The spy next door: Decrypting China's Ministry of State Security, the world's largest and most secretive intelligence agency

Time of India

6 hours ago

In June 2020, India and
China
were engaged in a skirmish along their 3,488-km border. Just four months later, around 10 in the morning on October 12, power went off in Mumbai. It was a Monday, and the outage crippled India's city of dreams—millions were affected as mobile networks and public transport, including local trains, went down. The grid failure was resolved in a few hours, and an inquiry was ordered.
The preliminary report pointed to a cyberattack, with experts laying the blame at the doors of China, which, many in cybersecurity circles concluded, had penetrated India's power grid to send a message after the June skirmishes.
There were reasons for this attribution. China is among the few countries that can do it, having built significant muscle in cyber warfare, and much of it stems from investments in its principal intelligence agency, the
Ministry of State Security
(
MSS
).
The what, you ask? From KGB to CIA. From ISI to MI6. From FSB to
Mossad
and R&AW. Intelligence agencies from around the world have always worried governments and offered fodder to writers of spy fiction. In this alphabet soup, the little-known MSS doesn't exactly conjure up images of secret agents in tuxedos gambling in the casinos of Monte Carlo.
Yet, nestled away from the glare, China's MSS has become the largest intelligence agency in the world. Its headcount is pegged between 350,000 and 800,000 with operations in over 100 countries (even KGB at its peak only had about 300,000 operatives). Its annual budget, as per estimates, is more than $20 billion.
Live Events
On the back of such investments, MSS has upped its game over the last decade. The latest? A few weeks back, Americans alleged that two Chinese researchers were trying to smuggle a fungus into US, in what is being viewed as part of a strategy of using students to infiltrate the country.
Despite its reported hand in multiple such ops, large and active footprints, fast growth and direct or indirect involvement in nearly every country's affairs, MSS has remained under a shroud. In a world in a geopolitical flux, a broader understanding of it is critical.
PARTY, NOT THE NATION MSS
MSS wasn't always this big or active. A big expansion started in 2012 when Xi Jinping took over the reins of the country, believing that intel and covert ops are critical cogs to keep the Chinese Communist Party (CCP) in power.
So, unlike most national spy organisations whose agenda mirror that of the nation, MSS is tasked with protecting CCP, as Sriparna Pathak, professor of China studies at the Jindal School of International Affairs, points out.
Timothy R Heath, senior international and defence researcher at Rand Corporation, a global think tank, says, because of MSS's mandate, its ops mainly focus on regime security, suppression of challengers to CCP rule, espionage, influence operations and targeted missions against Chinese dissidents
abroad.
It is different from other agencies in many ways.
It is the only agency looking at both domestic and external ops.
It has a highly complex structure with multiple divisions and sections.
It has invested massively in offensive cyber ops.
When Chen Yixin was appointed as the minister of state security in 2022, he was tasked with pushing the boundaries further. After Covid-19 broke out, Chen, a Xi loyalist, was chosen to handle the fallout and 'manage' anti-China narratives across the world.
True to his brief, Chen made MSS more diversified, lethal and mysterious.
OPERATIONS IN INDIA
Because of its mandate to target Chinese dissidents, the longest running aspect of MSS' ops in India is said to be the targeting of the Tibetan government-in-exile, led by the Dalai Lama, whom Beijing considers a political dissident.
But MSS has widened its tentacles over the last few years. In February 2024, I-Soon, a Chinese contractor who works for government agencies, including MSS, had a data leak that gave clues regarding its operations in India.
The leak revealed that China, through cyber ops, had collected 95.2 GB of immigration data from India, along with data indicating it might have been behind the 2018 hack of the Employees' Provident Fund Organisation. There were also indications that other entities, including Reliance and Air India, were attacked.
As intelligence expert LieutenantColonel (retd) Pavithran Rajan says, the widening tentacles 'translate into aggressive cyber-espionage, targeting our critical infrastructure, from power grid to vaccine manufacturing'.
In 2018, a Chinese national, Luo Sang aka Charlie Peng, was arrested in Delhi for money laundering and espionage. Reports suggest that he was in the country from 2014, having crossed over from Nepal, and had even attained an Aadhaar card while laundering money.
'On the human intelligence front, they run sophisticated networks,' says Rajan, adding that the Chinese strategy is to use every available lever —cyber, economic and human —to gain strategic advantage over India. 'They also engage with insurgent groups in the Northeast and coordinate with Pakistani intelligence organisations,' he adds.
Its outreach is vast. In the neighbourhood, it has reportedly had a hand in overthrowing governments.
