EXFIL by Anthony Patton (best books to read non fiction TXT) 📗
- Author: Anthony Patton
Book online «EXFIL by Anthony Patton (best books to read non fiction TXT) 📗». Author Anthony Patton
The same goes for Intelligence Officers. Early in our careers, the world is a chaotic mess of targets from different countries. We greedily gobble up business cards and run database checks to find the next great source—quantity over quality. Over time, however, we learn that very few interesting targets out there really merit our attention.
A priority target like the Chinese cyber program could be reduced to a handful of leads traveling or working outside of China. An abstract term like “Chinese cyber program” became a map on the wall showing the locations of all the Chinese cyber units; a series of cyberattacks would get traced back to a particular unit in Beijing, which resulted in the construction of an organization chart for that unit. Closer investigation would then surface social media accounts with photographs of Chinese hackers doing normal things—posing with sunglasses at happy hours, and so forth.
The “Chinese cyber program” thus transformed itself into an intriguing man named Lieutenant Colonel Li, who, it soon transpired, was singlehandedly managing to inflict more damage and destruction on our nation than entire armies of the past. When we identified him as a key player, someone China should want to protect at all costs, he got assigned to D.C.
There was a saying in the Intelligence Community that if a would-be source looked interesting to us, he looked interesting to other intelligence services as well, which forced allies to share information to avoid tripping over each other.
It was no surprise, then, when we received queries from the UK, Canada, Australia, New Zealand, our “Five Eyes” partners, and others, all asking about Li’s arrival in the U.S.
One theory was that he had been removed from cyber operations to serve a tour as an Army Attaché. This meant he couldn’t comment on current Chinese cyber operations, but this didn’t make him any less of a valid target because he could tell us about his past operations. Either way, we advised our allies that we were monitoring his activities closely and would tell them about any significant developments. Everyone understood that the Chinese would be watching him like a hawk and send him home at the first sign of trouble.
Just as we trusted our most respected Intelligence Officers to serve in countries such as Russia and China, it wasn’t inconceivable that China would trust Li to live and work in D.C.
Given the limited number of game-changing targets like Li, it was no surprise that my database searches surfaced scores of documents and reports from the past ten years, with a swathe of them related to the recent cyberattacks on the Pentagon. Just as many best-selling writers emerged from relative obscurity before skyrocketing to fame—the hockey stick curve—Li’s story told of a humble beginning.
As far as I could tell, our meetings with him in Islamabad marked the first known contact, but I couldn’t access the CIA files. A nostalgic smile crept across my face as I read the report from my initial contact with him during the diplomatic function. I still remembered the gaudy décor of the Islamabad Marriott Hotel salon and feeling as though I was in a movie set from the 1970s, surrounded by drunken Slavs with rows of medals on their uniforms.
The response from Washington was boilerplate language about no previous contact with Captain Li, and encouragement to sustain discreet contact during future diplomatic functions.
For reasons that had nothing to do with cultural or historical affinity, China and Pakistan had a “special relationship,” which meant that any traditional approach to then-Captain Li on the diplomatic circuit, including phone calls or email, would instantly come to the attention of Pakistan’s notorious Inter-Services Intelligence (ISI). This, of course, would grind the relationship to an immediate halt.
The U.S. gave hundreds of millions of dollars to the Pakistani Army, one of the few functional institutions in the country, and cooperated on counterterrorism operations, primarily in the Federally Administered Tribal Areas (FATA), but we could never crack the nut of the “special relationship” with China.
Brett and I separately met Captain Li a few more times at other diplomatic functions, including a most memorable event at the Serena Hotel with a spectacular buffet that left a lasting impression on my palate. However, neither of us ever was able to convince him to meet up for high tea, to hike the Margalla Hills, or play golf. He remained gracious on each occasion—as he declined us each time.
He was always polite and bowed with a gentle smile, always careful not to cause offense or appear objectionable or mistrustful, but Brett and I figured that others observed our repeated failed encounters with him during these public events in our fishbowl of an existence.
After Li’s assignment in Islamabad, there were a few reports and travel records, two or three times a year, about Captain and later Major Li taking vacations with his wife or attending cyber-related conferences. There was no reason to believe that Major Li was a big fish, but the infrequency of his travels over the years made it difficult to get officers in front of him, and there were no records of our offices making plans to bump him.
His name was mentioned in a few cables following chance encounters with military attachés, with Washington thanking the offices for their attention to the China target and welcoming additional assessment and biographic information during future travel.
This type of activity continued for a few years, but things got really interesting when we received a signals intelligence (SIGINT) report indicating that now-Lieutenant Colonel Li was running a cyber unit in Beijing, about the same time I arrived in Bangkok. The PLA was expanding into cyber operations and had consolidated operations by establishing the Cyberspace Force under the Strategic Support Force, with a mission including computer network exploitation.
We pieced together information about where the cyber unit was located, what they were targeting, and the types of tools and malware they were using, but the alarm bells
Comments (0)