Armed Conflict Cybersecurity & Tech Intelligence

The Coronavirus Games: A Geopolitical Spy Story

Bill Priestap, Holden Triplett
Wednesday, January 13, 2021, 9:18 AM

Around the world, spies are being used to respond to the pandemic by collecting information and equipment, engaging in information warfare, and exploiting contact-tracing platforms. 

Army Spc. Angel Laureano holds a vial of the COVID-19 vaccine, Walter Reed National Military Medical Center, Bethesda, Md., Dec. 14, 2020. (DoD photo by Lisa Ferdinando)

Published by The Lawfare Institute
in Cooperation With

The coronavirus pandemic offered an opportunity for cooperation and coordination among nations. Early on, the World Health Organization (WHO) in coordination with other organizations, created a worldwide cooperative initiative, including the COVAX effort to provide a vaccine to developing countries. Most nations chose to support or participate in this effort—the United States being a notable exception. But outside of that endeavor and some other ad hoc efforts, cooperation has largely been wanting. And it should come as no surprise that over the past year many nations have used their intelligence services to respond to, and take advantage of, the crisis.

The acute nature of the pandemic has transformed many global institutions into forums for competition rather than cooperation. The WHO is a prime example: Both China and the United States have used the organization to score political points. Similarly, commercial relationships that previously bound some nations together are now seen as a potential vulnerability by them.

Reportedly, the spy services of more than a dozen nations are engaged in espionage activities related to the coronavirus, targeting more than 20 different countries. As we write this, spies are being used to collect information and equipment, engage in information warfare, and exploit contact-tracing platforms.

Collecting Information

Intelligence services are often tasked with obtaining information about how other nations are responding to crises, and the pandemic is no exception. Nations have an insatiable desire for information about the virus—how it is spread, where it is spreading and how it might be stopped. Given the highly integrated nature of the world’s population, the progression of and response to the pandemic in one nation could greatly affect the outcome in another. This is why North Korea, which officially still has zero coronavirus cases, has been the subject of intense interest from South Korean spies. Most likely, the interest stems less from a concern that North Koreans could eventually spread the coronavirus to South Korea and more from concern that, unchecked, the virus could cause massive problems within North Korea. A flood of defectors sick with COVID-19, the respiratory disease caused by the coronavirus, and seeking to cross the 38th parallel could destabilize both countries.

Of course, vaccine-related information is of particular interest to intelligence services. Chinese, Russian and North Korean hackers have all been called out over the past several months for their attempts to break into organizations developing vaccines, including Pfizer and Moderna. More recently, reports emerged that the Mossad, Israel’s external intelligence agency, had acquired the vaccine developed by China.

In the past few weeks, IBM identified a cyber intrusion of unknown origin attempting to gather information on the “cold chain,” the network responsible for transporting vaccines that require especially cold storage to remain viable. The campaign involved phishing emails, purportedly sent from someone impersonating an executive of a Chinese company, to a diverse set of cold chain organizations—including the European Commission’s Directorate General Taxation and Customs Union; companies involved in manufacturing solar panels, which are used for power in the cold chain; a software development company; and a website development company that supports various other companies involved in the consortium.

Intelligence services have also tried to recruit researchers from other countries in an attempt not only to obtain their underlying research regarding the coronavirus and a possible vaccine, but also to utilize those researchers to deal with myriad problems. Research, like any data set, is of limited value if it doesn’t address specific questions. Spying is about the pursuit of knowledge. And people are the ultimate source of that knowledge. Recruiting people who conducted the research and asking them about their country’s virology program or vaccine efforts is invaluable.

Collecting Equipment

The highly integrated nature of the world’s supply chains means that a simultaneous and uncoordinated worldwide demand for critical equipment could cause a shortage. This is why some intelligence services actively procured vital equipment such as personal protective equipment (PPE) or testing kits around the world, in an effort to ensure their countries weren’t left without a supply. The Mossad, in a rare example of transparency, admitted that it secured medical equipment from abroad, including ventilators, N95 masks, surgical masks, goggles, virus test kits, and a range of medications and expertise. The agency apparently also obtained “manufacturing technology” related to producing medical equipment from unnamed countries. According to one report, at least some of this equipment came from China, which executed its own, much more comprehensive PPE procurement program.

The United Front Work Department (UFWD) reports directly to the Chinese Communist Party’s (CCP) Central Committee. Although the UFWD is not an intelligence agency in a strict definition of the term, it often performs influence operations that in other countries would be the purview of an intelligence agency. In the early days of the pandemic, it was tasked with gathering available PPE worldwide and sending it to China. In just over a month, it collected and shipped to China 2.5 billion pieces of protective equipment.

