← Back to Library
Wikipedia Deep Dive

Chinese espionage in the United States

16 min read

Based on Wikipedia: Chinese espionage in the United States

The Spy Who Ate Dumplings

In 2017, a Chinese dissident named Guo Wengui received unexpected visitors at his New York apartment. Two officials from China's Ministry of State Security had entered the United States on transit visas, claiming to be cultural affairs diplomats. Their actual mission was to convince Guo to return to China and face prosecution.

Guo agreed to meet with them, partly out of gratitude—one of the officials had previously helped bring his wife to America. But he also recorded everything and alerted the Federal Bureau of Investigation.

What happened next reads like a scene from a spy novel that couldn't quite commit to being serious.

FBI agents confronted the Chinese officials at Pennsylvania Station. Under questioning, the men dropped their cultural diplomat cover and admitted to being security officers. They received a warning and were ordered to leave the country. Two days later, they showed up at Guo's apartment again. This time, they ate dumplings prepared by Guo's wife while making one final offer: silence in exchange for clemency. Guo walked them out of the building after declining.

The FBI was watching. Agents prepared to arrest the officials at John F. Kennedy International Airport on charges of visa fraud and extortion. But the State Department intervened—a diplomatic crisis wasn't worth it. The officials boarded their Air China flight, though not before the FBI confiscated their phones.

This strange episode captures something essential about Chinese espionage operations in the United States: they are simultaneously sophisticated and brazen, patient and clumsy, deadly serious and occasionally absurd. And they are happening at a scale that dwarfs anything else the FBI deals with.

The Numbers Are Staggering

Every ten hours, the FBI opens a new counterintelligence case related to China.

Let that sink in. By the time you've had a full night's sleep, eaten breakfast, and made it through your morning meetings, American investigators have identified another suspected Chinese intelligence operation worth dedicating federal resources to investigate.

In July 2020, FBI Director Christopher Wray called China "the greatest long-term threat" to the United States. At that time, nearly half of the Bureau's roughly five thousand active counterintelligence cases involved China. The Center for Strategic and International Studies documented 224 reported instances of Chinese spying between 2000 and 2023.

But these numbers only capture what gets detected and reported. The actual scale of intelligence gathering is almost certainly much larger.

Michael Orlando, acting director of the National Counterintelligence and Security Center, estimated in 2021 that China steals between $200 billion and $600 billion worth of American intellectual property every year. That range—a $400 billion uncertainty—gives you a sense of how difficult it is to measure something designed to remain invisible.

A Different Kind of Spying

When Americans think of espionage, we tend to imagine James Bond or Jason Bourne: lone operatives with fake passports and concealed weapons, stealing launch codes or assassinating targets. Chinese intelligence operations rarely look like this.

Instead, China employs what might be called the "thousand grains of sand" approach. Rather than relying on a few highly trained spies to steal complete secrets, China tasks enormous numbers of ordinary people—students, businesspeople, tourists, researchers—to each collect small pieces of information. Individually, these pieces seem harmless: an unclassified research paper here, a casual conversation with an engineer there, some publicly available technical specifications somewhere else.

Collated and analyzed together, these fragments form a surprisingly complete picture.

This approach offers significant advantages. Individual collectors can easily escape suspicion because they're not doing anything obviously illegal. A Chinese graduate student asking questions about a professor's research at an American university looks like intellectual curiosity, not espionage. A businessman requesting technical documentation from a potential partner looks like due diligence, not theft.

And if any single grain of sand gets discovered, the loss is minimal. The overall collection effort continues.

The Business of Stealing

One of China's most effective intelligence-gathering mechanisms isn't covert at all. It's built directly into the experience of doing business in the country.

Foreign companies wanting access to China's massive consumer market face intense regulatory and commercial pressure to transfer technology, capital, and manufacturing expertise to Chinese partners. This is especially true in defense-related or dual-use industries—those producing goods that have both civilian and military applications, like advanced computers or communications equipment.

The bargain is straightforward if unstated: Want to sell to 1.4 billion Chinese consumers? Share your secrets first.

