China’s state-owned National Petroleum Corporation, which used the information to underbid the Americans and win the contract.
Later, when K. K. Tong was tasked with stealing the plans for the U.S. Navy’s quiet electric drive for its submarines, Tong and his hackers had the plans, representing five billion dollars in research by the U.S. Navy, in less than six weeks.
Dr. Tong next personally extracted more than twenty terabytes of data from the Department of Defense’s unclassified database, handing over to the PLA the names of all American Special Forces operators and their home addresses, the refueling schedules for every ship in the Pacific, and the training and leave rotations of virtually all military units.
He and his men also stole the plans for America’s next-generation fighter, the F-35.
Shortly before the end of the decade, Tong, along with the heads of the PLA’s Third Department (Signals Intelligence) and Fourth Department (Electronic Counter Measures and Radar), developed the computer network operations component to the PLA policy of INEW, Integrated Network Electronic Warfare, the formal name of China’s entire electronic warfare strategy. INEW would rely on electronic warfare to jam, deceive, and suppress America’s ability to receive, process, and distribute information, and it was clear to all in the PLA by now that K. K. Tong and his civilian hacker army would be critical to INEW’s success.
He and his minions infected millions of computers around the world, creating a robot army, a botnet, that could then be directed to attack a website or a network, overloading it with requests and denying service to anyone who attempted to log on. He directed his botnets to attack China’s adversaries with devastating results, and the owners of the nodes on the robot army never knew their hardware was working for the PRC.
Unlike the rest of China, Tong operated in a constant state of war against the United States. Via espionage or harassing actions, he and his force of men and women, most of whom worked from home or their “day job” workstations, endeavored to compromise American computer network operations at every turn and build a massive target portfolio in case a shooting war broke out.
There was only one problem with Tong and his endeavors, as far as the Chinese were concerned. He was too successful. He’d been given nearly free rein to go seek out access to U.S. networks, and eventually, the Americans began to notice. The U.S. government realized someone was, in effect, attaching a vacuum cleaner to their data and sucking it out.
They called the persistent attacks into their government and industrial networks at first Titan Rain, and a second series of attacks they called Shady Rat, and the Americans tasked hundreds of investigators with finding out who was behind them. China was suspected from the beginning, and as Tong’s operation grew in scope and importance, the MSS and the Politburo insiders who knew of the cyberprogram grew worried that some of the more high-profile attacks could be positively attributed to China.
The United States made a series of arrests of hackers involved in the operation, and some of them were ethnic Chinese. This worried the Chinese greatly, and pressure was put on the PLA and MSS to do a better job covering their tracks in the future.
When the full scope of Tong’s vulnerability became apparent to the PLA and the MSS, the decision was made that he needed to be protected at all costs, and his organization needed to be completely sequestered and distanced from the Chinese government. Deniable computer network operations were critical in this time of declared peace, and to remain deniable there could be no comebacks to China itself.
But Tong had become known in the United States as a key civilian computer operations official working for the PLA. The investigators in the FBI and NSA looking into China cyberoperations referred to his influence over cyberstrategy as the Tong Dynasty, and when the Chinese realized Tong had been outed to such a degree, they knew they had to act.
After much discussion, the decision was made by the head of the Ministry of State Security that K. K. Tong, whose official title of director of technological training for the Chengdu Military Region First Technical Reconnaissance Bureau belied his field-marshal level of influence on one of war fighting’s five domains, would be arrested on false charges of corruption, and then he would “escape” from custody.
Then Tong would relocate to Hong Kong and go under the protection of the 14K Triads. “Triad” was something of a catchall title referring to an organization with many unaffiliated branches, but the 14K was the largest and most powerful branch in Hong Kong. The MSS and the 14K had no operational relationship with each other. Triad activity had long been a thorn in the side of the Chinese government, but Tong would “sell” himself and his army of hackers to the Triads, and then repay them for their protection with money from any of the dozens of financial schemes his men and women ran around the globe.
The 14K would, of course, know only that Tong had escaped prison on the mainland and now was working in computer-related embezzlement and blackmail operations — black-hat computer crime.
The Triads would have no idea that ninety percent of the Tong organization’s productivity involved cyberespionage and cyberwarfare, all on behalf of the Communist Party of China, the enemy of the Triads.
Tong was “arrested,” and a short notice of his charges was printed in the
The article was written to show the West that the mysterious Dr. Tong was out of favor with Beijing, and it was written to show the Triads in Hong Kong that this mysterious Dr. Tong had skills that could make them a great deal of money.
Tong was sentenced to the firing squad, but on the day of his scheduled execution, rumors came out of the prison that he had escaped with inside help. To enhance the ruse, prison officials ordered several guards shot the next day for their “collaboration.”
The 14K Triads, the largest and most powerful underworld organization in Hong Kong, and the largest Triad in the world, took K. K. Tong in weeks later. He rebooted the army of civilian hackers that he had cultivated, and he reacquired his botnet army, and within months he was generating money for the Triads by using tens of thousands of nodes from his botnet to swindle credit card numbers with phishing e-mails.
Tong then started a new endeavor. With the 14K’s blessing, though without any understanding of what he was really up to, Tong purchased hundreds of computers and recruited top-level hackers from the mainland and Hong Kong to operate them, bringing them slowly into Hong Kong and into the fold of his new operation.
K. K. Tong adopted the handle “Center” and called the physical hub for his new worldwide operation, his nerve center, the Ghost Ship. It was housed on the eleventh through the sixteenth floors of a Triad-owned office building in Mong Kok, a gritty high-density and lower-income portion of Kowloon, well to the north of Hong Kong’s lights and glamour. Here the Triads watched over Tong and his people night and day, although they remained oblivious of his true mission.
Tong employed dozens of the best coders he could find, mostly men and women from his earlier hacker “armies.” The rest of his employees he called controllers — these were his intelligence officers, and they all used the handle “Center” when dealing with their assets. They operated from workstations on the operations floor of the Ghost Ship, and they communicated via Cryptogram instant messaging with the hackers and physical assets who unknowingly worked for them around the world.
The controllers used cash payments, coercion, and false flag trickery to co-opt thousands of individual hackers, script kiddies, criminal gangs, intelligence operatives, government employees, and key tech-industry personnel into a massive intelligence organization the size and scope of which the world had never seen.
Tong and his top lieutenants patrolled the hundreds of Internet forums used by Chinese hackers, and from here they found their army. One man and one woman at a time were discovered, vetted, approached, and employed.
The Ghost Ship now had nearly three hundred employees working in the building itself, and thousands more working on its behalf around the world. Where language was a problem they posted in English or used high-quality language-translation software. Tong recruited foreign hackers into his network, not as Ghost Ship operators but as proxy agents, none knowing they were working for the Chinese government but many certainly recognizing that their new employers came from Asia.
The physical agents came last. Underworld organizations were recruited to work on “meat space” ad hoc projects. The best of these received regular assignments from Center.
The Libyan organization in Istanbul was an example of this, although their controller saw almost immediately
