Hackers and Their Place in the PRC Intelligence Community

China Brief, Volume: 24 Issue: 7

By: Matthew Brazil

March 29, 2024

Advertisement for the 2018 “Anxun Cup” hacking competition, jointly hosted by Sichuan Anxun (iS00N) and Chengdu University. (Source: iS00N)

Executive Summary:

  • Leaked files from iS00N reveal deep insights into the PRC’s intelligence operations, highlighting an intensified global security offensive as well as issues within the intelligence community.
  • iS00N’s growth is tied to Xi Jinping’s aggressive policies and demonstrates the importance of private contractors in fulfilling the PRC’s increased intelligence and security needs.
  • The leaks expose employee dissatisfaction and underscore iS00N’s critical role in intelligence gathering and job provision, reflecting the contractor’s complex relationship with the PRC government.
  • The exposure raises questions about the role and regulation of hacking contractors in the PRC, potentially leading to investigations and reforms that could affect the PRC’s intelligence strategy and international relations.

In the month since the leak of over 570 files from the Shanghai-based hacking contractor iS00N (安洵信息), we have seen much reporting about their company culture, leaders and clients, whom they try to recruit, and what iS00N was actually doing (some of the best analysis on the leaks and the overall nature of the threat can be read at Natto Thoughts and Recorded Future).

At the same time, the leaks are an opportunity to advance our understanding of how the opaque PRC intelligence and security community is changing. The data, which continues to be mined by various analysts, provides a window into how Beijing’s intelligence and security community (IC) is using cyberspace to meet the many threats perceived by the party. It indicates continued issues in China’s IC regarding standards, training, and discipline, while also confirming the long-held idea in the West that Beijing’s worldwide intelligence and security offensive is intensifying, while the Chinese side continues to blithely deny everything.

For the rest of the story, click here (there is no paywall)

Spies of the Baltic; Spy Trades; New Research

This year’s most popular poster at the MSS and the CCP Propaganda Department? Well, maybe only in the gift shop.

1. Sino Spies of the Baltic

Russian clandestine operations have long targeted the Baltic States and Scandinavia. But lately, the environment has become more crowded.

Interviews conducted in Europe since the last newsletter in July highlighted some interesting cases that will be detailed in the upcoming book. For example, in June 2023 Ms. Gerli Mutso was convicted of espionage on behalf of the PLA Joint Intelligence Bureau, the Chinese military’s human intelligence organization. She recruited an Estonian official with access to NATO classified information, traveling abroad several times for rendezvous to pass along data on “maritime” matters – probably related to the Arctic, where China seeks to build a presence.

That and other cases, some involving intimidating spying and influence operations in neighboring countries, are an indication of China’s proliferating worldwide espionage and influence activities.

An interesting wrinkle of the Mutso case: her handlers had her travel to China and Thailand to hand over the goods. They seem to have at least partly avoided potentially vulnerable electronic means of communication.

Thailand, incidentally, has been the scene of other CCP intelligence operations, which will be discussed in the upcoming book.

2. The comparative politics of spy trades

Interviews last year in Taiwan about CCP Intelligence operations revealed the same sort of agent-headquarters communication pattern. Chinese Communist operatives in Taiwan have long used couriers to communicate with handlers. Some other cases reflect this modus operandi. It seems to reflect a legacy of competence in clandestine communications going back to Chi Mak, Larry Chin (see below), and the Chinese Revolution itself. With the damage done to CCP Intelligence operations by the sloppy use of gadgets by at least one recruited agent and an MSS officer, courier-based communications may be making a comeback.

In various briefings over the past few years, I’ve included a list of similarities and differences between China’s premier civilian intelligence agency, the Ministry of State Security, and intelligence agencies in other countries.

The similarities include things like:

  • collection against other countries’ state secrets in response to tasking by the national leadership;
  • use by officers of both “legal” diplomatic cover and “illegal” non-official cover (NOC);
  • false flag operations (pretending to work for a relatively palatable third country’s intelligence service);
  • use of blackmail and monetary payments to facilitate agent recruitment.

But China’s services also stand apart from most other major powers. They:

  • avoid acknowledging their foreign intelligence activity, almost always pretending that China is above it all. As Michael Schoenhals has pointed out, the UK also used to deny everything, albeit over a generation ago;
  • pretend that China’s agencies eschew the “honey trap,” i.e. setups to enable sexual blackmail of a potential agent;
  • reject spy trades to rescue their officers and assets caught abroad;
  • prioritize state-led technology acquisition for military use and the commercial gain of PRC firms;
  • enable public and private institutions and individuals to engage in industrial espionage and related activities.