This creates an impossible situation for American companies. Refusing means surrendering an enormous market to competitors willing to make the trade. Accepting means handing over innovations that cost billions to develop, often to state-connected firms that can use them to compete against you globally.

When direct pressure doesn't work, front organizations fill the gap. Chinese agents have established companies in Hong Kong that purchase high-tech equipment and route it back to China, circumventing export controls. State-run enterprises acquire American companies outright, gaining access to their technology through ownership rather than theft.

The line between commerce and espionage blurs into irrelevance.

Traditional Spies Still Exist

For all the innovation in collection methods, China still runs traditional espionage operations with recruited agents, dead drops, and encrypted communications.

Larry Wu-tai Chin worked for the Central Intelligence Agency as a translator for over thirty years while secretly passing classified documents to China. Katrina Leung, known by the codename "Parlor Maid," was an FBI informant who was actually a double agent for the Ministry of State Security. Chi Mak, a naturalized American citizen working for a defense contractor in California, was caught transmitting information about Navy submarine propulsion systems to China.

These cases follow familiar spy-story patterns: individuals with access to valuable information, motivated by money or ideology or coercion, secretly serving a foreign power.

What makes Chinese recruitment distinctive is its willingness to target ethnic Chinese living abroad. Chinese citizens can be coerced into cooperation through threats to family members still in China. Chinese Americans might be approached on the basis of ethnic solidarity or cultural loyalty, with appeals to help the "motherland" modernize and develop.

This ethnic targeting creates real problems. It risks stigmatizing an entire community for the actions of a small number of individuals. But it also reflects a genuine pattern in how Chinese intelligence services operate.

The Nuclear Dimension

In 1999, the United States House of Representatives published what became known as the Cox Report, named after the California congressman who led the investigation. Its conclusions were alarming.

China, the report warned, had stolen classified information on every thermonuclear warhead in America's intercontinental ballistic missile arsenal.

The list reads like an inventory of the country's nuclear deterrent: the W-56 warhead on the Minuteman II, the W-62 and W-78 on the Minuteman III, the W-70 on the Lance short-range missile, the W-76 on the Trident C-4 submarine-launched missile, the W-87 on the Peacekeeper, and the W-88 on the Trident D-5.

Beyond specific warhead designs, China obtained broader weapon-design concepts and features—the underlying principles that make thermonuclear weapons work.

Investigators traced much of this intelligence gathering to America's national laboratories, the facilities where nuclear weapons were developed during and after World War II. Los Alamos in New Mexico, where the first atomic bombs were built as part of the Manhattan Project. Lawrence Livermore in California. Sandia and Oak Ridge.

These laboratories present a particularly difficult security challenge. Their mission requires bringing together brilliant scientists to work on cutting-edge problems. That same openness to collaboration and intellectual exchange creates opportunities for intelligence collection.

A 2022 report found that over two decades, China had recruited at least 154 Chinese scientists from Los Alamos National Laboratory to support military technology development that threatens American national security. Not 154 suspected recruitments. At least 154 confirmed ones.

The Digital Battlefield

Cyber espionage has become the dominant method of Chinese intelligence collection. The FBI states bluntly that China operates the world's largest hacking program, larger than all other foreign governments combined.

The infrastructure is massive. A former FBI head of counterintelligence described "tens of thousands of young kids—like our MIT's or Stanford's best—hacking against the US." Some work full-time as government employees. Others work part-time, contributing to operations while maintaining civilian careers.

In January 2010, Google publicly revealed what it called "a highly sophisticated and targeted attack on our corporate infrastructure originating from China." The hackers had stolen intellectual property and specifically targeted the Gmail accounts of Chinese human-rights activists. Google eventually named the operation Aurora. At least 34 other major companies were hit in the same campaign, including Yahoo, Adobe, Northrop Grumman, and Dow Chemical.

Three years later, The New York Times disclosed that it had been the victim of Chinese hacking for four months following its publication of an article investigating the personal wealth of Prime Minister Wen Jiabao. The attacks appeared to be part of a broader campaign targeting American news media companies that had reported on Chinese leaders.

The targets reveal strategic priorities. Attacks on defense contractors seek weapons-systems information. Attacks on technology companies seek source code. When Chinese industry lags in a particular area, cyber operations target companies leading in that field.

