TikTok as a Trojan Horse on the Southern Border
How China uses a human rights crisis, economic exploitation, and data vulnerability to spy on the US
Overt Operator
July 11, 2023
A Border Patrol Agent leaves vehicle to conduct a foot patrol (Josh Denmark, CBP).
All the people who come to the U.S. Southern Border are seeking something. For some, it’s an escape from peril in their country of origin. For others, it is the chance for a better life. For the Chinese nationals who spoke with reporters at the Southern Border, it is a mixture of both.
Yet, as these asylum seekers and escapees flock to entry points, the threat of Trojan horses and other bad actors are mixed in among them. Reports have stated that a growing number of Chinese nationals attempting U.S. entry through Latin America were “guided” by TikTok.
Complex Risks of Cyber Influence in the Migrant Crisis
The rise in human smuggling and other criminal enterprises can be greatly exacerbated by access to sensitive migrant data. Criminal actors can use the data of these vulnerable groups to exploit them, to manipulate economic relationships and supply chains, and to undermine national security laws and policy.
Areas Impacted by the Risk
U.S. “critical infrastructure”, which are the 16 infrastructure systems vital to the U.S. way of life.
International cybersecurity.
Physical risks such as health, safety, and other physical vulnerability risks.
Overlap of Territorial and Cyber Risks
This analysis looked at all territory that falls within the sovereignty of the United States as being U.S. Borders. This analysis will also include risks to the South Pacific U.S. territories such as Guam. Stability metrics detected key areas where territorial on-the-ground risks from border vulnerability and cyber risks overlapped.
Screen Capture of video from Ventura Report Twitter showed migrants who had been living on the banks of the Rio Grande for “three days' ' after a razor wire fence put up by Texas authorities prevented their entry into U.S. territory. This highlights the vulnerable nature of borders as humans attempting crossing through illegal channels are at an elevated risk of injury, disease, exposure to the elements, and crime.
Because migrants entering the U.S. border are often vulnerable people attempting to escape dangerous groups or totalitarian governments, many risk factors are at play.
First, the migrants themselves, and border agents, are at risk of disease, injury, or falling victim to crimes. Secondly, civilians are in greater jeopardy of being victimized by drug cartels and other violent actors who may take advantage of the critical strain on customs agents.
Associated Cyber Risks
The analysis below explains in detail the cyber risks associated with the physical vulnerability migrants and border citizens face. These risks can come from foreign interference and other forms of data exploitation as people, and their data, are put in compromising situations.
Migrant Smuggling
In recent years, migrant smuggling operations have seen a sharp increase, with smugglers called “coyotes” adopting new tactics.
On June 27, Border Report tweeted that police had arrested four “Mexican men” in connection with migrant smuggling activity that left “53 people dead” in San Antonio, Texas in 2022.
Above, the U.S. sanctions a top migrant smuggler from the Sinaloa Cartel who reportedly made “billions of dollars” from human smuggling. Spanish language reports stated that Ofelia Hernandez Salas was charged with smuggling people from “Bangladesh, Yemen, Pakistan, India , the United Arab Emirates, Uzbekistan, Russia, Egypt , Brazil, Peru, Ecuador, Colombia, for her services. Costa Rica, Nicaragua, Honduras, El Salvador , Guatemala, Mexico and other countries.”
Spanish-language news outlets reported that Ofelia Hernandez Salas, .a.k.a. “La Lupe”, a coyote of the Sinaloa cartel, was charging migrants “$70,000” for a U.S. crossing. On June 16, the U.S. Office of Foreign Assets Control imposed sanctions on Hernandez Salas’ criminal enterprise, known as the Hernandez Salas Transnational Criminal Organization, the Federal Register stated on June 22. This enterprise reportedly had its headquarters in Mexicali, Baja, California.
Homeland Security Investigations also reported in June that authorities had extradited a Honduran human smuggler, Maria Mendoza, who facilitated border smuggling fees through phone conversations, Immigration and Custom Enforcement announced on June 26.
Local media reports from San Antonio likewise reported that two Texas National Guard soldiers were arrested in June for being “involved in human smuggling,” while being assigned to assist authorities in stopping illegal crossings in the regions of Kinney, Maverick and Val Verde Counties.
An image taken from CBP shows a plywood barn being used to transport individuals into the United States.
Also in June, Customs and Border Protection reported that authorities in Laredo had intercepted a human smuggling attempt where smugglers were transporting 20 individuals in a plywood barn.
