Some Chinese college students work in a secret technology society that has masked the true nature of the business from them: to seek out Western espionage targets and translate hacked documents.
The Financial Times identified and contacted 140 potential translators, mostly recent graduates who studied English at public universities in Hainan, Sichuan and Xi'an. They had responded to job advertisements from the IT company Hainan Xiandun, located on the southern tropical island of Hainan.
The application process included translation tests on sensitive documents taken by U.S. government agencies and instructions to search for individuals at the Johns Hopkins University.
On the Hainan Xiandun pending a 2021 U.S. federal indictment of being a cover for the Chinese hacker group, APT40, notoriously very close to the central government. Western intelligence agencies have accused APT40 of infiltrating government agencies, companies and universities in the United States, Canada, Europe and the Middle East.
THEFBI tried to stop the activities of Hainan Xiandun last July indicting three state security officials with cyber fraud: Ding Xiaoyang, Cheng Qingmin e Zhu Yunmin.
It is believed that another man named in the indictment, Wu Shurong, and a hacker who helped supervise and hire Hainan Xiandun employees. Western intelligence services are also looking for potential spies from universities by X-raying candidates who have undergone rigorous screening and training. A process that identifies the future 007s of the CIA in the United States or of the COMSEC / INFOSEC agency, the GCHQ of the United Kingdom.
But the Chinese graduates targeted by Hainan Xiandun appear to have been unwittingly involved in the life of espionage. The company's job advertisements were posted on university websites with the slogan: “translators sought” without further explanation of the nature of the work.
This could have lifelong consequences, as people identified as MSS employees through their work for Hainan Xiandun are likely to encounter difficulties in living and then working in Western countries.
The FT contacted all 140 people from a list of candidates leaked by some complacent security officials. Many of those contacted initially confirmed their identity, but cut off the call after being asked about their connections to Hainan Xiandun.
Some spoke about the hiring process and some tactics of the pro-government hacking group APT40, known for targeting biomedical, robotics and maritime research institutes as part of efforts to gain insights into Western industrial strategy and steal sensitive data.
Hacking on such a scale requires a huge English-speaking workforce to help identify the targets of the hack, computer technicians who can access adversaries' systems, and intelligence officials to analyze the stolen material.
Zhang, an English-language graduate who applied for Hainan Xiandun, told the FT that a recruiter had asked him to go beyond conventional translation duties by doing research at the Johns Hopkins Applied Physics Laboratory, with instructions for finding information about the institution, including CVs of its board directors, the architecture of the building, and details of the research contracts it had entered into with clients.
The APL, a large recipient of US Department of Defense research funds, is likely to be of considerable intelligence interest to Beijing and the people who work there as prime hacking targets.
The recruitment instructions document asks candidates to download a "software to circumvent the Great Firewall". The research involves consulting websites such as Facebook, which is banned in China and therefore requires the next hires to have a VPN.
"It was very clear that this was not a translation company "he said Zhang, who has decided not to continue with his application. Dakota Cary, a Chinese cyber espionage expert and former security analyst at Georgetown University, said student translators would likely help in finding organizations or individuals who might be useful sources of sensitive information.
"The fact that you will have to use a VPN, that you will have to do your research and that you will need good language skills, all tells me that these students will identify hacking targets ", he said. Cary, who testified earlier this year to the US-China Economic and Security Review Commission on Beijing's cyber capabilities, said the order to investigate the Johns Hopkins it was an indicator of the high level of capacity required of translators.
A security official in the region said the revelations were evidence that the MSS was using students as a "recruiting tool" for its espionage activities.
Antony blinken, US secretary of state, previously condemned the MSS for building a "criminal contract hacker ecosystem"Who engage in both state-sponsored activities and financially motivated cybercrime.
Blinken added that these hackers cost governments and companies "billions of dollars" in stolen intellectual property, ransom payments and cyber defenses.
Hainan Xiandun requested to translate a document from the United States Office of Infrastructure Research and Development containing technical explanations on the prevention of corrosion of transport networks and infrastructures. This is to test their ability to interpret complex scientific concepts and terminology.
"It was a very strange process"said Cindy, an English-speaking student at a respected Chinese university. "I applied online and then the HR person sent me a highly technical test translation." He has decided not to continue.
Adam Kozy, a former FBI official who worked at the cybersecurity firm CrowdStrike, said he hadn't heard of Western intelligence recruiting college students without being granted security clearance to collect information.
"MSS do everything very informally and they like gray areas", He said. "Interestingly, they rely on a young student workforce to do a lot of the dirty work that could have those ripple effects later in life and most likely don't fully explain these unsuspecting students the potential risks. ".
Hainan Xiandun has solicited applications on university recruiting sites and appears to have a close relationship with the University of Hainan. The company was registered on the first floor of the university library, home to the students' computer room.
A job posting on the university's foreign language department website called for applications from English-speaking students. The announcement was canceled due to requests from the FT.
The MSS and the University of Hainan did not respond to requests for comment from the FT, which instead changed the names of the interviewed candidates to protect their identity.