How Silicon Valley Became A Den Of Spies

In the fall of 1989, during the Cold War’s wan and washed-out final months, the Berlin Wall was crumbling, and so was San Francisco. The powerful Loma Prieta earthquake, the most destructive to hit the region in more than 80 years, felled entire apartment buildings.

Freeway overpasses shuddered and collapsed, swallowing cars like a sandpit. Sixty-three people were killed and thousands injured. And local Soviet spies, just like many other denizens of the Bay Area, applied for their share of the nearly $3.5 billion in relief funds allocated by President George H.W. Bush.

FBI counter-intelligence saw an opening, recalled Rick Smith, who worked on the Bureau’s San Francisco-based Soviet squad from 1972 to 1992. When they discovered that a known Soviet spy, operating under diplomatic cover, had filed a claim, Smith and several other bureau officials posed as federal employees disbursing relief funds to meet with the spy.

The goal was to compromise him with repeated payments, then to turn him. “We can offer your full claim,” Smith told the man. “Come meet us again.” He agreed.

But the second time, the suspected intel officer wasn’t alone. FBI surveillance teams reported that he was being accompanied by a Russian diplomat known to the FBI as the head of Soviet counter-intelligence in San Francisco.

Foreign spies have been showing up uninvited to San Francisco and Silicon Valley for a very long time. According to former US intelligence officials, that’s true today more than ever.

Unlike on the East Coast, foreign intel operations here aren’t as focused on the hunt for diplomatic secrets, political intelligence or war plans. The open, experimental, cosmopolitan work and business culture of Silicon Valley in particular has encouraged a newer, “softer,” “nontraditional” type of espionage, said former intelligence officials, efforts that mostly target trade secrets and technology. “It’s a very subtle form of intelligence collection that is more business connected and oriented,” one told me.

But this economic espionage is also ubiquitous. Spies “are very much part of the everyday environment” here, said this person.
 
Political espionage happens here, too. China, for example, is certainly out to steal US technology secrets, noted former intelligence officials, but it also is heavily invested in traditional political intelligence gathering, influence and perception-management operations in California.

Chinese officials, in particular, often cajole or outright threaten Chinese nationals (or US citizens with family members in China) working or studying locally to provide them with valuable technological information.

Tech firms, especially start-ups, lack incentives to report potential espionage to US officials; and businesses and universities are often ignorant about the espionage threat, or so attuned to local political sensitivities they may fear being accused of stereotyping if they attempt to institute more stringent defensive security and screening measures.

As Silicon Valley continues to take over the world, the local spy war will only get hotter, and the consequences will resonate far beyond Northern California. This story is based on extensive conversations with more than half a dozen former intelligence community officials with direct knowledge of, or experience with, US counter-intelligence activities in the Bay Area.

Russian intelligence has had an intensive interest in San Francisco stretching back to the beginning of the Cold War. In those days, the Russians were primarily gathering information on local military installations, said former officials, including the Presidio, the strategically located former military base, set on a wind-swept northern tip of the San Francisco, peninsula overlooking the Golden Gate Bridge.

As the Bay Area transformed itself into a tech hub, Russia adapted its efforts accordingly, with Russian spies increasingly focused on obtaining information on valuable, sensitive or potentially dual-use technologies, those with both civilian and military applications, being developed or financed by companies or venture-capital firms based in the region.

Russia’s espionage activities have traditionally been centered on its San Francisco Consulate, which was forcibly closed by the Trump administration in early September 2017.

But even with the consulate shuttered, there are alternative vehicles for Russian intelligence-gathering in Silicon Valley. One potential mechanism, said three former intelligence officials, is Rusnano USA, the sole US subsidiary of Rusnano, a Russian government-owned venture capital firm primarily focused on nanotechnology. Rusnano USA, which was founded in 2011, is located in Menlo Park, near Stanford University.

“Some of the potential intelligence-gathering activities Rusnano USA was involved in were not only related to the acquisition of technology, but also inserting people into venture capital groups, in developing those relationships in Silicon Valley that allowed them to get their tentacles into everything,” one former intelligence official told me. “And Rusnano USA was kind of the mechanism for that.”

Rusnano’s interests, said this former official, have extended to technology with both civilian and potential military applications. US intelligence officials were very concerned about contacts between Rusnano USA employees and suspected Russian intelligence officers based at Russia’s San Francisco Consulate and elsewhere, this person said.

“The Russians treated [Rusnano USA] as an intelligence platform, from which they launched operations,” said another former US intelligence official. (Rusnano USA and the Russian Embassy in Washington, did not respond to requests for comment.)

