Jiangsu State Security Department

The Jiangsu Province State Security Department (江苏省国家安全厅) is a provincial bureau of the Ministry of State Security in Jiangsu which serves as the coastal province's intelligence service and secret police.

Jiangsu State Security Department

江苏省国家安全厅
Insignia of the MSS
Department overview
Formed	September 1983; 40 years ago (September 1983)[1]
Jurisdiction	Jiangsu, China
Headquarters	1 Yangzhou Road Gulou, Nanjing, Jiangsu, China 32°03′34″N 118°45′41″E / 32.05944°N 118.76139°E / 32.05944; 118.76139
Parent department	Ministry of State Security

They are involved extensively in espionage against the United States, and aviation-related industrial espionage, operating the advanced persistent threat TURBINE PANDA, also known as APT26.^[2] They are most well known for their alleged responsibility for the high-profile 2015 hack of the United States Office of Personnel Management, stealing the personal details of over 20 million U.S. federal civil servants.

The department is headquartered in Gulou, Nanjing, west of the Jiming Temple, though it maintains locations throughout the province.^[3]

History

The Jiangsu SSD was established from the Jiangsu Investigation Department in September 1983. Only in January 1984 were public security personnel transferred into the SSD. The first Jiangsu SSD head, Qiu Lu (邱路), had been a deputy head of the provincial public security department. At least two of the original Jiangsu SSD deputy heads, Zhou Xiaoliang 周效良 and Hua Hengshuan 花恒栓, came from the Jiangsu Investigation Department.^[4]

An official history states that the Jiangsu Public Security Department, ‘in accordance with the Central Committee’s relevant regulations’, transferred the entirety of its Technology Division (技术处) and Science and Technology division (科技处), and three sections of its Political Protection Division (政保处) to the Jiangsu SSD in January 1984. The Public Security Department's Science and Technology Division was established in April 1979 with a staff of 75, and was outwardly known as the Jiangsu Province Public Security Science and Technology Research Institute (江苏省公安科学技术研究所). This institute is now known as the Nanjing Institute of Information Technology (南京信息技术研究院) or the Nanjing 841 Research Institute (南京841 研究所), and may be directly subordinate to the MSS rather than the Jiangsu SSD.^[4]

Operations

Hack of the US Office of Personnel Management

Main article: Office of Personnel Management data breach

Further information: Cyberwarfare by China

In 2015, hackers working on behalf of the Jiangsu SSD obtained access to 22.1 million SF-86 records of US federal employees, contractors, and their friends and family.^[5][6] Representing one of the largest breaches of government data in U.S. history,^[7] information that was obtained and exfiltrated in the breach^[8] included personally identifiable information such as Social Security numbers,^[9] as well as names, dates and places of birth, and addresses.^[10]

Espionage against the United States military

In 2013, Jì Chāoqún (季超群), a Chinese graduate student studying in the United States, was recruited by officials from the JSSD and agreed to "dedicate the rest of his life to [China's] national security." He graduated from Illinois Institute of Technology in 2015 and enlisted as an E-4 in the United States Army Reserve through the Military Accessions Vital to the National Interest (MAVNI) program the following year. In response to a security clearance investigation at the time of his enlistment, Ji falsely claimed to have had no close contact with officials of any foreign government in the prior seven years. In 2018, Ji met with individuals he believed were with the MSS, but were in fact undercover agents of the US Federal Bureau of Investigation (FBI). During these meetings, Ji said he could leverage his military credentials to take photos on board the destroyer USS Roosevelt, and that he would seek work in cybersecurity at the CIA, FBI or NASA, in order to gain greater access to databases of classified information. He was arrested later in 2018. Following a trial in 2022, Ji was convicted on one count each of acting as an agent of China without registering under the Foreign Agents Registration Act as required (18 USC § 951), conspiracy to wit, and making false statements (18 USC § 1001) to the US Army. In early 2023, Ji was sentenced to eight years in prison by a federal court in Chicago.^[11]

Industrial espionage in the aviation sector

In 2017, an engineer at GE Aviation in Cincinnati was contacted by officials from the Jiangsu SSD through LinkedIn, and convinced to give a presentation to officials ostensibly from Nanjing University of Aeronautics and Astronautics. After being identified by the FBI and GE security, he was forced to take part in an offensive counterintelligence operation run by the FBI. After the engineer reengaged his Chinese acquaintance at the behest of the FBI, search warrants of the email address the man used revealed him to be Xu Yanjun, a deputy division director of the Sixth Bureau of the JSSD with nearly 20 years experience. Soon after, Xu asked the engineer to obtain details on the composite materials used in the structure of the Lockheed Martin F-22 Raptor.

