This is, however, the first time IDF officers have been driving vehicles banned from entering high-security IDF bases. For this, the emergency e-Call emergency systems – designed to automatically contact the emergency hotline in the eventuality of an accident – have been completely disconnected so as to eliminate the car’s direct communication with the outside world.

This, however, is not enough, argues Dr. Harel Menashri, one of the founders of the Shin Bet’s cyber division, presently serving as head of cyber at the Holon Institute of Technology (HIT) and lecturing at Tel Aviv University’s School of Public Health.

Menashri believes that Chinese cars should be treated as sophisticated intelligence-gathering systems. The reason: They include advanced sensor systems with communication capabilities, and can easily collect a vast amount of visual, audio and even biometric information about the vehicle’s occupants and surroundings, and directly transmit it to servers in China. Great raw intelligence about people, installations and movement of vehicles in certain areas.

There’s nothing groundbreaking about what Menashri is saying: Only last year, after imposing a 100% tax on Chinese cars, the Biden administration blocked their sale on grounds that they pose a national security threat. A White House statement said that connected cars can, “be piloted or disabled remotely.” Commerce Secretary Gina Raimondo said that the cars “are like smartphones on wheels” and pose a serious national security threat.

Economic commentators were quick to note that, with all the patriotic fervor, the administration has further, less innocuous, motives to make things difficult for Chinese auto manufacturers: Helping American companies address fierce competition from China.

For Menashri, who hasn’t been shy about voicing his warnings on various platforms, if Chinese cars are dangerous, then Chinese-made security cameras are no less problematic. In May 2018, the U.S. government banned the American defense establishment from using cameras manufactured by two big Chinese companies, Hikvision and Dahua. It turns out that, upon connecting to the network, they immediately search for an Internet connection and transmit to government servers in China. Their sale has been banned in the U.S. since 2021. In Israel, however, they’re used en masse, including by government organizations, local municipalities and even the police and the IDF.

Robotic vacuum cleaners are now equipped with not only Wi-Fi chips for remote control but also lasers, cameras and sensors to help them collect dust. Along the way, they also collect a great deal of data about their owners. They can learn the home’s daily routine, the size, location and internal layout of the house (information that may indicate income), etc. Current versions of robotic vacuum cleaners also create and store a map of the home. Back in 2020, Checkmarx, a security company specializing in static application security testing (SAST), identified serious security vulnerabilities in a Chinese-made smart robotic vacuum cleaner, allowing external attackers full access to materials photographed by the robot.

And then, there’s the drones. Despite Congress banning the U.S. Department of Defense (DoD) from using Chinese-made drones, Chinese drone giant DJI still holds an 80% share of the American private market. Earlier this year, the U.S. Department of Commerce announced it was weighing imposing restrictions on Chinese drones as they “pose acute risks to our national security and the privacy of all Americans.”

The U.S. government’s war of words against Chinese technological espionage peaked with Biden’s decision to shut down TikTok, owned by the Chinese company, ByteDance. Although TikTok operations have been resumed by Trump, bowing to pressure from his supporters, the U.S. Department of Justice claims that TikTok not only provides a platform for malicious manipulation, it also systematically collects information about its millions of users in the West and their opinions, sensors content inconvenient to the Chinese government, and is, “just conduit for the content moderation decisions made by its Chinese affiliates.”

The argument is that China can use TikTok, all of whose data is transferred to servers in or controlled by China, to undermine U.S. interests and, by influencing public opinion, create a security threat.

According to all the information security experts we spoke to in recent weeks, TikTok is just the tip of the iceberg: U.S., Canadian, British, Australian and New Zealand intelligence services joined forces three months ago to issue a joint statement: “We’ve exposed a network of 260,000 cameras, routers and further devices with Internet access, that the Chinese government has used to spy on sensitive organizations in five countries including corporations, media groups, universities and government security agencies. The network, Flax Typhoon, was operated by a hacker group affiliated to the Chinese army, but via, an active, legitimate Chinese cyber security company named Integrity Technology Group, that’s even traded on the Shanghai stock exchange.”

