On March 16th, 2020, Xuehua ‘Edward’ Peng was sentenced to four years in federal prison for acting as an agent of the Chinese government supporting espionage activity. Under orders from Beijing, Peng secretly picked up digital cards with classified data and left cash payments. These actions were done in hotel rooms without ever seeing the cooperating individual.* Unfortunately for Peng, he collected information that was in fact, provided by an FBI double agent (Source). This person had also been approached for spy-work by the Chinese government in the same time frame as Peng but decided to work with the U.S. government instead.
The following information provides relevant facts about the case as well as analysis to determine China’s espionage tradecraft and limitations.
Facts about the Xuehua “Edward” Peng espionage case.
- Xuehua Edward Peng is 56 years old. He entered the US in 2001 on a temporary business visa. He became a lawful permanent resident in 2006 following his marriage and was naturalized in September 2012.
- Peng is a mechanical engineer and was trained in traditional Chinese medicine. He owned and operated a tour company in San Francisco.
- In March 2015, Peng was recruited by PRC official while on a business trip to China. The PRC official appealed to him to “help China.” Peng later came to understand the official worked for China’s Ministry of State Security.
- The FBI’s Source was also approached for recruitment by the MSS in China in March, 2015.
- The official instructed Peng to service dead drops, retrieve small electronic storage cards, and leave cash payments for the Source. Peng flew to the PRC to deliver the storage cards to the PRC official.
- Peng never met nor interacted with the individual who left the devices for him and was instructed not to access the information stored on the SD cards.
- Peng made practice run in June 2015 and then participated two dead drops in the San Francisco Bay Area between October 2015 and April 2016. He then made three dead drops in Columbus, Georgia.
- An FBI double agent (Source) provided the information to Peng. The FBI double agent had also been approached for spy work by the MSS in March 2015 but informed the U.S. government instead.
- The FBI double agent likely had access to USG government classified information (Or at least the MSS believed he/she did). It is unknown to which agency or department he/she worked.
- Edward Peng and the FBI source began operational activities approximately seven months after their recruitment (March 2015).
What this case tells us about China’s espionage tradecraft:
- This case represents the first time (Publicly) China’s Ministry of State Security (MSS) used Dead Drops in the US.
- The MSS identifies individuals in the US (travelling to the PRC) for potential recruitment as espionage assets. Both Peng and the FBI Source were approached and recruited while visiting China. The MSS was aware that the FBI Source had access to classified information, making him/her a recruitment target. These (successful) efforts identifying potential assets indicate an extensive targeting effort integrated with the Chinese government’s visa issuance program.
- MSS tradecraft is not effective in asset validation. The operation ran for two years and the MSS was unable to detect the Source was an FBI controlled asset.
- China uses official cover (government) for its Intelligence Officers (*author’s note – they also make extensive use of commercial cover).
- China trains its intelligence assets in espionage tradecraft. Both Peng and Source received some level of instruction (or at least direction) from MSS officers.
- An MSS officer in Beijing used ethno-nationalism as the motivation for Peng’s recruitment.
- Beijing based MSS officers handled the FBI source and Peng.
- MSS tradecraft employs intercontinental email and phone calls to communicate with assets using simple codes. The MSS may have switched to encryption software with Peng as this was discussed, and the FBI noted a drop in phone communications shortly thereafter.
- MSS tradecraft includes travelling to third countries to control assets working in the US. The FBI Source met with two MSS officers in Europe (vice China) to reduce suspicion and increase operational security of the asset.
- On one occasion the FBI Source met briefly with MSS Officer #1, who handed him/her a cigarette box that contained $20,000. This “live drop” was most likely done in Europe.
- MSS tradecraft does not include having controlled assets sign receipts. (*Personal note – this makes their intelligence system ripe for corruption by allowing operations officers to skim payments).
- Over the course of two years Peng did not detect FBI surveillance indicating no surveillance detection training or operational preparations.
MSS operational performance remains spotty. The service appears to maintain operational security in some areas and are completely void of it in others. This lack of consistency in operations suggests poor training (non standardized) and more likely, ineffective operational and quality control. The lack of consistency in operational performance may also be a function of a politicized intelligence apparatus and/or internal corruption.
* A dead drop is a method of espionage tradecraft used to pass items or information between two individuals. Servicing a dead drop is also known as loading and unloading. In this way a case officer and an asset can maintain operational security by communicating without meeting.