One June 24, Lt. Chris Olivarez with Texas Marine Tactical Unit tweeted that Texas Tactical Marine Unit had collaborated with Florida Fish and Wildlife to arrest Armando Grimaldo Hernandez for smuggling humans over the Rio Grande.
Video posted by Lt. Olivarez shows authorities taking Armando Girmaldo Hernandez into custody.
Smuggling Risks From Social Media
In recent history, China has used social media to promote the PRC’s national philosophy, the University of Hawaii at Manoa explained. However, as is the case for the demographics and high risk situations detailed in this report, social media can exacerbate individual and communal vulnerabilities. These individuals act as a potential goldmine of sensitive national security information, knowingly or not, providing access to routes, gaps in border authority’s defensive posture, and myriad of other factors a nation state may attempt to manipulate for its own gains.
Other media reports claimed that TikTok and YouTube influencers were offering migrant smuggling services, with the “influencers” offering illegal transportation into the United States for “more than $10k per person.” These operations also partner with public transportation. On June 26, a migrant who escaped illegal trafficking helped the Mexican authorities arrest bus drivers who had been paid to transport both African and South American migrants to Sonora, Border Report wrote.
Insight Crime reported that migrant smuggling operations had gone from “mom and pop” operations to “lucrative” organized enterprise. Media analysts stated that these criminal organizations are linked to drug cartels, and have been documented creating TikTok and YouTube video campaigns to smuggle migrants to “the American dream” for a fee.
Earlier in June, the U.S. government reportedly sanctioned migrant trafficking organizations in an effort to diminish the risk, Courthouse News Service reported.
Screen Capture of a video by Soy Xulen that documents the journey of backpack toting migrants.
Independent media and blogs made note of a YouTube and TikTok campaign by username “Soy Xulen” that claimed to be “documenting” the experience of migrants as they cross the border. The Xulen videos were a campaign for smugglers to make a profit on illegal migrant entry and “border services” in the Big Bend, Texas region.
A screen capture of the Soy Xulen YouTube program shows migrants on the trail.
The videos showcased people wearing camouflage and were allegedly captioned with Spanish-language hashtags meaning “the American dream,” “pickup” and “migrants.” Independent media documenting the social influencers claimed the videos captured illegal raft traffick.
In April, Interpol announced Project Turquesa, an international cooperation effort to reduce the human smuggler operations by promoting “interagency and international” cooperation to slow the enterprise down.
Latin America continues to flag alert lists for the United States Department of State, with the Dominican Republic remaining at level 2 for human trafficking vulnerability, at the time of this report.
Overview of International Human Trafficking
At the time of this report, the Dominican Republic reportedly remained at a Tier 2 threat for human trafficking vulnerability and Venezuela was at a Tier 3, failing to “fully meet minimum standards” for the elimination of human trafficking, the State Department reported in 2022 and 2023. The State Department recorded an increase in the number of trafficked persons in Venezuela from 2022 and 2023 due to “political instability” in Venezuela within that time frame.
The State Department likewise, in its 2023 report on human trafficking from China, referenced the PRC’s use of abusive practices that led to the trafficking of Chinese nationals abroad:
“PRC officials operating in other countries may have facilitated the sex trafficking of PRC nationals abroad through lax visa and immigration procedures and may have facilitated the labor trafficking of PRC nationals abroad in BRI projects,” the State Department wrote.
The State Department documented cases of Chinese nationals suffering from forced labor conditions on BRI worksites and other Chinese infrastructure projects across Asia, the Middle East, Africa, and Europe. In its analysis, the State Department found that PRC authorities likewise failed to exercise the proper oversight in its infrastructure projects to prevent human trafficking from these sites.
TikTok, Douyin, and the Migrant Crisis
TikTok’s potential risks to national security drove Congress to see testimony from CEO Shou Chew and lead advocate Vanessa “V.” Pappas over the span of late 2022 and early 2023.
TikTok Exploitation and Unconventional Risks
Research derived from The Citizen Lab showed that there was no “overt” data transmission to the Chinese government by TikTok.
Instead, the Chinese government might use unconventional ways to obtain user data, such as by exploiting the CCP’s National Security law and compelling ByteDance, the parent company behind TikTok and its Chinese language counterpart Douyin, to grant the Chinese government access to user data. While TikTok’s U.S.-based headquarters has taken measures to “distance” itself from its Chinese routes, the company is required by law to comply with the Chinese government.
