

"Our history as an entrepreneurial start-up is well known, funded first by our founders and then IDG and PCCW, and we've been a public company with transparent ownership for over 16 years," a Tencent spokesperson said. "Tencent, like any other company operating in China, complies with PRC law in a transparent way. The allegations beyond this are completely false."

The question of China-based companies handling US user data has taken center stage this year as the Trump administration has zeroed in on Chinese firms, including Huawei, Alibaba, WeChat, and China-based Bytedance, which owns the popular video-sharing app TikTok that is used by millions of Americans. The Trump administration has also reportedly floated the idea of restricting Ant Group and Tencent in the US over national security concerns. US-China relations have subsequently grown rather strained.

Read more: Trump's TikTok attack shows the surprisingly vast power of a decades-old government group that can kill or unwind deals even if none of the companies are American

Advertisement

Trump and the US Committee on Foreign Investment (CFIUS) has been more aggressive to prevent Chinese businesses from investing in US firms, which could make them privy to American user data, officials told the outlet.

Read the full report on Foreign Policy here.

{{}}