Salt Typhoon and the Telecom Breach

In September 2024, security researchers publicly revealed that an advanced persistent threat affiliated with the Ministry of State Security—a hacking group with ongoing access to targeted systems—had penetrated multiple American internet service providers.

The group, known as Salt Typhoon, attempted to access the phones of staff working on Kamala Harris's presidential campaign, as well as those of Donald Trump and his running mate JD Vance.

Then the story got worse.

In October 2024, The Washington Post reported that Salt Typhoon had compromised systems used to track federal wiretap requests. Think about what this means: the hackers potentially gained access not just to the communications infrastructure, but to the surveillance infrastructure built on top of it. They could see who American law enforcement was monitoring.

The federal government formed a multi-agency team to respond. This is the context in which companies like Cape, the "privacy-first mobile carrier" mentioned in the related article about secure telecommunications, are trying to build alternatives to compromised infrastructure.

Salt Typhoon wasn't alone. Earlier in 2024, authorities disrupted operations by another Chinese group called Volt Typhoon that had been targeting critical infrastructure more broadly.

Operation Fox Hunt

Not all Chinese operations in the United States target secrets. Some target people.

Operation Fox Hunt began as an anti-corruption campaign, an effort to track down Chinese officials and businesspeople who had fled abroad with stolen assets. The goal was ostensibly to return them to China to face prosecution for economic crimes.

But the operation expanded far beyond financial fugitives. By 2021, ProPublica reported that Fox Hunt was targeting Tibetans, Hong Kongers, followers of the Falun Gong religious movement, and Uyghurs—ethnic and religious minorities that the Chinese government views as threats.

The methods were brazen. A team of Communist Party operatives and police based in Wuhan roamed the United States, pressuring Chinese immigrant communities. They stalked targets openly. They hired American private investigators to locate people. They sued targets in American courts as a harassment tactic.

When targets refused to cooperate, the threats escalated.

FBI Director Wray described one case in October 2020: "When it couldn't locate a Fox Hunt target, the Chinese government sent an emissary to visit the victim's family here in the United States. And the message they said to pass on? The target had two options: Return to China promptly or commit suicide."

Family members both in America and China faced threats and coercion. Those with relatives still in China were particularly vulnerable—the government could arrest family members as leverage, holding them essentially hostage until the target complied.

Politicians in the Crosshairs

In 2015, the FBI gave Representative Eric Swalwell of California what's called a "defensive briefing." The purpose was to inform him that a woman he knew was suspected of being a Chinese intelligence officer.

Swalwell serves on the House Permanent Select Committee on Intelligence, one of the most sensitive positions in Congress. The suspected spy, working as a clandestine officer of the Ministry of State Security, had previously participated in fundraising for Swalwell's 2014 congressional campaign and helped place an intern in his office.

Swalwell cut off contact with the woman after the FBI warning. But the fact that a member of the intelligence committee had been targeted—and successfully, for a time—illustrated how Chinese operations reach into sensitive positions.

Senator Dianne Feinstein had a similar experience. In 2013, she learned that a driver on her staff was being investigated for possible Chinese spying. The man had worked for her for several years before visiting China, where he was recruited by the Ministry of State Security. The FBI ultimately concluded that he hadn't revealed anything of substance, but he had access to the Senator's schedule, conversations, and contacts throughout that period.

The Asymmetry Problem

What makes Chinese espionage so difficult to counter isn't any single tactic. It's the cumulative effect of all of them operating simultaneously.

Traditional espionage with recruited agents. Cyber operations stealing data directly from networks. Pressure on businesses to transfer technology. Acquisition of American companies. Recruitment of scientists at national laboratories. Harassment campaigns against dissidents. Infiltration of political staffs.

Each method reinforces the others. Information gathered through cyber espionage identifies targets for human recruitment. Business relationships provide cover for intelligence activities. Scientists working at American institutions return to China carrying knowledge in their heads that no export control can stop.

The FBI can open a new case every ten hours and still fall behind. As Director Wray said in 2022: "Just using cyber means, Chinese government hackers have stolen more of our personal and corporate data than every other nation combined."