ByteDance is headquartered in Beijing, and, CEO Shou Chew’s Congressional testimony explained, some members of the ByteDance board of directors are also members of the Chinese Communist Party. ByteDance has been described as a “hybrid” company that is both state-sponsored and privately owned. This ownership structure is called an “ambiguous” ownership structure and is complex by design. Due to this complexity, it can be “challenging” to assess the level of influence the Chinese government has over the technology.
TikTok and its Chinese counterpart Douyin favor local content that uses location data to suggest content. The content displayed by TikTok and Douyin are “vastly different” media reports confirmed. A U.S. user cannot access Douyin in the app store.
However, migrants to the United States who also use Bytedance technology have reportedly favored the Douyin app. They use the app to find a local guide, using hashtags #TheRoute, #TheBigBeautiful, and similar search terms to trek across Latin America.
Beyond TikTok
While TikTok is the most well-recognized data breaching concern, experts have noted that the app can access the entire device of the TikTok user. This threat can, therefore, echo cybersecurity concerns across a span of applications, cloud platforms, telecoms software, and so forth. As seen above, Chinese regime nation-states have also found ways to hide in plain sight of office maintenance tools such as Microsoft. The risk extends to whole devices and systems because of the device and data access apps like TikTok have.
Chinese nation state actors were documented violating Western trade laws and guidelines. A heightened level of economic activity was observed between China and Latin America within the span of April to June 2023.
In May, Chinese-state linked news agency Xinhua, a post to its Hindi language publication Twitter announced, had reported that Chinese leader Xi Jinping had appointed two new ambassadors to Latin America, one to the Dominican Republic, and one to Venezuela.
Social Media Risks Associated With Trafficking
The United States Office on Drugs and Crime explained in 2021 that traffickers use technology, particularly social media platforms and dating apps to target and “recruit” trafficking victims, primarily for sex slavery. Traffickers will profile these victims with the data shared by the victim to their social profiles, and will use this to learn about the victim’s personal lives, profile them, and then commit crimes by assuming false identities.
Migrant smuggling observed above through YouTube, TikTok and other platforms shows information that traffickers can use to profile and exploit vulnerable migrants being smuggled by illegal enterprises across U.S. borders. Already vulnerable populations face the additional risk of being targeted from their data and social media presence by other malign groups that may seek to exploit them further during the crossing.
Physical Risks of Trojan Horses
When the TikTok app accesses a device, it has access to the whole device. This includes the camera and microphone. In the case of a bad actor intending to use a device synced with an app for antagonistic reasons, such as spying on another country, this access can be empowering. Cell cameras and mics become thousands of little eyes and ears everywhere.
Risks from bad actors can slip past authorities, because the agent may look at a phone and think little of a social media app, such as TikTok, which is by itself non-harmful. Yet, the app can act as digital spy tools, allowing unfriendly eyes to come across borders, and put surveillance into vulnerable crossing point areas.
As illegal traffic and smuggling operations find their way on TikTok, the risk of Trojan horses is realized. Using the “eyes and ears” of the so-called coyotes, or the traffickers that act as courier services taking people by raft into border crossing points, a bad actor might collect data on how to enter the United States while evading U.S. authorities.
Understanding Adversarial Motivations
If the devices of migrants trying to escape totalitarian regimes are hacked, then what would those regimes be looking for?
Analysts looked to the root cause of adversarial motivations to understand why nations' competition tensions scale up. Beyond the international organizing bodies like the United Nations, international powers are no higher power to answer to on the political stage. This absence of a central political power to enforce rules has been described as an international “anarchy” by political scientists.
Because of this, they look to “relative power” or the control of resources and other power dynamics on the global stage, to compete with each other.
Sometimes this need for control boils over into physical combat, such as can be seen in the case of the current Russian incursion into Ukraine. In this incursion, Russia is using physical force to attempt to gain “de facto” control over Ukraine’s sovereign territory. De facto control is the term used in global politics for a nation that legally belongs under the sovereignty of one government but is under the physical occupation of another.
Consider that modern Chinese national doctrine promotes the playbook of Sun Tzu, an ancient Chinese Imperial general, whose philosophy was known as the author of “The Art of War.” In the second chapter of “The Art of War '', Tzu highlights tactics that avoid strong points but rather attacks adversary nations’ weaknesses. Through this tactic, an aggressive actor can target the most vulnerable points in a rival nation’s defense systems. By doing this, an aggressive actor can win a conflict without ever even fighting a physical war.