 

Xu in US custody prior to his conviction

Xu was ultimately arrested in a sting operation in Belgium arranged by the FBI. After examining his devices, an iCloud account revealed the JSSD was engaged in cyberespionage against global aerospace conglomerates Honeywell and Safran, and California-based gas turbine manufacturer Capstone Turbine. The companies were contractors for the first indigenous Chinese commercial aircraft, the COMAC C919, and the information revealed that China was working to steal the data necessary to cut the vendors out of the supply chain.^[12] At a discussion at the Center for Strategic and International Studies (CSIS), Sinologist Peter Mattis said Nanjing Institute of Information Technology was the eventual customer for the stolen technology, and played a key role in setting the intelligence requirements for the JSSD's collection efforts.^[13]

List of directors

Name	Entered office	Left office	Time in office	ref.
Qiu Lu (邱路)	September 1983	unknown	unknown	[14]
Yang Zhaoliang (杨兆亮)	unknown	March 30, 2007	unknown	[15]
Wang Jinling (王金陵)	March 30, 2007	July 2014	7 years, 4 months	[15]
Liu Yang [zh] (刘旸)	July 2014	August 22, 2017	3 years, 2 months	[16]
Chen Deying (陈德鹰)	September 2017	unknown	unknown	[16]

References

1. Joske, Alex (September 2023). "State Security Departments: The Birth of China's Nationwide State Security System" (PDF). Deserepi: 11–12. Archived (PDF) from the original on 2023-09-27. Retrieved 2023-10-01.
2. "Turbine Panda, APT 26, Shell Crew, WebMasters, KungFu Kittens - Threat Group Cards: A Threat Actor Encyclopedia". apt.etda.or.th. Archived from the original on 2023-05-16. Retrieved 2023-05-16.
3. "Huge Fan of Your Work: How TURBINE PANDA and China's Top Spies Enabled Beijing to Cut Corners on the C919 Passenger Jet" (PDF). Crowdstrike. October 2019. Archived (PDF) from the original on 2023-03-21. Retrieved 2023-05-25.
4. Joske, Alex (2023). "State security departments: The birth of China's nationwide state security system" (PDF). Deserepi: 11–12. Archived (PDF) from the original on 2023-09-27. Retrieved 2023-10-01.
5. Zengerle, Patricia; Cassella, Megan (2015-07-09). "Estimate of Americans hit by government personnel data hack skyrockets". Reuters. Archived from the original on 2017-02-28. Retrieved 2015-07-09.
6. Nakashima, Ellen (9 July 2015). "Hacks of OPM databases compromised 22.1 million people, federal authorities say". The Washington Post. Archived from the original on 26 July 2018. Retrieved 19 July 2020.
7. Barrett, Devlin (5 June 2015). "U.S. Suspects Hackers in China Breached About four (4) Million People's Records, Officials Say". The Wall Street Journal. Archived from the original on 4 June 2015. Retrieved 5 June 2015.
8. Fruhlinger, Josh (2020-02-12). "The OPM hack explained: Bad security practices meet China's Captain America". CSO Online. Archived from the original on 2023-05-24. Retrieved 2023-05-29.
9. Risen, Tom (5 June 2015). "China Suspected in Theft of Federal Employee Records". U.S. News & World Report. Archived from the original on 6 June 2015. Retrieved 5 June 2015.
10. Sanders, Sam (4 June 2015). "Massive Data Breach Puts 4 Million Federal Employees' Records At Risk". NPR. Archived from the original on 5 June 2015. Retrieved 5 June 2015.
11. "一名中国公民因非法充当中国政府代理人而被判处八年监禁" [A Chinese citizen was sentenced to eight years in prison for illegally acting as an agent of the Chinese government]. Voice of America (in Chinese). 2023-01-26. Archived from the original on 2023-05-17. Retrieved 2023-05-17.
12. Bhattacharjee, Yudhijit (2023-03-07). "The Daring Ruse That Exposed China's Campaign to Steal American Secrets". The New York Times. ISSN 0362-4331. Archived from the original on 2023-05-11. Retrieved 2023-05-11.
13. "Chinese Communist Espionage: An Intelligence Primer Book Discussion". Center for Strategic and International Studies. December 5, 2019. Archived from the original on 2023-02-01. Retrieved 2023-05-10.
14. Joske, Alex (September 2023). "State Security Departments: The Birth of China's Nationwide State Security System" (PDF). Deserepi: 11–12. Archived (PDF) from the original on 2023-09-27. Retrieved 2023-10-01.
15. "江蘇省國家安全廳 - 怪猫的图书资源库" [State Security Department of Jiangsu Province]. Fudan University (in Chinese). Archived from the original on 2023-08-10. Retrieved 2023-08-10.
16. "刘旸" [Liu Yang]. People's Government of Jiangsu Province (in Chinese). 2020-03-23. Archived from the original on 2020-03-23.