The harm compounds over time. American companies fail or fall behind because competitors operate with stolen technology. Jobs disappear. Innovation migrates. What was once a lead becomes a lag.

A Historical Note

Chinese intelligence operations targeting the United States aren't exclusively a product of the People's Republic. During Taiwan's martial law period from 1949 to 1987, the Republic of China government on Taiwan spied on its own citizens living abroad, particularly in the United States.

This surveillance focused on potential dissidents—people who might organize opposition to the Kuomintang government from the safety of American soil. It was authoritarian monitoring of a diaspora community, not strategic intelligence collection against the United States.

But it established patterns of targeting ethnic Chinese living in America that later operations would follow.

The Eighteenth Bureau

Within the Ministry of State Security, the eighteenth bureau is dedicated specifically to espionage against the United States. This isn't just one of many targets; the United States gets its own bureau.

According to analysts who study Chinese intelligence structures, collection activities focus on states with major educational, research, and manufacturing centers: Massachusetts with its concentration of universities and tech companies. Michigan with its automotive industry. New York and New Jersey with their financial sectors. Pennsylvania with its industrial base. Texas with its energy and aerospace companies. Florida with its defense contractors and research institutions.

A 2025 study found that a Chinese government-backed operation has been targeting laid-off federal employees through fake job websites and LinkedIn profiles. When someone loses their government job, they become vulnerable—financially stressed, possibly resentful, looking for new opportunities. The intelligence approach is to catch them at that moment.

Data broker companies, the often-shadowy firms that collect and sell personal information about Americans, are also targets. Why spend resources identifying intelligence targets individually when you can simply buy databases containing millions of profiles?

The 2015 Hack That Changed Everything

In June 2015, the Office of Personnel Management—the federal agency that manages the civilian workforce of the United States government—disclosed that it had been breached.

The hackers had obtained personnel records for 4.2 million current and former government employees. Then a second breach was discovered. This one had taken background investigation records used for security clearances. The final tally: personal information on 21.5 million people, including Social Security numbers, residency histories, employment histories, and information about family members and associates.

The background investigation records were particularly damaging. Security clearances require applicants to disclose foreign contacts, financial difficulties, mental health treatment, drug use, and other potentially compromising information. This is exactly the kind of data an intelligence service would use to identify recruitment targets—people with access to sensitive information who might be vulnerable to coercion or inducement.

China was widely blamed for the breach, though the government never officially attributed it. The stolen data created a strategic advantage that will persist for decades. Those 21.5 million people don't stop being vulnerable because the breach was discovered.

What It All Means

The scale and persistence of Chinese intelligence operations against the United States reflect strategic priorities. China is attempting to modernize rapidly, closing technological gaps with Western nations in fields ranging from semiconductors to aerospace to biotechnology. It's also attempting to prevent domestic threats to Communist Party rule, which means monitoring and controlling diaspora communities abroad.

Espionage serves both goals. Stolen technology accelerates development. Intimidation of dissidents extends political control beyond China's borders.

The United States faces a genuine dilemma. The openness that makes American universities, research institutions, and companies innovative also makes them vulnerable to collection. Academic collaboration produces breakthroughs; it also creates opportunities for knowledge transfer. Business relationships generate profits; they also generate dependencies that can be exploited.

There's no simple solution. Closing off all collaboration with China would sacrifice real benefits and likely fail anyway—the thousand grains of sand approach is designed precisely to slip through restrictive measures. But tolerating the current level of intelligence collection means accepting ongoing losses of technology, influence, and competitive advantage.

The dumpling-eating spies who visited Guo Wengui were eventually sent home with little consequence. The hack that stole background investigation records for 21.5 million Americans produced no extradition, no prosecution, no real penalty. The cases that do result in convictions—a scientist here, a businessman there—represent a tiny fraction of the overall activity.

The game continues. Every ten hours, another case opens. The sand keeps flowing.

View original Wikipedia article →

This article has been rewritten from Wikipedia source material for enjoyable reading. Content may have been condensed, restructured, or simplified.

Related Articles

This deep dive was written in connection with these articles: