Espionage involving China
- Thread starter kroko
- Start date
Such inmates are not necessarily kept alive and healthy for their own sake, but as potential bargaining chips for future prisoner exchanges.
The traitors which I'm referring to are Chinese nationals with PRC citizenships, not foreigners. Who is China going to exchange those prisoners with?
Foreigners are not considered traitors if they are working against China on Chinese soil - They are classified as espionage agents or spies at best. Those are the ones who would be useful as bargaining chips.
In the past, the US have exchanged captured Russian agents and assets to recover Russian officials and citizens who had betrayed their own country for the CIA and/or MI6.
Not to say Uncle Sam is motivated by humanitarianism or altruism, but in some instances, such traitors are worth something.
manqiangrexue
Brigadier
I would think so. They probably wouldn't publish things like this about ongoing cases.
Harbin Municipal Public Security Bureau Publicly Issues Arrest Warrants for Three U.S. National Security Agency (NSA) Operatives
Xinhua News Agency, Harbin, April 15 (Reporter Xiong Feng) — On the 15th, reporters learned from the Harbin Municipal Public Security Bureau in Heilongjiang Province that, in order to lawfully and severely combat crimes of cyberattacks and espionage by foreign forces and effectively safeguard national cybersecurity and the safety of people’s lives and property, the Harbin Municipal Public Security Bureau has decided to issue arrest warrants for three criminal suspects affiliated with the U.S. National Security Agency (NSA):
Katheryn A. Wilson
Robert J. Snelling
Stephen W. Johnson.
Earlier, media reports on the foreign cyberattack against the "9th Asian Winter Games Harbin 2025" drew widespread attention. The National Computer Virus Emergency Response Center and the cybersecurity team for the Asian Winter Games promptly submitted all data related to the cyberattack to the Harbin Municipal Public Security Bureau. The bureau immediately organized a technical team of experts to conduct a traceability investigation into the cyberattack. With support from relevant countries, the technical team, after persistent efforts, successfully traced the involvement of three NSA operatives and two U.S. universities in the cyberattacks targeting the Asian Winter Games.
Through layered technical tracing, the cyberattack on the Asian Winter Games was determined to be a meticulously orchestrated operation by the NSA. The entity responsible for the attack was the Office of Tailored Access Operations (TAO, codenamed S32), a division under the NSA’s Data Reconnaissance Bureau (codenamed S3) of the Information Intelligence Directorate (codenamed S). To conceal the attack’s origin and protect its cyber weapons, TAO leveraged multiple affiliated front organizations to procure IP addresses from various countries and anonymously rent a large number of network servers located in Europe, Asia, and other regions.
Investigations revealed that the NSA’s pre-event attacks primarily targeted critical systems such as the Asian Winter Games’ registration system, arrival-departure management system, and competition entry system. These systems, used for pre-event operations, stored sensitive personal information of personnel involved in the Games. The NSA sought to steal private data of participating athletes through these cyberattacks. Starting from the first ice hockey match on February 3, the NSA’s cyberattacks intensified, focusing on the event information release system (including API interfaces) and the arrival-departure management system—key operational systems for the Games. The NSA aimed to disrupt these systems and sabotage the normal functioning of the Asian Winter Games. Simultaneously, the NSA launched cyberattacks against critical sectors in Heilongjiang Province, including energy, transportation, water conservancy, telecommunications, and defense research institutes, attempting to destabilize critical information infrastructure, incite social disorder, and steal vital classified information from these fields.
The NSA’s cyber infiltration targeted specific application systems, critical information infrastructure, and key departments, employing hundreds of known and unknown attack methods. These included advanced tactics such as blind exploitation of unknown vulnerabilities, file reading vulnerabilities, short-term high-frequency directional detection attacks, backup/sensitive file and path probing attacks, and brute-force password attacks, with clear objectives and malicious intent. The technical team also discovered that during the Asian Winter Games, the NSA sent unknown encrypted bytes to multiple Microsoft Windows-based devices in Heilongjiang Province, suspected of activating pre-embedded backdoors in the operating system.
After sustained investigative efforts, the Harbin Municipal Public Security Bureau successfully identified the three NSA operatives involved in the cyberattacks. Further investigations revealed that these operatives had repeatedly launched cyberattacks against China’s critical information infrastructure and participated in attacks targeting companies such as Huawei. The technical team also found that the University of California and Virginia Tech—both with ties to the NSA—were involved in the attacks. Public records show that the University of California has been designated an Academic Center of Excellence in Cyber Defense Education by the NSA and the Department of Homeland Security since 2015. Virginia Tech, one of the U.S.’s six senior military colleges, received NSA funding in 2021 to strengthen its cyber offense and defense capabilities. The university is an NSA-certified "Center of Academic Excellence in Cyber Defense" and "Cyber Operations Research Center," long participating in NSA-funded federal scholarship programs. Additionally, it oversees the construction of cyber attack/defense training ranges for the Virginia state government.