Russia also employs older, tried-and-true methods locally. Intel officials have suspected that Russian spies were enlisting local high-end Russian and Eastern European prostitutes, in a classic Russian “honeypot” maneuver, to gather information from (and on) Bay Area tech and venture-capital executives.

Sex workers targeting executives at high-end bars and nightclubs such as the Rosewood Sand Hill, an ultra-luxury hotel located near many of Silicon Valley’s top financial firms, infamous for its raucous, hook-up oriented Thursday nights, the Redwood Room, a tony bar located in the Clift Hotel in downtown San Francisco, and other spots have been identified as potentially reporting back to Russian intel officers, said another former official.

“If I were a Russian intelligence officer, and I knew that these high-end girls were dragging CEOs of major companies back to their rooms, I’d be paying them for info too,” said this person. “It’s that whole idea of concentric rings: You don’t need to be on the inside, you just need somebody on the inside that you have access to.”

Russia’s interference in the 2016 presidential election has given Putin’s regime an outsized role in the national conversation on espionage. But talk to former intel officials, and many will say that China poses an equal, if not greater, long-term threat.

“The Chinese just have vast resources,” said Kathleen Puckett, who worked counterintelligence in the Bay Area from 1979 to 2007.

Because of California’s economic and political importance, as well as its large, well-established, and influential émigré and Chinese-American communities, the People’s Republic places great weight on its intelligence activities here, said multiple former intelligence officials.

Indeed, two told me that California is the only US state to which the Ministry of State Security, China’s main foreign intelligence agency, has had a dedicated unit, focused on political intelligence and influence operations. (China has had a similar unit for Washington.)

And if California is elevated among Chinese interests, San Francisco is like “nirvana” to the MSS, said one former official, because of the potential to target community leaders and local politicians who may later become mayors, governors or congressmen. Their efforts are becoming increasingly sophisticated.

Sometimes these recruitment efforts have been successful. According to four former intelligence officials, in the 2000s, a staffer in Senator Dianne Feinstein’s San Francisco field office was reporting back to the MSS. While this person, who was a liaison to the local Chinese community, was fired, charges were never filed against him.

Or take the case of Rose Pak. Pak, who died in September 2016, was for decades one of San Francisco’s preeminent political power brokers. Though she never held elective office, she was famous for making and unmaking mayors, city councilmen (or “supervisors,” as they’re known in San Francisco), and pushing city contracts to her allies and constituents in Chinatown.

According to four former intelligence officials, there were widespread concerns that Pak had been co-opted by Chinese intelligence, and was wielding influence over San Francisco politics in ways purposefully beneficial to the Chinese government.

Another worry, US officials said, was Pak’s role in organising numerous junkets to China, sometimes led by Pak in person and attended (often multiple times) by many prominent Bay Area politicians, including former San Francisco Mayor Ed Lee, who died while in office in 2017.

Political junkets are used by Chinese intelligence for surveillance (“every single hotel room is bugged,” one former official said) and collection purposes, as well as for spotting and assessing potential recruits, said former intel officials. (There is no indication that Pak herself participated in, or had knowledge of, specific intelligence-gathering efforts.)

Concerns about Pak’s links to the Chinese Communist Party occasionally percolated into local political debate, but the intelligence community’s identification of Pak as a likely agent of influence for Beijing is being reported here for the first time.

Occasionally, Chinese intelligence activities in San Francisco burst into plain view. Consider the story, and it is an incredible one, also told here for the first time, of the 2008 Olympic Torch Run.

San Francisco was the only US city to host the Olympic torch as it made its way, tortuously, to Beijing. And Chinese officials were very concerned about disruptions to the run by protesters, as well as in managing the image China projected to the rest of the world in the run-up to the games.

US officials watched as Chinese intelligence officers filmed Tibetan monks on their march across the Golden Gate Bridge, and known Chinese spies surveilled a pro-Tibet rally downtown featuring Desmond Tutu and Richard Gere. Chinese spies also recorded participants in a Falun Gong rally in Union Square, and shot footage of protestors at the torch run itself.

Most brazenly, said former intelligence agents, Chinese officials bussed in 6,000-8,000 J-Visa holding students, threatening them with the loss of Chinese government funding, from across California to disrupt Falun Gong, Tibetan, Uighur and pro-democracy protesters. (They even provided these students with a box lunch.) “I’m not sure they would have pulled out these stops in any other city, but San Francisco is special” to China, said a former senior US official.

Counter-intelligence officers possessed advance knowledge about some aspects of this operation and observed Chinese intelligence officers, who often wore earpieces connected to a radio, managing the movements of counter protesters, directing blocs of pro-PRC students to intimidate, disrupt and overwhelm anti-Beijing protesters across the parade route.

When it comes to economic espionage in particular, Chinese intelligence employs a more decentralised strategy than Russia does, former intelligence officials told me. China draws from a much larger population pool to achieve its objectives, using opportunistic businessmen, ardent nationalists, students, travelers and others alike.

The July 2018 arrest of Silicon Valley-based Apple employee Xiaolang Zhang, who allegedly stole proprietary information about Apple’s self-driving car program to benefit his new employer, a China-based competitor, appears to fit this pattern. (Zhang was charged with theft of trade secrets and has not been accused of any espionage-related crimes. He maintains his innocence.)

In other words, the paramount Chinese interest was finding out the extent of the US officials’ knowledge about China’s own intelligence operatives, and in adjusting their behavior accordingly. “If in fact the person in question was Chinese intelligence,” said this former official, “they could then alter their approach.” This strategy began being observed during a hack of Google, said two former officials, that occurred about a decade ago.

While China and Russia demand the lion’s share of counterintelligence resources in the Bay Area, a number of friendly intelligence services are also active in Silicon Valley, said former intelligence officials. South Korea, according to one, has become “formidable” in the realm of economic espionage, with particular sophistication in cyberespionage.

Israel is also active in the Bay Area, but it’s complicated. According to one former intelligence official, Israel has “a culture that facilitates and encourages acquisition of targeted companies”, in other words, it will use information it has gathered locally to cajole or incentivise private Israeli firms to purchase specific start-ups or other Silicon Valley-based tech companies. Throughout the 2000s, said former officials, French intelligence employed a similar strategy.

Silicon Valley firms continue to downplay, or outright conceal, the extent to which the theft of trade secrets and other acts of economic espionage occur, said multiple former officials. “Coming forward and saying you didn’t have controls in place, that totally impacts shareholder or investor value,” noted one former intelligence official.

The open, start-up culture in the Bay Area has also complicated US counterintelligence efforts, said former officials, because Russian and Chinese operatives have an easier time infiltrating organisations without any security systems or hierarchies in place.

These services like penetrating young companies and start-ups, noted one former official, because “it’s always better to get in at the ground floor” when seeking to pilfer valuable information or technology.

The exorbitant cost of living in Silicon Valley, however, means that opportunities for tech employees, and potential spies or co-optees, to “get in at the ground floor” are becoming increasingly uncommon. The tech industry, chasing talent and lower overhead, is now spread more widely across the country than ever before.

But spies will never leave Silicon Valley. As the region’s global clout grows, so will its magnet-like attraction for the world’s spooks. As one former US intelligence official put it, spies are pulled toward the Bay Area “like moths to the light.” And the region will help define the struggle for global preeminence, especially between the United States and China, for decades to come.

Politico

You Might Also Read:

The Impact Of Economic Espionage:

Slingshot: Avoiding Sophisticated Cyber Espionage:

Now China Tells US To Stop Spying:

« One Answer To Cyber Attacks Is To Hack Back
What Is Stuxnet And Who Created It? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

SABSACourses

SABSACourses

SABSA is a development process used for solving complex problems such as IT Operations, Risk Management, Compliance & Audit functions.

AppRiver

AppRiver

AppRiver is a global provider of cloud-based email and web security solutions that protect businesses worldwide from today's ever-changing online threats.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

Quality Professionals (Q-Pros)

Quality Professionals (Q-Pros)

QPros are a recognized leader in providing full-cycle software quality assurance and application testing services.

Actiphy

Actiphy

Actiphy provides a tried and proven backup and disaster recovery software solution to ensure business continuity at all times.

Dragos

Dragos

Dragos has built the first industrial cybersecurity ecosystem, the ultimate security defense.

IDnow

IDnow

IDnow is the world’s fastest, most flexible and most secure identity verification platform, delivering instant verification of the identity documents used by 7 billion people.

Valire Software

Valire Software

Valire provide a solution for the automated detection of internal fraud.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

Yogosha

Yogosha

Yogosha is a crowdsourced cybersecurity platform enabling a win-win collaboration with the most talented hackers to detect and fix vulnerabilities on your most critical systems.

Rimstorm

Rimstorm

Rimstorm’s mission is to significantly improve the security of your data using award-winning, state-of-the-art technology combined with cyber managed security services.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

Tuta

Tuta

Tuta (formerly Tutanota) is an all-in-one email, calendar and contacts app which protects your data with full end-to-end encryption and it requires zero personal information.

Cytidel

Cytidel

Cytidel is a vulnerability and risk management platform that utilises threat and business intelligence to help IT Security teams.

NeuroID

NeuroID

NeuroID combines the power of industry-leading behavioral analytics with advanced device and network intelligence to create your first line of defense against malicious bots, bad actors, and fraud.