David Wise, the chronicler of true spy stories, has published “Tiger Trap: America’s Secret Spy War with China.” In between tales of derring-do and hair-raising incompetence by American agencies, he explains how American and Chinese intelligence agencies have fundamentally different approaches. While the U.S. is tinkering with a piece of electronics, or cultivating a prized asset, the Chinese turn to their most abundant asset: people. Wise talks to an F.B.I. source who compares Chinese foreign intelligence-gathering to learning about a distant beach by sending over a thousand tourists. ‘When they returned, they would be asked to shake out their towels. And [the Chinese] would end up knowing more about the sand than anyone else.” (A review by John Pomfret is in the Washington Post.)
Understanding the crowd-sourced approach might help unravel one of the most persistent questions about Chinese cyber-attacks: How much is this a government effort or the work of independent hackers? In a long piece on Chinese cyber-attacks this month, Vanity Fair quotes a security analyst saying that “in point of fact, it was the P.R.C. government taking or demanding access to some of the research that the hackers had been doing, and then using it themselves.” The analyst goes on: “The Chinese government has employed this same tactic in numerous intrusions. Because their internal police and military have such a respected or feared voice among the hacking community, they can make use of the hackers’ research with their knowledge and still keep the hackers tight-lipped about it.”
Intriguing theory, and the piece is worth a read. For more on Chinese cyber-espionage (and the security contractors who profit from them), see Seymour Hersh’s “The Online Threat,” in the November 1, 2010, issue.
Illustration by Guy Billout.