FBI Eyes China in Posting Hacked Documents on Chinese Dissident

DC law firm drops Guo Wengui asylum bid after sophisticated cyber attack

September 29, 2017

Hackers linked to China electronically stole documents from a Washington law firm, Interpol and a Hong Kong bank that were then published online in a bid to discredit a dissident wanted by Beijing.

FBI agents are conducting an investigation into the cyber attack earlier this month that penetrated information systems at the law firm Clark Hill, according to people familiar with the investigation.

Private cyber investigators later traced the cyber attack to China and South Korea.

The hacking and release of sensitive documents on Twitter mirrors the Russian intelligence operation to sway the outcome of the 2016 presidential election in what U.S. intelligence have dubbed a cyber-enabled influence operation.

Until recently Clark Hill represented the dissident, Guo Wengui, who is a major target of the Beijing government after he began publicly speaking out about high-level corruption among Chinese leaders earlier this year.

Guo also said recently he and his associates in New York have been under relentless cyber attack from China as well. In one recent incident, hackers caused a large-scale disruption of handheld devices and computers used by Guo and others that was later identified by cyber security experts as an unusual cell-phone-origin distributed denial of service attack.

Guo believes both operations are part of a systematic Chinese government information operation underway for several months that has increased in severity following his Sept. 6 application for political asylum in the United States.

"I hope all these attacks and illegal activities serve as a wake up call for the U.S. government so it finds out who is the real Black Hand behind these incidents," Guo told the Washington Free Beacon. He hopes the U.S. government will "pay high attention to the threats from the Chinese kleptocracy"—a reference to corruption among Chinese rulers.

"Please remember the severe consequences of ignoring the first World Trade Center bombing in 1993," he said.

Guo is a billionaire real estate developer living in New York who since the beginning of this year has been exposing secrets on high-level corruption in the Chinese Communist Party. He has become a popular figure on Chinese and U.S. social media with millions of followers and supporters.

Among Guo's more explosive disclosures were details on millions of dollars in secret U.S. investments by Wang Qishan, one of the seven members of the Party's Standing Committee of the Politburo, the collective dictatorship that runs China.

Wang is the key figure leading Chinese President Xi Jinping's nationwide anti-corruption campaign. The anti-corruption drive has ensnared several top leaders and is viewed by some analysts as a drive by Xi to eliminate political rivals.

Guo also has revealed data on China's large-scale intelligence operations in the United States that have been conducted by more than 25,000 Chinese agents. The information was based on Guo's ties to former Ministry of State Security Vice Minister Ma Jian, who was caught up in Xi's anti-corruption campaign and imprisoned.

As with Russian cyber-enabled influence operation targeting the election, the Chinese cyber attacks on the law firm were followed by the publication on Twitter beginning Sept. 23 of sensitive information likely stolen during the hack of the law firm and in particular, Guo's lawyer Thomas Ragland.

The attack disrupted Clark Hill's information systems for several days and appeared to have been carried out by sophisticated hackers who targeted Guo's personal information and the lawyer representing him.

The FBI was called in and has launched an investigation. The information published was done so illegally because it is protected under attorney client privilege.

Ragland declined to comment and Clark Hill spokesman James A. Durham also had no comment.

China's motive in the influence operation appears to be directed at forcing the U.S. government to deny Guo political asylum and return him to China.

Portions of Guo's asylum application form and other hacked documents that appear to originate from sources outside the law firm were published this month by a persona on Twitter identified only as "Spectre" (@twiSpectre.) They include a bank transfer note from Hong Kong and documents from Interpol, the international police group currently headed by a Chinese security official that has issued an international notice targeting Guo.

Specter listed his location as Massachusetts and his feed indicates he joined Twitter in September, a sign the account may be part of the Chinese information operation.

China also appears to have targeted FBI agents who worked with Guo. Specter asserted in a posted statement allegedly from an FBI whistleblower that two FBI agents working with Guo, who uses the English name Mile Kwok, had improperly assisted Guo in obtaining a travel visa.

Spectre tweeted that the two agents "fell victim inadvertently by contacting Miles Kwok."

In another posting, the hacker goaded Guo about the leaked documents stating, "is your heart tough enough seeing this?"

"Miles, you burnt the bridge and made a plan B," the hacker stated, calling the funding of a second law firm "firefighting your pile of slurry in asylum filing."

All of Specter's 40 tweets, the most recent dated Sept. 27, target Guo and his associates and allege he mislead authorities on his asylum application. The disclosures began Sept. 20.

An FBI spokeswoman declined to comment on the allegations against two agents, or the FBI probe into the Clark Hill hacking.

Among the disclosures on Twitter were answers to questions by Guo revealing that he fears political persecution from China because he has disclosed to U.S. authorities the identities of Chinese intelligence officers operating in the United States.

Another document posted by Spectre revealed that a cash transfer of $1 million was sent from HSBC bank in Hong Kong from Guo's company, ACA Capital Group Ltd., to the law firm Williams and Connolly LLP that is now handling the asylum case.

A spokeswoman for Williams and Connolly declined comment.

Guo revealed in the asylum request that Chinese officials contacted him 30 times between January and May and urged him to cooperate with them in exchange for help in solving his "political problems."

Chinese officials want Guo to stop exposing corruption among Chinese officials, and have urged him not to cooperate with the U.S. government. The officials also warned him not to oppose the Chinese Communist Party, or call for democratic reforms in China. In exchange, Beijing offered to release his family members and employees from prison and unfreeze assets in China worth about $70 billion.

"I refused to do what they asked and am therefore a prime target of certain very powerful figures in the Chinese government," Guo said.

Since January 2015, Guo said he has received threatening calls and text messages saying he will be killed or his car bombed.

Earlier, Guo disclosed that he believes the suspicious loss of steering on his 152-foot yacht on the Hudson River last summer was part of a Chinese electronic attack. The temporary steering loss nearly caused a ship collision.

The asylum document revealed that Guo supported the pro-democracy protesters in Beijing's Tiananmen Square in 1989 by selling his motorbike and giving the money to the protesters, who were brutally suppressed by Chinese troops.

As a result, Chinese police came to his house and arrested him and his brother who was shot by police during the arrest and died later.

Guo was initially charged with counter revolutionary activity that was later changed to financial fraud resulting in his imprisonment for 22 months.

He was again arrested by the Chinese in September 2004 at Beijing Airport and tortured by police for 10 days. Guo was interrogated and ordered to "stop exposing the corruption of Chinese government officials."

"I did not agree," he said, adding that he also denied spying for the U.S. government.

Guo stated in the application that if he is forced to return to China he fears he will be arrested, imprisoned, tortured, and killed.

Guo said after he exposed the corruption of Beijing Deputy Mayor Liu Zhihua in 2003, the Chinese security ministry sought to recruit him as an agent and part of Beijing's effort to control entrepreneurs. "But I always refused to be a spy," he said.

According to the document, Guo in 2006 developed ties to Ma Jian, the MSS official who he said was in charge of anti-corruption efforts of Chinese officials and intelligence operations.

"Such blatant intimidation against a U.S. lawyer and law firm amounts to a direct assault on American rule of law and democratic values, a gross violation of international law, and, in effect, a breach of China’s promise to both President Obama and President Trump to stop cyber attacks against the United States," said Yang Jianli, a human rights activist with the group Initiatives for China.

Yang said he hopes the White House will issue a strong protest to China attempt to undermine the U.S. justice system.

Yang believes China is pressuring the Trump administration to repatriate Guo and is urging the U.S. government to protect Guo and assist him in helping advanced democratic reforms in China.

Published under: China , FBI