plawolf
Lieutenant General
Well, your sequence of events doesn't really work.
In order to try and blackmail the Chinese government, the brothers cannot pass on the secrets to the US, that's like shooting the hostage in the head. You have nothing to bargain with after that.
The US only came into the picture sometime between Jihua's son's car crash and when he was arrested, at which point the game changed for Wechang from trying to secure his brother to self preservation.
It is during this period when the brothers first revealed that they had stolen secrets till the defection and/or arrest that is most critical for Chinese counter-intelligence to limit any potential damage.
It would also be illogical and downright foolish to base your counter-intelligence operation on leaks. What guarantees do you have that the US would leak precisely what files they actually have? Absolutely none. In fact, it is almost a sure thing that the US would try to use leaks to trick or bait you.
You don't mess around with things like that, when in doubt, you have to go with the worst case scenario, which is to assume that everything that was or could have been accessed by Ling Jihua's office as compromised.
That's dangerous naive to think American intelligence is so incompetent and lacking in basic trade craft. They should not be leaking anything that betrays active operations and/or viable vulnerabilities and sources.
The most logical position to take isn't that US intelligence is so silly as to make such an elementary error and waste a golden intelligence opportunity because they cannot help by gloat bad boast publicly.
If it was US intelligence who first leaked this (and thus far I have not seen any conclusive evidence to show this), then the most logical position to take is that they are o only doing so because a) the Chinese know they have those secrets, and/or b) there is no more operational advantage to be had from keeping the fact that they have those files a secret.
How do you extort without showing that you have something important enough to threaten the target with?
To try to blackmail at all would involve the brothers revealing that they had secrets, at which point which secrets they did take becomes a rather academic question, since the only prudent thing to do in such a situation is to assume that everything that could have been compromised had been compromised, as explained above.
As for the logic behind the move. Well I agree it was a bone head idea that was never ever going to work, so I think it was more an act of desperation rather than some well-thought out plan.
I also think there is a lot of details behind the scenes that have not yet been revealed, since the public narrative just doesn't make much sense.
In my view, the most likely sequence of events is as follows:
-Infamous car crash in 2012 killed Jihua's son was too public to cover up, and Jihua knew he was royally screwed, so he sets up contingency plan by stealing what he could before he was demoted and removed from the position where he had access to state secrets.
-Stolen secrets are passed to brother, who disappears, as investigation into Jihua gets underway
-When it became obvious charges would be brought, the blackmail was made
-China strings brothers along as they try to limit the damage while trying to find Wechang to recover the stolen documents
-Either some deadline set by the brothers lapsed, and/or Chinese agents got close but not close enough, spooking Wechang into defecting, and later Jihua is arrested and formally charged.
-Race is on, with the Chinese plugging vulnerabilities as fast as they can, while the Americans probe and try to exploit any and all openings they can before they are closed down by the Chinese.
-Events run their course, China closes all vulnerabilities and put into action measures to make all information in stolen documents useless, America determines they have gained all the advantages they could from the information and a leak is made to exploit the PR advantage of this coup.
As I have already explained above, that's not necessarily true at all.
As with all sensitive documents, the information they contain is only valuable for a limited length of time. After which point, they either naturally expire, or are superseded by regular scheduled code, hardware and procedural changes designed specifically to safeguard against possible undetected security breaches.
The useful lifespan of a secret document is drastically shortened if it was known or suspected that they might have been compromised.
The key question is one of timeline. We don't know when China first knew of the theft and when Wechang first handed them over to the US.
The public dates provide good ball park upper limits, but are not necessarily representative of reality.
For example, Wechang might have ran to US intelligence in 2013 or earlier, and Chinese intelligence did not find out about it until recently, when Jihua was finally formally charged and arrested. So we know that China might have had a maximum window of more than 2 years to address the leak, but the actual time they had before the US started actively exploiting those secrets could have been much shorter.
Whenever something like this happens, standard procedures would be to assume everything that could have been compromised had been, and work your way down, with the most important things first. It would also be expected that Chinese intelligence would also be looking at how to turn this disadvantage on its head and lay some traps.
For example, they could make it seem that they have overlooked some vulnerabilities, while in fact setting up traps to feed the US bogus info etc.
So things like nuclear launch codes, key passcode, C&C channels and procedures etc would have been changed and looked at first.
If the claims that Zhongnanhai came under sustained cyber attack is true, then that suggests either the US got the documents fairly early in the timeline, or it was all a diversionary tactic, designed to suck in Chinese counter-intelligence resources to slow down the pace they were making the leaked documents useless.
Although if the attacks really were ongoing for months, it would suggest the latter to me, since if the US had the codes before Chinese intelligence knew to change them, they should have been able to penetrate without even being detected. A sustained, visible cyber dual is not the hallmark of someone who has gotten access codes to bypass all the security altogether.
On balance, I think the western reporting of headline items like nuclear launch codes and Zhongnanhai access codes are probably overly optimistic from the American prospective, since those would have been amongst the first and most easy things to change and make safe.
Similarly, I think it would be too optimist from the Chinese prospective to suggest that all the documents were totally worthless by the time the Americans got their hands on them.
I think some damage was done, but not nearly as bad as what the headlines suggests, although we will probably never know the true extent of it, which would almost certainly be a subject of intense study and debate within the Chinese and American intelligence communities themselves.
