How the Coronavirus Will Help Russia and China Spy on America

A prime time for cultivating new agents and for hacking.

How the Coronavirus Will Help Russia and China Spy on America

I've seen a number of news reports discussing how the lockdowns and travel bans resulting from COVID-19 are hindering the ability of intelligence officers to do their jobs by preventing them from being able to conduct in-person source meets. The topic has also been discussed heavily in my social media feeds, and I've discussed the matter privately with friends who are former intelligence officers and have expressed similar concerns.
 
Certainly, the inability to conduct face-to-face source meets, and to make personal contact with recruitment targets to develop relationships with them, is a valid concern. I would like to suggest, however, that the economic crisis resulting from COVID-19 will also provide intelligence officers a golden opportunity to spot and recruit new agents.

Aside from banning public meetings, closing bars and restaurants and severely curtailing travel, one of the other impacts of the response to the COVID-19 crisis has been widespread unemployment, with millions of people now out of work. And it is not just restaurant workers who are out of work: Among the unemployed are tens of thousands of workers in industries being targeted by hostile intelligence agencies, such as tech, aerospace, energy, and oil and gas. (Oil and gas companies are also being heavily impacted at the current time by the ongoing price war between Saudi Arabia and Russia.) For example, GE Aviation, a company repeatedly targeted by a Chinese intelligence campaign to steal engine manufacturing technology, announced it was laying off 10 percent of its workforce in March, and in April announced that it was laying off 50 percent of its engine manufacturing workforce.

Blue-collar workers are not the only ones impacted by the crisis: Executives, engineers and other white-collar employees are also being laid off or taking pay cuts. For example, at the Canadian defense firm CAE, the executive team has taken 50 percent pay cuts, vice presidents 30 percent, managers and directors 20 percent and all other remaining employees 10 percent. The impact on these firms and employees is arguably the greatest since the 2007-2009 global financial crisis — and this all comes during a time when I believe the corporate espionage threat is direr than ever.
 
COVID-19 has not dampened the appetite of the Chinese or Russian intelligence services (or of others, including competing companies) for corporate secrets. If anything, that appetite might increase during these hard economic times, because it remains cheaper and quicker to steal technology than it does to develop it independently. While it does make it more difficult to meet prospective agents face to face, lack of personal contact has not been a significant problem in past cases. In fact, as I have previously written, we have seen a number of cases in which LinkedIn was used to spot and then establish contact with espionage targets. LinkedIn allows intelligence officers to quickly search for employees at a particular company they are interested in targeting. In many cases, people helpfully list the programs or technologies they are working on, along with any security clearances they may have. Many times people will also indicate that they are out of work, or otherwise looking for a job on their LinkedIn profiles. This kind of information makes the spotting phase of the recruitment cycle very easy.

But as we have seen in past cases, such as the aforementioned GE Aviation case or the recruitment of former CIA case officer Kevin Mallory, LinkedIn was not just used for spotting. It was also used to establish contact and begin to develop a relationship with the targets. 

By offering ruse "work at home for pay" projects to unemployed people who have access to desired technologies, it is not hard to see how an intelligence officer could establish a solid relationship and at the same time set a "little hook" in a person. The intelligence officer merely needs to help the target financially during this crisis only to use that aid later as leverage after the person returns to work at his or her current firm, or finds employment at another firm working in a similar position with access to the desired technologies or information. This can all be done remotely over LinkedIn or other social media apps. It would not be difficult to make a wire transfer to an employee's bank account via a shell company, or perhaps to send him or her some cryptocurrency. 
 
Many examples exist of Russian and Chinese intelligence officers being extremely patient in their intelligence efforts, often waiting years before their investment in an agent begins to pay off. Shelling out a little seed money and then waiting for this current economic crisis to end and for the employee to return to work would not be a long wait at all for them.

They may not even have to wait: While most companies presumably cut off the access laid-off employees have to sensitive or proprietary information residing on company-owned systems, how much of that information do they possess in their own devices and storage media, how much could they obtain from friends and colleagues still at the company, and how much resides in their own heads? In this vein, we saw Chinese intelligence recruit Mallory despite the fact he was a former CIA case officer and did not have the same access to agency intelligence he did as an active employee.
 
In terms of recruitment strategies, obviously money would be the No. 1 approach to use for a laid-off employee caught in a desperate financial situation due to a mortgage and other bills to pay, and perhaps with a child or two in college. A financial approach could be especially effective combined with a little hook approach as described above that could later be used for blackmail if they decided not to cooperate with future taskings. We saw the Chinese use this approach in the Mallory case, the GE Aviation case and in the recruitment of State Department employee Candace Claiborne. But if the employee is angry over being laid off, an intelligence officer who plays to the employee's ego, and perhaps thirst for revenge could also have a fairly easy time with recruitment. This holds true even if recruitment is done remotely over social media via chats and voice apps, similar to how we've seen terrorists overseas remotely recruit grassroots operatives living in the West.

The Security Paradox

Fred Burton and I noted the following in 2009 during the global financial crisis:

During times of financial hardship, companies often have to make cuts like the aforementioned layoffs. When companies plan cuts, they often focus on eliminating those corporate functions that do not appear to be contributing to the company's profitability. And one of the first functions cut during tough times often is corporate security. A security department typically has a pretty substantial budget (it costs a lot for all those guards, access control devices, cameras and alarms), and security is usually viewed as detracting from, rather than contributing to, the company's bottom line. The "fat" security budget is seen as an easy place to quickly reduce costs in an effort to balance the profit-and-loss statement.

This principle holds true today. One of the first places companies and organizations cut is security, which can serve to make them even more vulnerable to corporate espionage — especially if insider threat programs and other functions that protect against the theft of proprietary information are cut or curtailed just as the threat of corporate espionage involving laid-off employees is increasing. Also, even if the security programs are not cut or curtailed, the insider knowledge of security programs, policies and procedures that recently fired employees bring along with them could serve to make company facilities more vulnerable to black-bag jobs and other security threats. 
 
As I noted a few weeks ago, because of the COVID-19 crisis, "the next few months are going to be extremely difficult for anyone attempting to conduct operations — especially transnationally. In fact, for many of us, this period may very well prove the most challenging of our careers." The corporate espionage threat arising from these layoffs is just one more factor adding weight to that Herculean challenge.