Last year, the Wall Street Journal reported that investigators at the Commerce, Defense and Justice departments have opened probes on suspicion that Wi-Fi routers manufactured by Chinese giant TP-Link, accounting for a 65% share of the U.S. market (and an unknown share of the Israeli market), constitute nothing less than a “conduit” for cyber breaches and espionage on behalf of the Chinese government.

The company’s routers are installed at the U.S. Defense Department, NASA and further federal agencies. The investigation was apparently opened after a group of Microsoft cyber researchers exposed that “a Chinese hacking entity” was operating a network of mostly TP-Link-manufactured routers that conducted cyberattacks on research institutions, organizations and American security system providers.

Microsoft itself is not immune: A sophisticated, targeted infiltration into its cloud platform was recently revealed, providing China access to emails of senior American diplomats, including the U.S. ambassador to Beijing and then-Secretary of Commerce Gina Raymondo.

The routers affair reminds us of President Biden’s zany executive order last March by which the U.S. would invest billions to replace cranes manufactured by the Chinese company ZPMC for fear of their being used for information gathering. These huge cranes transmit faults to their operators for the technician to receive preemptive precise fault monitoring. An inspection conducted by Congress found the cranes have a quantity of communication equipment and cellular modems far exceeding their regular operational needs. And ZPMCs are installed in Israel’s three main ports.

As with TikTok, the U.S. government waged a fierce battle against Chinese tech giant Huawei. Until 2019, Huawei was the world’s largest supplier of cellular networks and was ready to launch 5G networks across the globe. The prices it was offering, up to 70% less than its European competitors at Erikson and Nokia, were, according to the European Commission, suspiciously low. At the same time, Chinese state-owned banks were offering low-interest loans to countries having trouble paying. The first Trump administration, under pressure from U.S. intelligence services, pulled out the big guns and did battle with Huawei’s made-in-China luxury goods with a sweeping international boycott.

The Americans are still claiming that Huawei is the commercial arm of China’s Communist Party which uses it to build a technological espionage network in the West with which it can make the world’s information traffic visible to itself. Anyone building a cellular network can easily plant physical components and “back doors” within it, that it can use to collect, analyze and process information. An FBI investigation found that Huawei equipment can even disrupt American military communication, including that related to the military arsenal.

American sensitivity on the matter is at the level that American civil servants flying to China must leave their personal computers and cellphones at home, and are instead given special devices “cleaned” of any problematic material. Washington also bars U.S. citizens and green card holders from working for certain Chinese microchip companies.

Are the Americans taking all of this too far? “Just because you’re paranoid doesn’t mean they aren’t after you,” wrote Joseph Heller in Catch-22. A survey conducted by the Washington-based Center for Strategic and International Studies (CSIS), based on information published in the media, lists hundreds of Chinese technological espionage cases against the U.S. since 2000 – not including espionage cases against other Western countries, espionage against Americans in China itself, attempts to smuggle forbidden items from the U.S. to China and more than 1,200 intellectual property theft lawsuits filed by American companies against Chinese bodies.

The U.S. estimates the value of U.S. intellectual property (i.e., inventions and patents) stolen by the Chinese each year at around $600 billion. The EU estimates the damage within its territory at around €50 billion, compounded by the loss of 670,000 jobs per year. FBI Chief Christopher Wray despondently told a business leaders convention in London last year, “We’ve now reached the point where the FBI is opening a new China-related counterintelligence case about every 10 hours.”

What are the Chinese interested in? Here’s an example: In January 2023, former General Electric employee, ethnic Chinese American citizen, Xiaoqing Zheng was sentenced to two years in jail for stealing confidential information related to planning and building gas and steam turbines worth millions. This information is worth gold to the Chinese. Aviation and aerospace are in the top ten areas the Chinese want to develop quickly so as to reduce dependence on, and ultimately bypass, foreign technology.

According to Wray, China aims to “ransack” Western companies’ intellectual property so as to eventually dominate key industries. He warned that China is “snooping” on “companies everywhere from big cities to small towns — from Fortune 100s to start-ups, folks that focus on everything from aviation, to AI, to pharma.”