One aspect that captures the imagination is Beijing’s continuing reluctance to admit that they engage in any foreign intelligence operations, and accompanying that stance, a reluctance to conduct spy trades when one of their own is caught abroad.

Yes, they traded Canada’s “Two Michaels” for the photogenic Huawei CFO, Ms. Meng Wanzhou (孟晚舟), but it appears that no one in this unfortunate trio was likely engaged in intelligence duties. Moreover, the end game (the Michaels being released as soon as Meng was allowed to return to China after admitting to financial fraud) strongly suggested that Beijing was baldly taking hostages and releasing them for the ransom of allowing a confessed criminal to go free.

That’s typical because the Chinese side is long notorious for arbitrary acts of nastiness against foreigners at home and abroad, including hostage-taking and random accusations of spying.

Meanwhile, there arises an accusation that one of the Michaels (Spavor), who is a Canadian former diplomat, reported his conversations with Michael Kovrig about the latter’s travels in North Korea, including a conversation over drinks with Kim Jong-un.

Just my opinion, but – why wouldn’t he? Unfortunately, it is no surprise that the Chinese side turned typical diplomatic reporting into a spying allegation.

Will Beijing let Xu Yanjun die in prison as they did Larry Chin and Chi Mak?

Getting back to spy trades: if we examine only the U.S.-China bilateral, China has let a number of their people rot or die in custody, notably Larry Wu-tai Chin (金无怠), Bernard BoursicotChi Mak (麦大志) and most recently Xu Yanjun (徐延军). Beyond them, the list is long.

Mr. Xu, or at least his spouse and child, undoubtedly hope for a trade between Washington and Beijing involving Xu and an accused spy for America, John Leung, (梁成运) now held behind bars in China. But by making such a trade would Beijing be tacitly admitting to spying? And would Beijing then start grabbing hostages to trade for their imprisoned, recruited agents?

3. Pathbreaking Research from Australia

The case for an open-source intelligence agency, or at least something much larger than exists today, continues to be made in this understudied field by scholars such as Nick Eftimiades and Peter Mattis. Some excellent research has emerged in the last 18 months from Alex Joske, the young Australian scholar of modern-day Chinese Communist espionage and influence operations who relies primarily on carefully selected Chinese language open-source info. In Spies and Lies, reviewed here and elsewhere, Alex made a major contribution by showing how the Ministry of State Security (MSS) has, for decades, engaged in influence work abroad.[1]

A few months ago, he published another work about the formation of State Security departments at the provincial and municipal level in China: “State security departments: the birth of China’s nationwide state security system” (Deserepi 0, 2023). His paper has new information on the predecessor of the Ministry of State Security, the Central Investigation Department (1955-1983), the work it did inside China, and how Investigation Departments at the local level were an important foundation of MSS from the beginning in 1983-84.

Another of many findings: Contrary to conventional wisdom, Public Security organs “contributed expertise in foreign intelligence operations, surveillance, and technological research—not just counterintelligence and security work—to the state security system.”

And finally

The book is coming along but remains a work in progress. I’ve been doing some restructuring to make it more readable but it is still intended to start as a brief narrative history of CCP Intelligence with a more lengthy analysis of Beijing’s present-day intelligence community.

More later.

Thanks for reading. If you wish to subscribe to the newsletter with this content, leave me a message on the contact page of this website or write to matthew.brazil@gmail.co

Taiwan is Losing its Spy Wars with China

If you follow developments in Beijing’s worldwide espionage and influence offensive, you’ve probably heard that the FBI opens a case regarding China every 10 hours (the 2020 figure) or 12 (2021). Doing the math, 8,760 hours per annum means something like 876 new cases a year, or in the updated version, 730.

The Communists have long had an espionage advantage over the Nationalists and their successors, but widespread Taiwan defeatism adds to their leverage.

These are only the new cases, not the total figure for open investigations—which could add up to several thousand, as such inquiries can last for months or years without resolution, public or private. Beyond the small number of cases the Justice Department brings to indictment and trial each year, it does not say how many cases it has closed.

The numbers suggest an overwhelming challenge, even as the Bureau bolsters its efforts to combat Chinese counterintelligence, counterespionage, tech transfer, and other matters—not to mention its drive to recruit special agents with Chinese language skills.

