Beijing Suspected in Hacking Yacht Owned by Chinese Billionaire

FBI investigating possible electronic sabotage against dissident's ship

Lady May
Lady May
September 8, 2017

Editor's Note July 14, 3:06 p.m.: The Washington Free Beacon learned in October of 2019 that senior editor Bill Gertz entered into a previously undisclosed financial transaction with an individual or an affiliate of that individual whom Mr. Gertz had covered in some of his reporting.

Upon learning about this transaction, the Washington Free Beacon promptly asked Mr. Gertz for his resignation and that resignation was received and accepted. The Washington Free Beacon has appended this disclaimer to all of Mr. Gertz’s affected news stories. This story did not surface in an initial review of Mr. Gertz's work and the disclaimer was appended shortly after it did.


China is suspected of hacking the electronics of a yacht owned by a Chinese billionaire targeted by Beijing.

Guo Wengui, who uses the English name Miles Kwok, said several incidents involving his 152-foot motor yacht, Lady May, appear to be part of a Chinese government effort to threaten and intimidate him.

The suspicious hacking took place in July on the Hudson River near New York City and left the ship temporarily unable to turn and in danger of colliding with nearby freighter.

Guo, a real estate developer now living in New York City, said he believes a sophisticated intelligence service, likely the Chinese, disrupted the electronics on his high-tech yacht during several incidents beginning with the suspected ship hacking July 18.

"I hope to let the American people and government know that through this incident there exists a great and real threat from China," Guo said.

"I want every American and law enforcement agency to understand the Chinese government, through using the internet, cell phones, and modern communications technologies, can obtain private correspondence and information from each and every American citizen if it wishes, and can do that very easily almost without any cost," he added.

He urged the U.S. government to investigate the hacking and report the results to the American people.

The FBI was called in on the yacht hacking and has launched an investigation into the suspicious cyber incident, as well as a similar electronic disruption on the ship, and the buzzing of the vessel by a drone aircraft. Asked about the investigation, an FBI spokeswoman in New York declined to comment.

Guo has been a target of the Chinese government efforts to silence him since earlier this year when he began speaking out in online videos and interviews exposing corruption by senior Chinese leaders.

Among those named by Guo is Wang Qishan, a member of the Communist Party's seven-member Politburo Standing Committee, the collective dictatorship that rules China, and one of the nation's most powerful leaders. The allegations of corruption against Wang are explosive since he is the chief enforcer behind Chinese leader Xi Jinping's anti-corruption campaign that has ensnared thousands of officials.

Control faiure
Control failure

The hacking of the ship's computerized steering controls was especially alarming. The incident was outlined in a report and PowerPoint presentation, including photos and videos, provided by Guo.

Disclosure of the suspected yacht hacking comes as the Navy is investigating with external electronic hacking who is involved in two similar collisions between U.S. Navy destroyers and commercial ships that killed 17 American sailors. One of the warships, the USS John S. McCain had been involved in an operation to sail close to a disputed Chinese island in the South China Sea days before the collision.

The Lady May's captain, Gavin George Hurn, said in a statement in the report that the ship had sailed to the George Washington Bridge and was awaiting a harbor pilot to come aboard to guide the ship further north.

But after deciding to return instead to Chelsea Piers dock in lower Manhattan, the vessel's bow and stern thrusters suddenly shut down. "I was unable to take control of the thrusters in the bridge," Hurn said.

A technician then discovered that the thrusters were functioning but control over them had been disconnected from the bridge.

"We still had full control of the engine and steering on-board at all times," Hurn noted.

However, without the thrusters, the yacht was unable to turn around and was caught in a 2-knot current. The captain reversed the ship down river and was eventually able to direct the bow toward shore and a safer location.

At the time, a large liquefied natural gas ship was located around 300 feet from the Lady May, prompting fears of a collision.

The yacht was built in 2014 by the Dutch manufacturer Feadship Royal Dutch Shipyards and is equipped with advanced computerized controls and communications.

Radio Holland, a company specializing in shipping electronics, later investigated the ship's electronics and discovered "several errors that were not normal in the system," Hurn stated.

A system anomaly involving the ship's autopilot when placed in a certain configuration prevented using steering thrusters. Changes were made in the control system to prevent further mishaps, Hurn stated.

The report stated that the ship's controls were hacked by an unknown third party that gained access to the ship's computer system, possibly using a mobile phone.

Investigation into the incident indicated the malfunctioning of the Lady May's computer system was caused by unknown actors taking external control over the yacht's system and network, the report said.

Image of the hacked control steering

Photos of the bridge displays during the incident showed propulsion failures on both sides of the ship and an alarm regarding a "radar target"—a possible collision.