He said that “China is engaged in a whole-of-state effort to become the world’s only superpower by any means necessary” and that “China uses a diverse range of sophisticated techniques—everything from cyber intrusions to corrupting trusted insiders. They’ve even engaged in outright physical theft. And they’ve pioneered an expansive approach to stealing innovation through a wide range of actors—including not just Chinese intelligence services but state-owned enterprises, ostensibly private companies, certain kinds of graduate students and researchers, and a whole variety of other actors working on their behalf.”

China’s Counter-Terrorism Law, enacted in 2016, states that “Telecommunications operators and internet service providers shall provide technical interfaces, decryption and other technical support assistance to public security organs and state security organs conducting prevention and investigation of terrorist activities in accordance with law.”

This means that any manufacturer must allow government personnel access to its production line, and in the case of technological products, also their source codes. Access to the production line means the ability to implant “back doors” enabling remote, wireless hacking of the product’s inner workings.

“This is a very effective method,” Israeli security industry officials explain. “China is taking advantage of its ability to produce quality products cheaply, making them easy to disseminate across the globe, while making them easier to hack and use them to gather information.”

China’s principal espionage agency, the Ministry of State Security (MSS), has been growing at an unprecedented rate in recent years. Its purpose is to fulfill the vision of Xi Jinping, China’s leader since 2012, of becoming the world’s leading military and economic superpower. In October 2022, the Communist Party promoted MSS chief Chen Yixin to the position of the party’s highest-ranking security official and part of the mere 24-member politburo.

Xi Jinping’s ambitious roadmap, “Made in China 2025,” is a plan to overtake the U.S. as a technology superpower by this year. It defines ten fields in which China aims to become a leader, including information technology, 5G networks, electric cars, green energy, robotics, aviation and medical and agricultural equipment.

According to the official FBI website, cases involving the theft of American technology currently make up approximately one-third of the organization’s counterintelligence investigations. “The greatest long-term threat to our nation’s information and intellectual property, and to our economic vitality, is the counterintelligence and economic espionage threat from China.”

The Chinese government employs dozens of hacker groups. Some are government-owned and part of government organizations, such as the army and the MSS, or quasi-civilian groups. Since Chinese law prohibits private hacker activity, the government is willing to turn a blind eye to their criminal activity across the globe, and even grants them privileges, provided they enlist in the “national effort” in the field of cyber hacking. These groups then allow the government to later deny their activities.

But it’s not all cyber. Since 2008, the Chinese government has also been operating an official program called the, “Thousand Talents Plan” (TTP) which, on paper, is designed to attract leading scientists, researchers and professionals from all over the world to China.

According to Western security experts, the program encourages stealing commercial and intellectual property secrets under quasi-legal guises. Program participants sign a contract with a Chinese university or company, which is almost always affiliated with the government, and subject themselves to Chinese law. They are obligated to share their new technological developments only with China, and even recruit further talent to the program. In exchange, they receive research grants and other perks. Many participants are alumni of leading laboratories, companies and prominent Western universities, including those conducting government research for sensitive scientific projects.

“The Chinese gather information about everything. Everything is of interest to them,” say two of the country’s top information security experts, N. and T. “They don’t shy away from what to us might seem esoteric. Through their expertise, they can take in and process vast amounts of information and, from that, extract exactly what they want to know.”

Dr. Menashri: “I’ve never come across Chinese technology that doesn’t transmit. When you operate a Chinese-made device, it first searches the Internet for communication channels to transmit information to government servers in China. You’d be wrong to say to yourself, ‘What can they possibly do with the information collected by my robotic vacuum cleaner?’ Broadly speaking, this is how they understand the Israeli way of life. China has built vast databases of metadata with all sorts of information. They are AI leaders and have a tremendous ability to “melt down” this information and turn it into valuable intelligence.

In a highly informative episode of tech researcher Danit Leybovich’s Why Cyber podcast, Menashri cites an example from another field to explain Chinese modus operandi – the method China uses to complete the natural resources the vast country so greatly needs: metals, gems, diamonds, cotton, energy. etc. “They go to countries with lots of these resources, like in Africa, but not only, and offer: in exchange for your natural resources, we’ll bring you into the modern world. We’ll build you, civil infrastructure for energy and water desalination and public buildings. We’ll build you roads and bridges. And communication too. We’ll also make lots of money available for you to borrow. Everyone knows these countries won’t be able to meet the repayments, and then the infrastructure built eventually becomes the property of the Chinese government. Sri Lanka’s government, for example, collapsed when state infrastructure was transferred to China.

