Chinese university students have been drawn to work in a secret technology company that masked the true nature of their work: investigating Western targets for spying on and translating pirated documents as part of Beijing’s industrial-scale intelligence regime.
The Financial Times has identified and contacted 140 potential translators, mostly recent graduates who have studied English at public universities in Hainan, Sichuan and Xi’an. They had responded to job postings at Hainan Xiandun, a company located on the tropical island of Hainan in the south.
The application process included proof of translation of sensitive documents obtained from U.S. government agencies and instructions to investigate people at Johns Hopkins University, a key goal of intelligence.
According to a 2021 U.S. federal indictment, Hainan Xiandun was a cover for Chinese piracy group APT40. Western intelligence agencies have accused the APT40 of infiltrating government agencies, companies and universities in the US, Canada, Europe and the Middle East, under orders from China’s State Security Ministry.
The FBI tried to disrupt Hainan Xiandun’s activities last July by accusing three state security officials in Hainan Province – Ding Xiaoyang, Cheng Qingmin and Zhu Yunmin – of their alleged role in establishing the company as a front. for state-backed espionage. Another man mentioned in the indictment, Wu Shurong, is believed to be a hacker who helped monitor Hainan Xiandun employees.
Western intelligence services are also looking for potential university spies, and applicants undergo rigorous research and training before joining people like the CIA in the U.S. or the intelligence agency. GCHQ signal license from the United Kingdom.
But Chinese graduates targeted by Hainan Xiandun seem to have been unwittingly drawn into a life of espionage. The company’s job postings were posted on university websites for translators without further explanation of the nature of the work.
An FBI wanted notice. The office tried to disrupt Hainan Xiandun’s activities last July by accusing three state security officials in Hainan Province – Ding Xiaoyang, Cheng Qingmin and Zhu Yunmin – of their alleged role in establishing the company as a front. for state-backed espionage. Another man mentioned in the indictment, Wu Shurong, is believed to be a hacker who helped monitor Hainan Xiandun employees.
This could have lifelong consequences, as people identified as collaborators with the MSS through their work for Hainan Xiandun are likely to face difficulties in living and working in Western countries, a key motivation. for many students studying foreign languages.
The FT contacted 140 people from a filtered list of candidates compiled by security officials in the region to corroborate the authenticity of the applications. Several of the contacts initially confirmed their identities, but ended the phone calls after asking them about their links to Hainan Xiandun. Some commented on their experience in the hiring process.
Its applications provide information on the tactics of APT40, known for targeting biomedical, robotic, and maritime research institutions as part of broader efforts to gain insights into Western industrial strategy and steal sensitive data.
Hacking at this scale requires a huge workforce of English speakers who can help identify targets of hacking, cyber technicians who can access opponents ’systems, and intelligence officers to analyze stolen material.
Zhang, an English graduate who applied to Hainan Xiandun, told FT that a recruiter had asked him to go beyond conventional translation tasks by researching the Johns Hopkins Applied Physics Laboratory, with instructions for finding information. about the institution, including the resumes of the directors of its board, the architecture of the building, and the details of the research contracts it had made with clients.
The APL, a major recipient of U.S. Department of Defense research funds, is likely to have a significant intelligence interest in Beijing and the people who work there as primary targets of piracy.
The instruction document called for job candidates to download “software to get behind the big firewall.” He warns that the investigation will involve consulting websites such as Facebook, which is banned in China and therefore requires a VPN, software that masks the user’s location in order to access it.
“It was very clear that this was not a translation company,” said Zhang, who decided not to continue with his application.
Dakota Cary, a Chinese cyberespionage expert and former security analyst at Georgetown University, said student translators were likely to help investigate organizations or individuals that could prove to be fruitful sources of sensitive information.
“The fact that you have to use a VPN, that you have to do your own research, and that you need good language skills, all tells me that these students will identify targets of piracy,” he said.
Cary, who testified earlier this year before the U.S.-China Economic and Security Review Commission on Beijing’s cyber capabilities, said the instruction to investigate Johns Hopkins was an indicator of the level of initiative and the ability to acquire expertise that translators were expected to demonstrate. .
A security official in the region said the revelations were evidence that the MSS was using college students as a “recruitment channel” for its espionage activities.
U.S. Secretary of State Antony Blinken has previously condemned the MSS for building an “ecosystem of criminal contract hackers” involved in both state-sponsored activities and economically motivated cybercrime. Blinken added that these hackers cost governments and businesses “billions of dollars” in stolen intellectual property, ransom payments and cyber defenses.
Hainan University seems to have a close relationship with Hainan Xiandun. The company was registered on the first floor of the university library, where the students’ computer room is located © Imaginechina Limited / Alamy
Hainan Xiandun asked applicants to translate a document from the U.S. Bureau of Infrastructure Research and Development that contains technical explanations on corrosion prevention in transportation networks and infrastructure. This seemed to test the capabilities of potential employees to interpret complex scientific concepts and terminology.
“It was a very strange process,” said Cindy, an English student at a respected Chinese university. “I submitted the application online and then the HR person sent me a very technical test translation.” She decided not to continue with the application.
Adam Kozy, a former FBI official who most recently worked for cybersecurity company CrowdStrike, said he had not heard of Western intelligence recruiting college students without being given the go-ahead. security clearance to collect information.
“MSS do everything very informally and they like the gray areas,” he said. “It’s interesting to see that they rely on a young student workforce to do much of the dirty work that can have these consequences later in life and most likely don’t fully explain these potential risks.”
The MSS did not respond to requests for comment.
Hainan Xiandun applied for applications at university recruitment sites and appears to have a close relationship with Hainan University. The company was registered on the first floor of the university library, home to the students’ computer room.
A job posting on the university’s language department website called for applications from students and members of the English-speaking Communist Party. The ad has been removed from FT inquiries about this story.
Several students nominated for Hainan Xiandun had won school awards for their language skills and others had the additional distinction of being party members.
According to the FBI indictment, MSS officials “coordinated with staff and professors from Hainan universities and other places in China” to further their intelligence goals. Staff at a Hainan-based university also helped support and manage Hainan Xiandun as a display company, “including through payroll, benefits and a postal address,” the indictment says.
Although the FBI accused the university of helping the MSS identify and recruit hackers and linguists to “penetrate and steal” computer networks, it does not mention the role of the university in asking students to help the cause.
In response to the FT’s findings, Michael Misumi, information director of Johns Hopkins APL, said that “like many technical organizations,” the APL “must respond to many cyber threats and take appropriate action to defend itself.” continuously and their systems “.
Hainan University did not respond to requests for comment.
The names of the applicants have been changed to protect their identity