China’s Ministry of State Security (MSS) has demanded that big tech companies in China process stolen data, including data stolen from the U.S., for Chinese intelligence agencies, according to a Wednesday report from Foreign Policy.
Foreign Policy spoke to 36 current and former U.S. officials who said that the nation’s spy services ordered Chinese firms, equipped with tools to handle large amounts of data, to process sets of stolen information, according to the report.
That includes data stolen in the 2015 breach of the U.S. Office of Personnel Management, per the outlet, as well as recent Chinese hacker attacks on Marriot, Equifax, and U.S. healthcare giant Anthem. That information was then shared with the Chinese government, according to officials, which would give authorities insight into the American healthcare system or how to expand into the hotel market, for example.
Per the report, there was already somewhat of an arrangement between spy agencies and Chinese firms. But the ties have grown stronger between China’s commercial sector and the nation’s intelligence agencies. This gives the Communist Party a leg up in potentially targeting foreign governments and industries across the world, as the outlet notes. The arrangement amounts to what is essentially the Chinese government outsourcing data analytics services to its firms instead of building those features itself, per the report.
Officials said the coordination between Chinese spy agencies and Chinese firms have become a “daily” occurrence, with evidence of data transfers between the two sides. The firms that would be required to process data at China’s request are ones that have “footprints all over the world,” like Alibaba and Baidu, according to the report.
Business Insider has reached out to firms named in the report for comment but did not immediately hear back.
Steve Ryan, the former deputy director of the National Security Agency’s Threat Operations Center, told the outlet that China was enlisting its firms for data processing to target U.S. defense contractors heavily since 2006. Chinese hackers infiltrated networks of contractors to the Pentagon’s U.S. Transportation Command 20 times over the course of a year, per a 2014 Senate report, according to the outlet. Chinese companies offering similar services and products, like new fighter jets and weapons systems based on stolen U.S. designs, would then form. This would put the “U.S.-side interest out of business,” Ryan told Foreign Policy.
According to one source, the Chinese companies’ involvement represents the “commercial wing of the party.”
“They of course cooperate with intelligence services to achieve the party’s goals,” the source told Foreign Policy.
Another source likened the arrangement to a fictitious scenario in which the CIA was seeking to collect information on China and stole data and gave it to “Google or Amazon or Microsoft” to process and deliver analytics to the U.S. government.
Some of the Chinese companies forced to process data for the intelligence agencies have done so begrudgingly, per the publication.
According to the report, the CIA found that 20-year-old Tencent received funding from the Ministry of State Security around the time of its founding. Tencent denied that detail when questioned by Business Insider.
“Our history as an entrepreneurial start-up is well known, funded first by our founders and then IDG and PCCW, and we’ve been a public company with transparent ownership for over 16 years,” a Tencent spokesperson said. “Tencent, like any other company operating in China, complies with PRC law in a transparent way. The allegations beyond this are completely false.”
The question of China-based companies handling U.S. user data has taken center stage this year as the Trump administration has zeroed in on Chinese firms. Among those firms are Huawei, Alibaba, WeChat, and China-based Bytedance, which owns the popular video-sharing app TikTok that is used by millions of Americans. The Trump administration has also reportedly floated the idea of restricting Ant Group and Tencent in the U.S. over national security concerns. U.S.-China relations have subsequently grown rather strained.
Trump and the U.S. Committee on Foreign Investment (CFIUS) have been more aggressive to prevent Chinese businesses from investing in U.S, firms, which could make them privy to American user data, officials told the outlet.
This article was written by Katie Canales and originally published on Business Insider.