“The risk of information leaks to the Chinese is even more serious than the threat from a country such as Iran,” say N. and T. “They’re not only planning, they’re implementing. We have seen a step up in the pace at which Chinese hackers are exploiting program ‘weaknesses’ discovered all over the world for new hackings. In the past, it would take them days or weeks. This indicates very advanced processing and computing capabilities. They’ve invested a great deal in development. The Chinese use IP device addresses, in Israel too, to infiltrate organizations. Organizations usually automatically block unauthorized addresses. Rather than directly attacking from a Chinese IP address, the Chinese use a legitimate Israeli address, using ‘Israeli real estate’ to infiltrate and advance from one organization to the next, making it very hard to trace the source of the attack.”

For a decade now, senior defense officials have been warning of the inherent risk in China’s Communist Party owning critical infrastructure in Israel. The fear is that the day will come when China may cripple or harm them. In the meantime, China is using them as a platform for gathering intelligence. Everyone familiar with the matter agrees that Israel is of great interest to China, but they claim that, unlike the U.S. until now, serious oversight is in place over hardware and software in sensitive companies and organizations.

The provision of servers for government or military use is also conducted via tenders involving strict security thresholds. The IDF does indeed use Chinese-made equipment such as DJI-manufactured drones, but only after removing their built-in transmission capabilities. The Transport Ministry conducted research on cyber risks in connected vehicles and formulated regulations on the matter. The ministry also worked with the National Cyber Directorate, Ayalon Highways and ELTA to set up a cyber center for smart transport, designed to conduct cyber tests on vehicles.

China also has a wide array of interests in the Arab world and Iran. Almost all of the infrastructure in Iran is operated by Chinese companies. China, systematically, votes against Israel in every international forum and has positioned itself as part of the Axis of Evil. This hasn’t stopped the Chinese from conducting extensive trade relations with Israel and investing extensively in strategic assets and critical infrastructure in Israel via Chinese companies.

Nir Ben-Moshe, a former senior Defense Ministry official and currently guest researcher in the Israel-China program at the Institute for National Security Studies (INSS), explicitly warned in an article published in February 2022 that China’s espionage efforts are also taking place in Israel, viewed as a tech leader. Ben Moshe says that it’s also likely that Chinese intelligence is focusing on the extensive network of connections between Israel and its ally, the United States. Ben Moshe lists the obvious areas of interest:

Weapons systems developed with or by the U.S., advanced Israeli military technology exported overseas and Israeli academia that collaborates with both the defense establishment and institutions in China. He says that Israel is very vulnerable to attacks in cyberspace, whose purpose is stealing knowledge. Israel is full of computer, information and communication networks that can basically be accessed remotely.

For its own reasons, Israel is refraining from airing its dirty laundry in public and accusing the Chinese of espionage in its territory. There’s consensus among decision-makers about maintaining correct relations with the superpower. The Shin Bet spokesman’s office said that it does not address the matter in the media.

If, in theory, to hermetically seal the problem, you could prevent the sale of Chinese electronic devices, would you advise doing so?
N.: “That’s a very complex question with cyber technology, political and economic implications. The answer is unequivocally no. I think the right thing is not to prevent purchase, but rather inform the public on how to use the devices safely.”

T.: “Take the permission we’re required to give our smartphones when we use an app for the first time. I keep trying to explain to my mother: Why would you allow software access to everything? Or something basic like changing a password – why not do it? Why would you pay a dollar for a smartphone that should cost $100? As soon as a product costs a dollar, the purchaser himself becomes the product. Someone’s trying to lure you into buying the device so as to track your usage.”

In other words, we must behave as if we are being listened to, photographed and monitored all the time.
N.: “We don’t need to take it to the extreme, bordering on paranoia. Speaking for myself, though, I’m careful about what products I buy and which apps I use.”