The hacking also coincided with online threats against Guo both before and after the July 18 Hudson River incident, according to the report.

Several tweets from a supporter of Guo in China claimed that the Chinese government was targeting Guo and his yacht.

On July 28 the supporter tweeted that China planned to assassinate Guo using an unmanned aerial vehicle, and warned that the yacht, where Guo had produced a video broadcast a day earlier, was not safe.

"Your yacht is tracked," the supporter wrote. "There's no technical difficulty to attack the yacht from the air using unmanned aerial vehicles. They [the Chinese] are bribing New York Air Route Traffic Control Center."

The same supporter a day later said "detailed plans for eliminating Guo" included the use of weapons-equipped drones and plans to place explosive devices near the Lady May as it was underway.

"The [Chinese] base is at a few mechanic and chemical engineering companies with Chinese background in New Jersey," the supporter said. "Knowing the route of Guo's yacht in advance is the key to success."

The report stated that Guo conducted a security test in a bid to identify the source of the cyber attacks during a stay on the yacht July 26.

The Lady May's chief engineer, Craig Rehaume, said in a statement that as soon as Guo arrived on the yacht that day, the ship's Wi-Fi network went offline, apparently disrupted from an external source. The network service was eventually restored but operated intermittently.

In a bid to locate the source of the electronic disruption, the cell phones of all passengers on the yacht were moved to a small dingy away from the ship.

"The results show that my suspicion was right: My mobile phone was controlled by them," Guo stated, referring to the Chinese. "This proved that my mobile phone was hacked and installed with some controlling apps."

Rehaume, the Lady May's engineer, supported Guo's claim. He stated that he initially suspected Guo's phone to be the source of the Wi-Fi disruptions.

The engineer said the disruption continued after Guo's phone was powered off. Only when the sim card was removed and the suspect phone wrapped in metal foil, did the network begin operating properly, Rehaume said.

Then on July 29, according to Hurn, the yacht captain, the Lady May was intercepted by a quadcopter drone as the vessel sailed near the Bear Mountain Bridge along the Hudson. The drone aircraft followed the vessel upriver for about 20 minutes. The drone was "doing small loops around the vessel and coming very close to the vessel looking into the bridge and exterior window," Hurn said.

The captain noted that the drone operator demonstrated extreme confidence in flying the aircraft and was able to keep it very stable and within three to six feet from the ship.

Again on July 31 as the Lady May sailed down the river past the Bear Mountain Bridge another drone similar to the first one also followed the ship. Hurn said he believed the drone was controlled from land and flew off after around 20 minutes.

In early August, Guo said he received additional warnings from the Twitter supporter who stated that the electronic disruption plan "was executed by the [Chinese] military."

The supporter, identified as @FlightEagle2017, stated on Aug. 5 that after tweeting the warning about the disruption operation he was targeted by Unit 61398, the Chinese military hacking unit based in Shanghai.

The Chinese told him "we know who you are, you'd better mind your own business."

Guo said both electronic incidents and drone buzzing convinced him that the activities were "from my enemies who launched a series of national-level, organizational attacks against me."

Lady May

"This time hackers hacked into the systems of the Lady May, to make it lose control, nearly causing fatalities," he said.

"Then they repeatedly cut off the yacht's networks and the unmanned aerial vehicle incident," Guo said. "All of this shows that the traitors are not merely intimidating, but rather really posing a threat to my life."

Guo said he believes the Chinese have set up sophisticated intelligence and covert action networks in the United States, posing threats to him, his family, Americans, and their property.

"This incident shows that the traitors have deployed spies and agents in the United States on a large scale, and hacker," he said. "They work hand in hand with the intelligence organizations controlled by the traitors in China.

Guo said he believes China is behind constant hacking attacks against his associates, including his security personnel, lawyers, and consultants.

"American bureaucracy and red tape have enabled Chinese hackers and property stealers not only to be able to steal American property, but to kill any American if they so wish," he said. "It is high time that this clear and present danger be understood and seen clearly and be changed."

In addition to disclosing Chinese high-level corruption, Guo has provided details of Chinese intelligence activities in the United States, including the dispatch of tens of thousands of intelligence collectors.

Guo has also revealed how China's intelligence services utilize Chinese businessmen, like Guo, for funding and supporting activities around the world.

Guo was once close to Ma Jian, the former No. 2 official at the Chinese intelligence service, Ministry of State Security, and ran secret intelligence operations against the United States for more than a decade. Ma was imprisoned last year on corruption charges that many analysts say were political retribution for gathering intelligence on leadership corruption.

Published under: China