Chinese national philosophy prioritizes a long-term strategy of espionage and adversarial exploitation over direct military aggression. Because of this, to gain the control of the desired relative power that comes from resources, Chinese nation states would target weak points in its adversaries and use these elements to gain “de facto” control rather than directly engage in military hostilities.
Physical Risks To Borders from Foreign Interference
In the case of immigration crisis, unique issues also stem from foreign interference risks. If a United States rival wants to take advantage of U.S. domestic issues, the border crisis is a weak spot that creates favorable conditions for foreign interference, or the act of a foreign government influences the policy, economics, society, and infrastructure of a rival nation.
China’s Economic Pursuits
The Chinese regime has unique interests. Shaping a “multi-polar” world is a high priority for the regime, because this can help the nation shake the perceived “containment” by American powers, and advance its world economic pursuits. Over the decades since China prioritized this pursuit, it has gone from an emerging world trade entity to a world economic super power.
As a result of shared interests over limited resources, the United States and China have now reached the greatest tensions since “1979,” political analysts explained. In 1979, former U.S. President Jimmy Carter approved the U.S. Taiwan Relations Act, on the heels of the “one China policy” which required the U.S. to provide Taipei with defenses, but did not violate the one-China agreement, the Council on Foreign Relations explained.
Evidence of Chinese International Influence Activity
Overt Operator, using data analysis, was able to research these so-called border weaknesses to better understand what bad actors could be seeing, what information they could derive from device access, and in what ways they could use it.
China Influences, U.S. Borders, and the Americas
In this assessment, Overt Operator honed in on the Chinese regime’s political, economic, and social influences in the U.S. Borders and U.S. bordering regions. From there, analysts took a look at the Americas and their political, economic, and social influences. In this way, Overt Operator analyzed not only the vulnerabilities of the U.S. Border entry points, but also the vulnerabilities of the nations of the surrounding region.
Mapping Influences
The United States Southern region, spanning territory that shares borders with Mexico, saw a series of political, economic, and other influences in the span of May-June 2023.
Rather than following the exact border line, these influences were over the line, and were detected in a series of southwestern and southern cities.
China Foreign Influence in the Americas, Overview
The above map highlights areas where data intelligence detected Chinese political, economic, criminal, social, and infrastructure, military, and other information influences. Analysis of foreign and domestic media reports, social media posts, and public records discovered that, between April and June, China had advanced its economic partnerships in Latin America. In particular, China established stronger infrastructure influence in Cuba, and an embassy and greater export control of the coffee trade in Honduras.
Alleged Spy Facilities, and Human Risks
Media reports from The Wall Street Journal and other outlets expressed some concerns that these economic incentives would act as “Chinese spy bases" as China actively advanced the critical infrastructure of its Belt and Road initiatives in Latin America. Cuba reportedly denied any agreement on the presence of a Chinese military base in its territory. However, The Wall Street Journal had reported that China and Cuba had inked a deal for “several billion dollars” to install a spying facility within Cuba’s borders.
Economic Influences
A high-level data intelligence query found multiple layers of Chinese influence in the Americas as a whole continent. These influences include areas where Chinese-linked entities have had some economic, political, social media, or critical infrastructure influence.
In some cases, intelligence found that the U.S. blocked the efforts out of concern for public safety. Such was the case of Microvast, a China-linked entity in Texas that had received a $200 million dollar grant that the United States government chose to withdraw due to concerns about the entity’s China relationship. The Global Times, a Chinese-state affiliated newspaper, posted to Twitter on May 23 a report on the Chinese regime’s disdain that the United States had made an “issue” out of China by canceling the grant.
Chinese Economic Influence in Mexico
Between April and June, China held talks with governors across Mexican provinces to discuss greater cooperation in economics, energy, tourism and water. Spanish-language media site Diario Rotativo reported that the Governor of Queretaro Mauricio Kuri Gonzalez and the Chinese ambassador to Mexico Zhang Run held a “strategic meeting” in Casa de la Corregidora to discuss economic cooperations and the “need for balance” with other economies “such as the United States.” Reportedly, Ambassador Zhang Run invited Queretaro to feature its products at the China International Import Expo that is scheduled for November.
In early June, Vision Peninsular, a Spanish-language news website, reported that China and the Yucatan had motioned to “strengthen” economic ties. The report stated that Yucatecan businessmen had attended the Hubei Province Investment Seminar. Likewise, the report detailed that in November 2022 the Chinese state affiliated telecom company Huawei had signed an agreement with the Yucatan government for “dual technology education.”
China Influence in Cuba and the Caribbean
Data intelligence discovered that the Chinese regime likewise has a pronounced presence in Cuba and the Central American nations of the Caribbean. In June, Cuban media highlighted a meeting of the nation’s foreign affairs committed with the other members of the “‘BRICS” or Brazil, Russia, India, China and South Africa.
The BRICS alliance was, at one time, an economic cooperation, but, as The Wilson Center (a think tank that studies Chinese foreign relations and world affairs) reported in May, the alliance has slowly transformed into more of a Western rivalry over time.
Ambassador Mark A. Green, the president and founder of The Wilson Center, wrote a blog post that was published in May and that highlighted the 2023 status of BRICS. Instead of remaining an economic development incentive group, the BRICS transformed into a “coalition” of a kind, aiming to advance an economic and world affairs strategic summit that is “distinctive” from the Western-led G7 economic development alliance.
China Influence in the U.S. and Outlying Territories
Influences also saw Chinese regime actors embed themselves in U.S. territory controlled critical infrastructure in areas where key U.S. military assets are managed. In May, cybersecurity professionals reported trends of Chinese national hackers “living off the land” in U.S. based systems in Guam. On May 24, Microsoft reported that a Chinese nation state actor known as “Volt Typhoon” was using built-in network administration tools of Windows to access systems, evade detection, and observe ways to potentially disrupt communications.
Analysis Key Findings
In the case of China-linked nation states, the need for data security culture has profoundly increased. Overt Operator analysis and reporting has connected not only the Chinese strategic motivations, but also the potential means by which they may extract critical U.S. data.
This analysis found the complex motivators for why a Chinese nation-state actor may want to sabotage U.S. interests domestically and abroad using cybersecurity threats.
Intelligence gathering unearthed the various supply chains China may seek to control in the Americas, particularly in the form of exports of agriculture( such as humanitarian aid supplies of wheat and urea, and the flow of coffee supply chains), supply chains of industrial development by investing in construction material and fabrication suppliers, and in producing infrastructure bases.
Perfect Storm For Computer Vision Intelligence Seekers
Analysis then unearthed that the vulnerability of the migrant crisis has created the perfect storm for bad actors to extract “computer vision” of U.S. border authority evading paths into the U.S., through audio and visual data that could be used to target the critical infrastructure key to manipulating and controlling the key economic and digital systems that the U.S. and the Americans as a whole use for its way of life.
Possible Enforcement of Illicit Trade
As seen in the example of human smuggling, this could lead to an exacerbated risk of the U.S. undermining illegal trades between Chinese-regime actors and cartels, or even between governments, a practice called “illicit trade” and “corruption” by the Organization of Economic Cooperation and Development.
Fuel to the Fire of Existing Human Trafficking
In addition to the above economic findings, this analysis found compound risks to vulnerable populations and U.S. citizens through the cybersecurity issues and social media factors of foreign interference and illegal trafficking at U.S. borders.
To Summarize:
Records from authorities and social media show human smuggling and other organized crime is using more creative ways to exploit U.S. border crossing points.
In many of these smuggling cases, TikTok’s Chinese counterpart Douyin and other data vulnerable social media was documented having a role in guiding border crossings.
Migrants who used Douyin were searching for border crossing guides, an inquiry easy to exploit by human smuggling operations.
Bad actors can access device cameras and microphones for TikTok or other app users that can be harvested for sensitive interior images of U.S. border landscapes.
Data shows increased CCP influence in the economics of the nations migrants are crossing from.
Data maps show an elevated risk of exploitation and extortion in the key areas where migrant crossings make borders vulnerable to bad actors.
Human traffickers can exploit the social media use of migrants to expose them to risks of international human trafficking schemes.
Fall Out and Solutions
Ultimately, the data vulnerability stemming directly from overlap of the migrant crisis and human trafficking in the U.S. Borders and in U.S. territories, and the economic supremacy interests of bad actors, creates a “Pandora’s box” of risks. Once data is released, cybersecurity analysts explained, it can’t be withdrawn, in the same way the mythical Pandora’s box released evil spirits that could not be contained.
While it may be unrealistic to hope for data containment surrounding these overlapping issues, building in a greater systemic awareness of data risks and protection is key.
Subscribe to keep reading
This content is free, but you must be subscribed to Overt Operator to continue reading.