The Washington PostDemocracy Dies in Darkness

Faulty Chinese spy technology may help convict former CIA officer of espionage

The phone the Chinese intelligence operatives gave Kevin Mallory was a specialized spy gadget. If it had worked like it was supposed to, he might be a free man today.

The former CIA officer, on trial in Alexandria federal court on espionage charges, freely told his old colleagues that he had been approached by those spies on social media in February of 2017. He said he had been invited on two trips to China and given a Samsung Galaxy phone with special encryption capabilities.

What he didn’t tell his U.S. intelligence contacts, and, according to prosecutors, what he thought they would never learn, was that he also traded classified documents to the Chinese agents in exchange for $25,000.

Mallory, a 61-year-old from Leesburg, Va., who also served in the Defense Intelligence Agency, State Department and U.S. Army, was arrested last spring. While prosecutors say he was selling secrets, he contends he was trying to expose the Chinese spies. Whatever jurors decide, the veteran intelligence operative’s trial is offering a glimpse into some of the inner workings of both Chinese espionage and American attempts to counter it.

It’s “very rare” for a foreign intelligence service’s device “to be revealed like that,” FBI agent Paul Lee testified on Thursday. The phone would have cost the Chinese government a lot of money to develop, he had told Mallory last year.

Mallory explained in meetings with the CIA and FBI, which were recorded and played for the jury, that the phone contained an app designed to facilitate steganography, or the hiding of information inside of an image. Documents were merged into a file that appeared as an image — in this case, the Chinese chose horses grazing in front of a mountain range.

To send the files through the secure version of the app, which was a customized version of the Chinese messaging service WeChat, both parties had to be online and type in a password. (The one built into the application, Mallory told the officials, was the word “password,” in English.)

Mallory told the FBI that the Chinese spies told him they had found a “special way” to make the app safer.

But their system was flawed. James Hamrock, an engineer who analyzed the phone for the FBI, said he believes the encrypted application crashed at one point, creating an unintentional log of Mallory’s communications with one of the Chinese spies.

If the app had not crashed, Hamrock testified, he likely would not have been able to see Mallory’s communications. Instead, as Mallory and FBI agents met in a hotel room in Ashburn, Va., last May to look at the phone, they saw conversations in which Mallory had discussed delivering “more documents,” including something related to a foreign intelligence service. (The name of that service was redacted from exhibits shown in court).

“I’m — I’m surprised it kept this much,” Mallory told the agents as they examined the phone.

But defense attorneys stressed that U.S. law enforcement would never have known about the phone — let alone have been able to examine it — had Mallory not brought it to them.

Mallory maintains that as soon as he realized the Chinese recruiters who had approached him on LinkedIn were spies, he decided to deliver them to American hands.

“Kevin Mallory has worn a white hat throughout his career, and he did not take it off for a relatively small amount of money,” public defender Geremy Kamens said in his opening statement. “If he was motivated by money, he would have kept his mouth shut.”

Former CIA officer accused of selling top secret information to China

Instead, Mallory caught the attention of authorities because he repeatedly contacted a CIA employee from his church and a CIA contractor he worked with from 2010 to 2012 to say he believed he was in touch with Chinese intelligence.

In a text to the contractor, a covert operative who testified from behind a screen under the pseudonym John Doe, Mallory said the operatives “asked me a few questions that could have only come from our side of the house.”

Doe testified that he took that to mean that the Chinese had penetrated the CIA.

Doe said Mallory’s request to be put in touch with someone in the agency’s East Asia Division “seemed odd.”

Ralph Stevenson, a CIA resources officer, agreed. When Mallory contacted him in a similar manner, Stevenson said, he deleted the texts and responded with a terse email.

At the Montgomery Chinese Branch of the Mormon Church that weekend, Stevenson upbraided Mallory.

“I told him to never to do that again,” Stevenson testified. “He spoke about authority and chain of command at church on a regular basis; he was outside the CIA’s authority; it was not in his chain of command.”

Both Doe and Stevenson contacted CIA security. Mallory appeared comfortable with that outcome.

“Finally made contact,” he texted Doe on May 2.

Mallory met with CIA security officer Michael Dorsey at the agency’s Langley headquarters 10 days later. In a videotape of the interview played in court, Mallory casually explains his interactions with the Chinese agents during two trips to Shanghai that spring.

The two men, both named Yang, presented themselves as working for a think tank. But instead of having him come to an office, they insisted Mallory meet them in a “kind of dumpy” hotel room.

“If I were running an agent, I’d pick a nicer hotel,” Mallory joked in the interview.

The Chinese asked him about the Trump administration, he said, particularly policy surrounding currency ma­nipu­la­tion, the South China Sea and missile defense.

“To me, it was kind of obvious” that they were spies, Mallory said. “The fact that they were asking all this stuff — they wanted to be recognized.”

He said he “asked them point blank” if they worked for the government.

“They were coy,” Mallory said. “They didn’t deny it.”

Mallory told the pair he had applied for several jobs in the new administration — including at the CIA and the Department of Homeland Security. They were enthusiastic, he told Dorsey.

“They said if I could get in the administration, that would be really good,” Mallory said in the video.

Mallory did not bring the phone when he first met Dorsey, saying the Chinese government might be tracking him. But he agreed to bring it to a hotel in Ashburn on May 24, suggesting the CIA could examine it in a secure pouch that blocks cell signals.

It was there that Mallory met the two FBI agents and, prosecutors say, the extent of his contacts with the Chinese became clear.

“There were only two moments in the interview when his composure really changes,” special agent Stephen Green testified Friday — when Mallory saw the FBI agents and when the secure messages appeared on the phone.

Green said Mallory tried to explain the conversation about documents and a foreign intelligence service as “me pitching or them talking about, like, terrorism or something like that.”

Two days after the interview, Mallory emailed one of the Chinese spies to say he was “having problems with WeChat” and they should talk on Skype. They discussed another trip to China.

A month later, Mallory was arrested. His home was searched. The phone was found — WeChat had been deleted.

Read more:

Trial exposes connections between cybercriminals and Russian government

A dispute at school, a shooting later and one D.C. teen accused of killing another

Inauguration Day rioting charges dropped against 7 defendants