But if you think America has a tough nut to crack, consider our brethren in Taiwan. There, the Republic of China, as it’s formally known, is battling an astounding onslaught of Beijing’s spies. Such subversion raises the question of whether Taiwan will really be able to defend itself during an invasion until help arrives from the U.S.—or even whether it will fight.

In 2017, Taiwan’s National Security Bureau publicly estimated that 5,000 mainland spies were operating in Taiwan. When SpyTalk interviewed former ROC senior intelligence officers in Taipei in May, one of them said the real number is closer to 2,000 to 3,000. But even that more modest figure is a lot of spies for Taiwan, an island the size of Belgium with a population of 24 million.

Whatever, these numbers are not universally accepted, nor is evidence offered to support them. But occasional revelations do not contradict Taipei’s official claims, and some of those cases are alarming. One involved a former Taiwanese Navy rear admiral, and another earlier this year implicated a retired Taiwanese Air Force colonel and six accomplices. Other significant cases were described in a 2021 Reuters investigation.

For the full article, see www.spytalk.co, here.

China’s Illegal Police Abroad: radio segment & background

Say “cheese.” Okay, don’t say cheese.

China’s semi-underground police station in New York, set up there by the Fuzhou Public Security Bureau, made headlines last month for good reason. It was completely illegal and was harassing dissidents, as well as chasing actual exiled criminals.

And there are hundreds more across the world.

For an eight-minute explanation of these stations, go here for my interview with Scott Tong on “Here and Now,” the award-winning radio program from National Public Radio and WBUR Boston. They do long-form interviews and dig deeper into contemporary affairs than other such shows, and are worth checking out.

More Details:

The Chinese Communist Party has always been a secretive organization. For their 98 million members, clandestine operations are normal. Even the headquarters building of the party’s all-important Organization Department is unmarked with standard signage.

The party is overly concerned with the slightest opposition, in part because China’s history of revolts and revolutions has many examples of fatal revolts rising from below. Whenever they find organized activity not controlled by themselves, the CCP moves to nip it in the bud. This was true before Xi Jinping rose to lead the party, and will continue after he departs the scene.

This includes Chinese dissent abroad. Party leaders no doubt remember that the father of modern China, Sun Yat-sen, did most of his organizing against the Qing Dynasty overseas before returning when the time was ripe in 1911 – as did Lenin to Russia a few years later.

So it is no surprise that the CCP takes dissent in the U.S. and elsewhere very seriously, even if it seems harmless to their powerful party-state (an important difference in perspective to keep in mind when observing CCP behavior). Thus, they have tasked the Chinese Ministry of Public Security (MPS) to have its subordinate Public Security Bureaus (PSBs) go abroad and tackle dissent, even by isolated individuals.

To be fair, the officers at these “secret police stations” also hunt for actual criminals that have committed fraud or worse. And today’s secret police stations have precedent, as shown by Matt Schrader in his January 2019 China Brief article on “Overseas Chinese Assistance Centers.”

Even older precedent: the openly established police posts in South Africa, set up beginning in 2004 for what appears to be good reasons with the agreement of the host government.

But the problem lies where such stations have been set up in secret, for reasons unacceptable to the host government, violating the 1961 Vienna Convention on Diplomatic Relations.

Research in East Asia

During the entire month of April, I was in Southeast Asia and Northeast Asia conducting research and interviews for the upcoming book. I am writing more about the findings from that trip and will send along links to articles that result.

I was particularly intrigued to find that awareness of Beijing’s worldwide espionage and influence offensive is rising more or less at the same pace overseas as it is in the United States but with less hyperbole.

In the words of Taylor Swift, we all “need to calm down” and focus on the facts.

To subscribe to my newsletter about Chinese espionage, send me an email: matthew.brazil@gmail.com

Another PRC Intelligence Reorg?

The non-communist Chinese press buzzed last week with rumors that the Chinese Communist Party (CCP) plans to reorganize its IC (intelligence community). They will allegedly merge the Ministry of State Security and the Ministry of Public Security together into a new organ directly under the CCP Central Committee.

China Times cited Ming Pao (Hong Kong) here, saying that a new super-security organ will be placed under the CCP Central Committee. The name: the “Central Internal Affairs Commission” [中央内务委员会, Zhongyang Neiwu Weiyuanhui].

That would be a commission, at the level of the Central Military Commission, NOT a higher-ranking CCP department, like the Propaganda Department and the Organization Department of the Party.

The usual Falun Gong-affiliated sources have carried the story, which also is covered on Radio Free Asia (RFA). Supposedly, this reorganization will be announced during the “two sessions” (the NPC and the CPPCC) beginning this week, on Saturday 5 March.

This sort of news is troublesome because no sources are ever cited. The information, even if completely accurate, will in any case be kept secret by the CCP until the last second.

I polled four scholars who have long studied the organs of Chinese state security. None had heard any information to confirm or refute the idea of another PRC IC reorganization. The last reorg was in 2015, creating the PLA Strategic Support Force, and before that, in 1983, when MSS was founded.

“Possible but not probable” said one. “It makes sense,” said another, since Xi Jinping seems to favor consolidation of Party control due to longstanding issues of corruption in the ranks: web search MSS former Vice Minister Ma Jian, for example.

Former MSS Vice Minister Ma Jian in humble confession mode (Image: China Central Television)

Another China analyst from the Paris-based organization Intelligence Online offered a similar view. While there is no evidence that this reorganization is in the works, she said that this seems consistent with Xi Jinping’s continuing efforts to reduce the margins of “untrusted functionaries.”

For more, see the article at Spytalk.co, here, where you can find numerous pieces on China, Russia, and our very own national security state.

That Balloon (or Those Balloons)

If you’re not sick of balloonery, take a look at this piece that I recently published on SpyTalk. It attempts to assemble the important stuff about that ordeal, and also this Defense One article by my comrade Thomas Corbett at Bluepath Labs.

Speaking of American companies helping China’s defense industry, watch for an upcoming article on Defense One. It will show how the business model of certain American high-tech companies is ideal for Chinese entities trying to evade US export controls.

As always, feel free to pass information this along to any interested party. Or Party.

How China’s Cell Phone Spies Track Covid Protesters

US firms helped build Beijing’s ubiquitous surveillance systems

Police officers in Luoyang in Henan province wear sunglasses linked to facial recognition software that can identity fugitives. The devices are just some of the advanced surveillance technology used by police in China. Photo: Reuters via SCMP

China’s anti-lockdown protests last month were the worst blow yet to the prestige of Xi Jinping. One moment, the Chinese Communist Party’s leader was riding high after securing a third term at the top of the party-state. The next, he was challenged by demonstrators in the streets to “step down,” a sentiment that protestors also chanted against the party itself.

The discontent with the CCP expressed by demonstrators exceeded that of the more massive 1989 protests at Tiananmen Square, albeit this time with much lower numbers: most of the 19 or more cities where protests erupted drew less than 50 people, while the other half in tier one cities with more foreign contact attracted over 50, some in the hundreds.

Though the numbers were small, it was a notable “political coming out of the closet,” (政治出柜, zhengzhi chugui), much discussed in Chinese social media. But to keep it in perspective,  the protests were not thousands of people openly defying authority, as the world now observes in Iran. As far as is known, these were limited actions by small groups in urban centers. 

However, the protests in China at the end of November were bold, as those who participated risked arrest or worse. And there is a chance that the demonstrators represented a larger and more cautious percentage of society. 

Though the party leadership rapidly (maybe too rapidly) eased the “zero Covid” restrictions that prompted this popular anger, those who spoke up soon learned who was boss.

A rough pattern of police response developed, with some similarity to the way some other protestors have been treated. Mere participants were summoned to police stations to explain themselves and sign statements saying they would never do it again. One demonstrator, perhaps typifying others, had tried to disguise himself with a balaclava and clothing change but was quickly tracked down by police. He was surprised at how easily authorities had picked him out of a large crowd, evidently using his phone data and their urban surveillance system.

Leaders of the protests were treated more harshly. At least one—the man who may have led the first “step down” chants in Shanghai—was apprehended at work and has since disappeared. He, too, thought he might not

be identified.

Years ago, well before Xi Jinping’s new era of paranoid surveillance, some citizens have been more clued in than others to the regime’s use of mobiles to keep tabs on users. Chinese citizens secretly working for a foreign intelligence agency were trained to, among other things, separate their phones from any incriminating activity.

Those just living lives removed from international intrigue, but who were tech savvy, also chose different ways to minimize surveillance, according to a Chinese American author who has regularly returned to China for research. They would “put their cell phones in another room when they talk, or take out the SIM cards, use different cell phones to contact different people,” similar to the tactics of protestors in the U.S. to avoid surveillance and police use of data.

