China lured graduate jobseekers into digital espionage

Chinese university students have been lured to work at a secretive technology company that masked the true nature of their jobs: researching western targets for espionage.

The Financial Times contacted 140 potential translators who had studied English at public universities in China. The company that they responded to job ads at was located in the south of the island of Hainan.

The application process included translation tests on documents obtained from the US government and instructions to research individuals at the university.

According to a federal indictment, Hainan Xiandun was used as a cover for the Chinese hacking group. China's Ministry of State Security ordered the infiltrating of government agencies, companies and universities in the US, Canada, Europe and the Middle East.

Three state security officials were indicted by the FBI for their alleged roles in establishing the company as a front for state-backed espionage. One of the men mentioned in the indictment is believed to be a hacker.

Prospective spies from universities are sought by Western intelligence services before they join the likes of the CIA in the US or the UK's GCHQ signals intelligence agency.

A life of espionage appears to have been drawn into the lives of Chinese graduates targeted by Xian Hainandun. There were no further details on the nature of the work that was advertised on the university websites.

The life-long consequences of this could include difficulties in living and working in western countries, a key motivation for many students who study foreign languages.

The 140 people on the leaked list of candidates were contacted by the Financial Times to confirm their applications were legit. Several of the people contacted initially confirmed their identities, but ended their phone calls when they were asked about their links to the island. Some people talked about their experience during the hiring process.

Their applications give insight into the tactics of APT40, which is known for targeting biomedical, robotic and maritime research institutions as part of wider efforts to gain knowledge of western industrial strategy and steal sensitive data.

English speakers who can identify hacking targets, cyber technicians who can access adversaries' systems and intelligence officers who can analyze the stolen material are all required to hack on that scale.

Zhang, an English language graduate who applied to Hainan Xiandun, told the FT that a recruiters instructions to find out information on the institution, including the CVs of the directors on its board, was one of the things he was asked to investigate.

The APL, a big recipient of US Department of Defense research funds, is likely to be of interest to Beijing.

The job candidates were asked to download the software. It warns that the research will involve consulting websites such as Facebook, which is banned in China and requires a Virtual Private Network, software that hides the user's location in order to gain access.

"It was very clear that this was not a translation company, and I decided not to continue with my application."

Dakota Cary is an expert in Chinese cyber espionage and was a security analyst at Georgetown University.

He said that the students will be identifying hacking targets because of the fact that they will need to use a VPNs and do their own research.

Cary, who testified earlier this year to the US-China economic and security review commission on Beijing's cyber capabilities, said that the instruction to investigate JohnsHopkins was an indication of the level of initiative and ability to acquire specialist knowledge that the translators were expected to demonstrate.

According to one security official in the region, the revelations show that theMSS was using university students as a recruiting tool.

The US secretary of state has previously condemned theMSS for building an "ecosystem of criminal contract hackers" who engage in both state sponsored activities and financially motivated cyber crime. Billions of dollars are lost to governments and businesses in stolen intellectual property, extortion and cyber defense.

The applicants were asked to translate a document from the US Office of Infrastructure Research and Development into Chinese. Prospective employees were tested on their ability to understand scientific concepts.

Cindy is an English language student from a Chinese university. After applying online, the HR person sent me a highly technical test translation. The application was stopped by her.

Adam Kozy, a former FBI official who worked at CrowdStrike, said he had not heard of western intelligence recruiting university students without giving them security clearance.

He said that theMSS liked the gray areas. It's interesting to see that they're relying on a young student workforce to do a lot of the dirty work that may have those knock on consequences later in life and most likely aren't fully explaining those potential risks.

TheMSS didn't reply to questions.

A close relationship has been established between Hainan University and Hainan Xiandun. The company was located on the first floor of the library.

English-speaking female students and Communist party members are encouraged to apply for a job in the foreign languages department. The advert has been taken down because of the questions posed by the Financial Times.

The students who won school prizes for their language skills were among the ones who held party memberships.

The FBI says that the officers of theMSS coordinated with professors and staff at universities in China to further their intelligence goals. The indictment states that personnel at a Hainan-based university helped support and manage Hainan Xiandun as a front company.

The university was accused by the FBI of assisting theMSS in identifying and recruiting hackers and linguists to "penetrate and steal" from computer networks.

"Like many technical organizations, the APL must respond to many cyber threats and take appropriate measures to continuously defend itself and its systems," said Michael Misumi, chief information officer at the APL.

Hainan University didn't reply to questions.

The names of applicants have been changed.

The Financial Times is a division of The Financial Times. The rights are not to be redistributed, copied or modified.