As Lieutenant-General (retd) Deependra Singh Hooda, cofounder of Delhi-based Council for Strategic and Defense Research, says, a critical threat for India is the codification in Chinese law that all entities must work with MSS. Their National Intelligence Law says, 'All organisations and citizens shall support, assist and cooperate with national intelligence efforts in accordance with law, and shall protect national intelligence work secrets they are aware of.'
This, says Hooda, makes for a significant national security threat for India, given the prominent presence of Chinese companies across sensitive sectors like power and telecom.
THE STRUCTURE
Countering MSS starts with understanding MSS. The structure of MSS is all about specialised tasks, with analysts estimating 12-20 bureaus within it.
The biggest by manpower is the Bureau of Internal & Political Affairs, which keeps a close eye on the internal affairs of China and is responsible for the security of top CCP leaders. As part of monitoring its own people, it carries out extensive technical surveillance.
Meanwhile, members of the Bureau for Foreign Intelligence Collection operate abroad in the guise of diplomats, journalists, tourists, academicians, students and businesspersons.
There is also the Bureau of Hong Kong, Macau and Taiwan working not only to spread communist ideology in these geographies, but also to monitor residents closely.
The Bureau of Technical Support & Cyber Operations, which is probably one of the biggest bureaus of MSS, is tasked with cyber espionage and plants technical operatives in Chinese companies and embeds trojan horses in Chinese equipment. Today, its footprint is visible across the world. This is where top talents of China are recruited to carry out technical espionage using unindexed proxy servers and private networks, many of which are located on isolated islands in the Yalu River bordering North Korea.
The Bureau of Counterintelligence keeps diplomats, agents and visitors under close watch. As part of its counterintelligence grid, they have a special team that carries out investigations into any intelligence breach. It has a WeChat account where anyone can report suspected intelligence breaches.
Members of the Bureau of Economic Intelligence & Industrial Espionage work to steal intellectual property (IP). Xu Yanjun, a Chinese engineer, was arrested in Belgium in 2018 for stealing data related to turbine engines from General Electric and the French firm Safran. In the US, FBI is investigating more than 2,000 such cases, with nearly 85% believed to be attributable to MSS.
China gathers a lot of data, domestic and international, and sends it to the Intelligence Analysis Bureau where AI systems analyse it.
The smaller Internal Security & AntiCorruption Bureau monitors officials —their loyalty, actions that threaten internal security and corruption.
The Bureau of Counter Terrorism carries out extensive surveillance on ethnic minorities like the Uyghurs and the Tibetans.
The Bureau o f Recruitment and Training is based in Hangzhou. It conceals its identity as Jiangnan Social University, while its real purpose is believed to be to provide training and tools in tradecraft, counterintelligence, surveillance, foreign languages, cryptography, cyber ops and ideological loyalty.
The Signal Intelligence Bureau houses the cipher division as well as monitors signal intelligence from across the globe.
The China Institutes of Contemporary International Relations (CICIR) is seen as a front for influencing foreign diplomats, bureaucrats and academics.
The China International Culture Exchange Centre (CICEC) works in a similar fashion to CICIR and in the shroud of a cultural organisation.
Both CICIR and CICEC are important tools for recruitment of MSS agents. Since deploying Chinese nationals in other countries could give the game away, it recruits people from other ethnicities as agents and that's where these two organisations play a vital role. They arrange conferences, meets, conventions and other events across the world in the name of cultural or academic activities, invite people, provide unimaginable hospitality and recruit people for their purposes.
The China Information Technology Security Evaluation Centre (CNITSEC) works to keep China safe from technical vulnerabilities.
The Special Operations Bureau works on a multi-dimensional spectrum and handles high-risk, sensitive and covert activities, including extrajudicial killings.
Meanwhile, the Bureau of Liaison connects with friendly countries like North Korea, Russia and Pakistan, facilitating intelligence-sharing and joint operations.
THE MSS ERA
Due to their secretive nature and overlapping roles, the exact way all these bureaus come together is difficult to gauge, but unlike other countries that have separate intel orgs for domestic, foreign and specialised ops, the umbrella structure is believed to help MSS in efficiency.
But optimising for efficiency may not work everywhere. As Heath points out, in countries like US, the separation of foreign and domestic spy duties is designed to prevent concentration of power and reduce risks of governments using spy agencies to monitor their own citizens and violating their rights and privacy. Rajan says, 'On the one hand, this integrated model can be highly efficient for a state like China that views internal dissent and foreign threats as intertwined. However, this consolidation of power creates immense risks.' He says, it 'can lead to a monolithic groupthink, stifling the diverse analysis that competing agencies might provide'.
For the moment, what is clear is that the world is living through the era of the MSS.