See here for the rest of the article in SpyTalk

China’s Fearful Intelligence Culture

Excerpt from “China, The Fearful Intelligence Culture,” By Matthew Brazil

The Chinese Communist Party (CCP) has placed priority on its intelligence and security operations for almost a century. This core business of the party significantly contributed to the CCP’s 1949 victory and to the maintenance of its current power.

Most recently, the internet and artificial intelligence (AI) have enabled previously unimaginable foreign espionage successes. Yet there are cracks in the façade: unending existential fear about enemies within; fear of being caught between CCP General Secretary Xi Jinping’s never-ending anti-corruption drive and a culture that still fosters graft; as well as fear of being insufficiently loyal to Xi’s “thought” and to his status as the CCP “core.”

Drawing from Chinese language publications and interviews with former western security officials who had regular contact with their Chinese counterparts, this chapter argues that these are old problems, but under Xi, have become more pronounced than in recent decades. It shows how China’s espionage organs will likely continue to achieve successes in cyber espionage, agent recruitment, and technology theft, but dispassionate intelligence analysis may be hindered by pressure to conform to the party line. Thus, Chinese intelligence culture in the 2020s may sometimes make it difficult for Beijing’s senior leaders to see the forest through the trees.

The above is an excerpt from “China: The Fearful Intelligence Culture”, in Ryan Shaffer, ed. The Handbook of Asian Intelligence Cultures (New York: Rowman & Littlefield, October 2022). This chapter on China has six sections:

  • The Shellshocked Roots of Chinese Communist Intelligence and Security
  • Corruption, Anticorruption, and Power Struggles
  • State Security, Not National Security
  • The Lasting Leftist Influence of Mao Zedong and Kang Sheng
  • Competent Spy Versus Rear Area Ideologue
  • Conclusion: Beijing’s services may be developing a superior understanding of big data compared to their Western counterparts as cyber operations garner an ever greater share of resources. Meanwhile, during the 2020s and 30s the ranks of State Security and military intelligence will fill up with recruits born during and after the 1990s, raised in an era of heightened nationalism and suspicion of foreigners. If the legacy of fear persists while raw data from cyber and other operations keeps piling up, Beijing’s ability to make sense of the outside world and future domestic developments may decline.

The Handbook of Asian Intelligence Cultures has 30 chapters, one for each Asian nation, and can be found on Rowman.com and Amazon.

The above article is also available on LinkedIn here.

The Lockdown Protests in China Meet the Intelligence and Security Apparatus

Here are two very recent forums where I had opportunities to reflect on the intersection between China’s security and intelligence apparatus and the nationwide lockdown protests:



As a result of the tragedy in Urumqi, protestors in China are almost certainly motivated by the fear that they themselves might become fire, earthquake, or flood victims should they need to evacuate a locked-down location.

Secondly, if demonstrators did not previously understand the extent to which their mobile phones were miniature spies-in-the-pocket, they certainly do now. That realization could alter the way people in China handle their cell phones. Imaginative ways to circumvent the surveillance system could develop.

Finally, the protests will probably soon be suppressed. But if they continue, the next step could be to call in the  People’s Armed Police  (PAP), which is a different organ of state security than the Public Security Bureaus around the country. The PAP is little understood outside of China – but is an extremely powerful tool with vast resources. They are trained to quickly put down mass civil disturbances with overwhelming force, but to do so without resorting to the June Fourth, 1989 solution of machine-gunning the citizenry in the streets.



Non-resident Fellow,  The Jamestown Foundation  and Contributing Editor,  SpyTalk  San Jose, CaliforniaMobile (Signal enabled): +1-408-891-5187

Encrypted:  matt.brazil@hushmail.com   https://www.mattbrazil.net/   https://www.usni.org/press/books/chinese-communist-espionage 

The Pacific Century Podcast – “Chinese Spies: Is America Helpless Against PRC Espionage?”

The Hoover Institution’s Dr. Michael Auslin is joined by Anna Puglisi, former National Counterintelligence Officer for China, and Matt Brazil, Senior Analyst at BluePath Labs and co-author of Chinese Communist Espionage, to discuss just how widely and successfully Chinese spies have penetrated American business, government, and academia.

Listen at: the Stanford Hoover website, Stitcher, or Podbean.

The full URL at Stanford: