China reportedly demanded that big Chinese tech companies like Alibaba process stolen US data for the nation’s top spies upon request

China’s Ministry of State Security (MSS) has demanded that big tech companies in the nation process stolen data for Chinese intelligence agencies, including data stolen from the US, according to a Wednesday report from Foreign Policy.

The outlet spoke to 36 current and former US officials who told the publication that the nation’s spy services order Chinese firms that are equipped with tools to handle large amounts of data to process sets of stolen information, according to the report.

That includes data stolen in the 2015 breach of the US Office of Personnel Management, per the outlet, as well as recent Chinese hacker attacks on MarriotEquifax, and US healthcare giant Anthem. That information is then shared with the Chinese government, according to officials, which would give authorities insight into the American healthcare system or how to expand into the hotel market, for example.

Per the report, there was already somewhat of an arrangement between spy agencies and Chinese firms. But the ties have grown stronger between China’s commercial sector and the nation’s intelligence agencies, giving the Communist Party a leg up in potentially targeting foreign governments and industries across the world, as the outlet notes. The arrangement amounts to what is essentially the Chinese government outsourcing data analytics services to its firms instead of building those features itself, per the report.

Officials said the coordination between Chinese spy agencies and Chinese firms have become a “daily” occurrence, with evidence of data transfers between the two sides. The firms that would be required to process data at China’s request are ones that have “footprints all over the world,” like Alibaba and Baidu, according to the report.

Business Insider has reached out to firms named in the report for comment but did not immediately hear back.

Steve Ryan, the former deputy director of the National Security Agency’s Threat Operations Center, told the outlet that China was enlisting its firms for data processing to target US defense contractors heavily since 2006 – Chinese hackers infiltrated networks of contractors to the Pentagon’s US Transportation Command 20 times over the course of a year, per a 2014 Senate report according to the outlet. A Chinese company would then form that offers similar services, like new fighter jets and weapons systems based on stolen US designs, putting that “US-side interest out of business,” Ryan told Foreign Policy.

According to one source, the Chinese companies’ involvement represents the “commercial wing of the party.”

“They of course cooperate with intelligence services to achieve the party’s goals,” the source told Foreign Policy.

Another source likened the arrangement to a fictitious scenario in which the CIA was seeking to collect information on China and stole data and gave it to “Google or Amazon or Microsoft” to process and deliver analytics to the US government.

Some of the Chinese companies forced to process data for the intelligence agencies have done so begrudgingly, per the publication.

According to the report, the CIA found that 20-year-old Tencent received funding from the Ministry of State Security around the time of its founding. Tencent denied that detail to Business Insider.

“Our history as an entrepreneurial start-up is well known, funded first by our founders and then IDG and PCCW, and we’ve been a public company with transparent ownership for over 16 years,” a Tencent spokesperson said. “Tencent, like any other company operating in China, complies with PRC law in a transparent way. The allegations beyond this are completely false.”

The question of China-based companies handling US user data has taken center stage this year as the Trump administration has zeroed in on Chinese firms, including HuaweiAlibabaWeChat, and China-based Bytedance, which owns the popular video-sharing app TikTok that is used by millions of Americans. The Trump administration has also reportedly floated the idea of restricting Ant Group and Tencent in the US over national security concerns. US-China relations have subsequently grown rather strained.

 

Trump and the US Committee on Foreign Investment (CFIUS) has been more aggressive to prevent Chinese businesses from investing in US firms, which could make them privy to American user data, officials told the outlet.

*story by Business Insider