The Harbin Municipal Public Security Bureau urged the public to actively provide leads. Informants who supply valid information to authorities and individuals who assist in apprehending the suspects will receive monetary rewards.
Xinhua News Agency, Harbin, April 15 (Reporter Xiong Feng) — On the 15th, reporters learned from the Harbin Municipal Public Security Bureau in Heilongjiang Province that, in order to lawfully and severely combat crimes of cyberattacks and espionage by foreign forces and effectively safeguard national cybersecurity and the safety of people’s lives and property, the Harbin Municipal Public Security Bureau has decided to issue arrest warrants for three criminal suspects affiliated with the U.S. National Security Agency (NSA):
Katheryn A. Wilson
Robert J. Snelling
Stephen W. Johnson.
Earlier, media reports on the foreign cyberattack against the "9th Asian Winter Games Harbin 2025" drew widespread attention. The National Computer Virus Emergency Response Center and the cybersecurity team for the Asian Winter Games promptly submitted all data related to the cyberattack to the Harbin Municipal Public Security Bureau. The bureau immediately organized a technical team of experts to conduct a traceability investigation into the cyberattack. With support from relevant countries, the technical team, after persistent efforts, successfully traced the involvement of three NSA operatives and two U.S. universities in the cyberattacks targeting the Asian Winter Games.
Through layered technical tracing, the cyberattack on the Asian Winter Games was determined to be a meticulously orchestrated operation by the NSA. The entity responsible for the attack was the Office of Tailored Access Operations (TAO, codenamed S32), a division under the NSA’s Data Reconnaissance Bureau (codenamed S3) of the Information Intelligence Directorate (codenamed S). To conceal the attack’s origin and protect its cyber weapons, TAO leveraged multiple affiliated front organizations to procure IP addresses from various countries and anonymously rent a large number of network servers located in Europe, Asia, and other regions.
Investigations revealed that the NSA’s pre-event attacks primarily targeted critical systems such as the Asian Winter Games’ registration system, arrival-departure management system, and competition entry system. These systems, used for pre-event operations, stored sensitive personal information of personnel involved in the Games. The NSA sought to steal private data of participating athletes through these cyberattacks. Starting from the first ice hockey match on February 3, the NSA’s cyberattacks intensified, focusing on the event information release system (including API interfaces) and the arrival-departure management system—key operational systems for the Games. The NSA aimed to disrupt these systems and sabotage the normal functioning of the Asian Winter Games. Simultaneously, the NSA launched cyberattacks against critical sectors in Heilongjiang Province, including energy, transportation, water conservancy, telecommunications, and defense research institutes, attempting to destabilize critical information infrastructure, incite social disorder, and steal vital classified information from these fields.
The NSA’s cyber infiltration targeted specific application systems, critical information infrastructure, and key departments, employing hundreds of known and unknown attack methods. These included advanced tactics such as blind exploitation of unknown vulnerabilities, file reading vulnerabilities, short-term high-frequency directional detection attacks, backup/sensitive file and path probing attacks, and brute-force password attacks, with clear objectives and malicious intent. The technical team also discovered that during the Asian Winter Games, the NSA sent unknown encrypted bytes to multiple Microsoft Windows-based devices in Heilongjiang Province, suspected of activating pre-embedded backdoors in the operating system.
After sustained investigative efforts, the Harbin Municipal Public Security Bureau successfully identified the three NSA operatives involved in the cyberattacks. Further investigations revealed that these operatives had repeatedly launched cyberattacks against China’s critical information infrastructure and participated in attacks targeting companies such as Huawei. The technical team also found that the University of California and Virginia Tech—both with ties to the NSA—were involved in the attacks. Public records show that the University of California has been designated an Academic Center of Excellence in Cyber Defense Education by the NSA and the Department of Homeland Security since 2015. Virginia Tech, one of the U.S.’s six senior military colleges, received NSA funding in 2021 to strengthen its cyber offense and defense capabilities. The university is an NSA-certified "Center of Academic Excellence in Cyber Defense" and "Cyber Operations Research Center," long participating in NSA-funded federal scholarship programs. Additionally, it oversees the construction of cyber attack/defense training ranges for the Virginia state government.
The Harbin Municipal Public Security Bureau urged the public to actively provide leads. Informants who supply valid information to authorities and individuals who assist in apprehending the suspects will receive monetary rewards.
Equation
Lieutenant General
Not only that, but assassinate her foreign handler, after all information are extracted.
I think this is the first time for China to want specific foreigners arrested for cyber attacks on Chinese targets. MSS has named names before but stopped short of issuing arrest warrants.
In official statement, intellectual family means her parents are high rank professor, even Academician, normally members of one of 9 democratic parties.