Around this same time, China also began claiming for itself all output produced by local mask factories—including the output of 3M, an American company with a China-based factory. Purportedly, 3M’s factory in China served mostly the Chinese market, but in a global market the effect of such hoarding can be dramatic. Later, the United States, India, Turkey, Germany and at least 64 other nations placed restrictions on the export of protective equipment and other medical devices.

Engaging in Information Warfare

The most dramatic example of the use of information warfare came early on in the pandemic, in the form of a disinformation campaign from the Chinese government. In March, the official spokesperson of the Chinese Ministry of Foreign Affairs tweeted that the U.S. Army may have been the original source of the coronavirus in Wuhan. Chinese embassies and consulates around the globe then repeated that message on their Twitter accounts. China Global Television Network (CGTN) Arabic, a Chinese state-controlled media organization, created a video targeted at Middle Eastern viewers that gave credence to this conspiracy theory.

This campaign may have been a response to an accusation made by various members of the U.S. government that the virus was intentionally or accidentally released from a virology lab in Wuhan—but it also helped obfuscate some of the Chinese government’s serious errors in the early days of the pandemic by shifting blame to an outside entity. The ongoing campaign is likely intended as much for domestic Chinese audiences as for foreign ones.

China has also suggested that authoritarian countries responded to the pandemic more effectively than democratic countries. Specifically, Chinese disinformation claimed that European health care workers had left people who were infected with the coronavirus to die and that President Trump was planning a nationwide lockdown. While the former was put out solely via a Chinese embassy website, the latter was circulated on social media and—in a novel twist—via text messages.

Russia and Iran have pushed similar messages. Russian disinformation attacked the efficacy of vaccines, lending support to anti-vaxxer groups in the West. This is a tried-and-true method of Russian disinformation campaigns: Find already-present divisions smoldering within society and pour gasoline on them. In response, the European Union disseminated a report blaming Russia, China and “certain third countries” for engaging in disinformation campaigns. According to the New York Times, the report’s criticism of China was softened as a result of pressure from Beijing. China, a vital trading partner, was in the middle of negotiating a landmark investment agreement with the EU when the report was released.

Exploiting Contact-Tracing Platforms

Intelligence services have also taken notice of the incredible treasure trove of data contained in contact-tracing apps and other methods of technologically bolstered contact tracing, which include information about individuals’ patterns of life. Some governments, such as Israel, have moved somewhat quickly to keep their spy agencies from using contact-tracing data from their own citizens, while others have come clean about collecting such data incidentally. But court decisions and calls for transparency will do little to deter outside intelligence agencies from attempting to access such data for all sorts of purposes.

The relative success of both South Korea and Taiwan in stymieing the spread of the coronavirus may stem in part from the heavy use of such contact-tracing apps and other methods of digital contact tracing in those nations. As such, many countries might feel pressure to require their use in the future, regardless of the effect on privacy or potential exploitation by foreign spies. Their use continues to be controversial in the United States, with many questions remaining regarding their efficacy versus the potential losses of privacy.

So What?

In today’s chaotic world, numerous nations see ample opportunities to grab additional power and influence, and they are actively engaging in a wide variety of nefarious activities in furtherance of their aims—from disinformation campaigns, to stealing sensitive research and development information, to supply chain manipulation. Nation-state competition will continue to escalate and spill into more and more nontraditional areas—like health care—and nations will utilize their intelligence services, and all other available resources, to gain a competitive advantage.

Some nations treat their desire for economic advancement in the same manner in which they sought information about the pandemic and the vaccine: Both represent critical national security imperatives. The goal is to obtain such information at all cost but ideally at the lowest cost. It is always cheaper to steal such information or know-how using your spy service than it is to purchase it from another country.

As this geopolitical competition increases, cooperation between nations will plummet, and global institutions will have even less impact on how nations behave. And because the U.S. government has neither the inclination nor the resources to defend the private sector, except in the broadest sense, it will be left to individual organizations in the United States—like Pfizer, Moderna, IBM and 3M—to protect themselves.

Bill Priestap is a founder of Trenchcoat Advisors, a firm that helps businesses protect themselves from nation-state threats. He is also an adjunct professor at Georgetown University’s Walsh School of Foreign Service. He led the FBI’s Counterintelligence Division from 2015 to 2018.
Holden Triplett is a founder of Trenchcoat Advisors, a firm that helps businesses protect themselves from nation-state threats. He is also an adjunct professor at Georgetown University’s Walsh School of Foreign Service. From 2017 to 2018, Holden was the Director for Counterintelligence at the National Security Council. He led the FBI office in Beijing from 2014 to 2017 and was deputy head of the FBI office in Moscow from 2012 to 2014.

Subscribe to Lawfare