When Counterintelligence Did Not “Catch” the Bad Guy: How Export Compliance and Oversight Stopped an Illicit Transfer
As a counterintelligence guy, I would love to claim one for the team, telling you a story of how counterintelligence “caught” Jonathan Soong. The question presumes a familiar arc: a clandestine plot detected by a vigilant counterintelligence service, followed by an investigative takedown. In practice, many of the most consequential national security cases in the defense industrial base begin elsewhere. They begin in the unglamorous terrain of export controls, contractual oversight, documentation requirements, and compliance escalation. The Soong matter is best read not as a story of counterintelligence brilliance at the point of origin, but as a demonstration that a robust compliance mechanism can function as a practical counterintelligence force multiplier, surfacing deception through audit friction, verification, and internal accountability (U.S. Department of Justice 2025a).
Jonathan Yet Wing Soong worked under a University Space Research Association arrangement supporting NASA, where he helped administer licensing and distribution of U.S. Army-owned aviation and flight control software subject to U.S. export controls. Public charging and plea materials describe a pattern that is familiar to any counterintelligence professional who has studied insider-enabled technology transfer. A trusted administrator leveraged authorized access to facilitate improper export to a prohibited end user, while using misrepresentation and intermediaries to reduce detection risk and sustain the activity long enough to monetize it (U.S. Department of Justice 2022; U.S. Department of Justice 2023; U.S. Department of Commerce, Bureau of Industry and Security 2022).
Export compliance as counterintelligence by another name
In the contractor ecosystem, counterintelligence is no longer confined to investigations and briefings. It is built into controls that regulate who can access what, who can receive what, and what documentation must exist to justify a transfer. Export compliance is the legal expression of strategic technology denial. When an export compliance program is mature, it creates a perimeter of verification around controlled software, technical data, and sensitive know-how. It does this through end-user screening, licensing checks, record retention, and the expectation that representations are auditable, not merely asserted (U.S. Department of Justice 2025a).
Soong’s conduct, as publicly described, involved providing controlled U.S. Army aviation software to the Beijing University of Aeronautics and Astronautics, commonly known as Beihang University, an end-user on the U.S. Entity List. The Entity List designation matters because it transforms what might otherwise be a complicated compliance decision into a bright-line restriction: an elevated risk recipient that generally requires licensing and heightened scrutiny. In counterintelligence terms, it is a government signal that a recipient is associated with activities of concern and therefore must be treated as a strategic risk, not just a commercial counterparty (U.S. Department of Commerce, Bureau of Industry and Security 2022; U.S. Department of Justice 2022).
The decisive tripwire was oversight, not classic counterintelligence detection
The core point that the public often misses is timing. The publicly documented narrative indicates that the scheme was not halted because counterintelligence detected hostile tasking in real time. Rather, the activity began to unravel when NASA asked questions about software licensing activity involving China-based purchasers. That inquiry triggered internal examination at USRA, which then forced Soong’s process, documentation, and representations into a higher scrutiny environment (U.S. Department of Justice 2025a).
From a former operator’s perspective, that is the moment the system displayed its value. Oversight created heat. Heat compelled review. Review compelled proof. Proof created contradictions. Contradictions produced admissions and preserved evidence. That sequence is not incidental. It is the operational logic of compliance as an investigative engine. When a compliance system is designed to verify rather than merely record, it becomes difficult for an insider to sustain a cover story indefinitely.
The cover story failed under verification pressure
Public DOJ descriptions emphasize that Soong initially lied and fabricated evidence to make it appear that purchaser diligence had been conducted. In my experience, this is the most common failure mode for organizations that treat compliance as a box-checking function: insiders learn the minimum artifacts that satisfy superficial review. The Soong case illustrates what happens when counsel and compliance do not accept the first answer. DOJ accounts describe further investigation by USRA’s counsel, confrontation with contradictions, and Soong’s eventual admissions, including that he knew the end user was on the Entity List and that an export license was required (U.S. Department of Justice 2025a).
That is not just a legal detail. It is the fulcrum that turns suspicion into provable intent. Counterintelligence professionals care about intent because intent distinguishes mistake from exploitation and distinguishes weak governance from an insider who is actively enabling a strategic competitor or worse, adversarial FIS. Admissions anchored to documented contradictions are highly durable. They are not dependent on classified sources or contested analytic judgments. They are built for court cases.
Intermediaries and misdirection are a compliance evasion pattern
The public record also describes the use of an intermediary to obscure the true end user and facilitate the commercial pathway. This is a standard concealment vector. Intermediaries can be used to launder payment trails, shift transactional geography, and create plausible deniability within internal processes that rely on surface-level end-user statements. If a program relies on the integrity of a single administrator’s “screening,” the administrator becomes the control. If the administrator is compromised, the system is compromised. In this case, public materials describe intermediary involvement and a transfer pathway that, when examined, revealed the underlying restricted recipient (Department of Defense Office of Inspector General, Defense Criminal Investigative Service 2023; U.S. Department of Justice 2025a).
For counterintelligence practitioners, the lesson is straightforward: third party structures are not merely procurement conveniences. They are also tradecraft. In an export controls environment, every intermediary should be treated as a potential concealment method unless diligence is independently verifiable.
Voluntary self-disclosure converted an internal discovery into a national security case
Once internal discovery occurred, the matter moved from corporate governance to national security enforcement. DOJ’s public declination notice emphasized that USRA self disclosed export control offenses committed by its employee and cooperated, which shaped the government’s posture toward the company while leaving the individual to face prosecution (U.S. Department of Justice 2025a). That sequence is important for practitioners because it demonstrates how compliance maturity affects outcomes. Prompt internal escalation, self disclosure, and remediation can separate an organization’s institutional exposure from the conduct of a rogue insider, while also strengthening the government’s ability to build a case against the perpetrator.
DOJ also identified the investigative constellation, including Commerce export enforcement, the FBI, Defense Criminal Investigative Service, NASA Office of Inspector General, and U.S. Army elements including Army counterintelligence and investigative components. In other words, counterintelligence was present and relevant, but it was not the initial tripwire. It was part of the enforcement and investigative consolidation phase after compliance mechanisms surfaced the issue and the company disclosed it (U.S. Department of Justice 2025a; U.S. Department of Justice 2023).
Compliance “caught” the act and counterintelligence helped finish the job
If we insist on the verb “catch,” my professional assessment is that counterintelligence did not “catch” Jonathan Soong in the popular sense of the term. The decisive early detection function was performed by oversight and export compliance mechanisms. NASA’s questions triggered organizational scrutiny. Scrutiny demanded documentation. Documentation collapsed under verification. Verification produced contradictions and admissions. Those admissions and records enabled self-disclosure and a multi-agency investigation that culminated in a guilty plea. Counterintelligence contributed where it often contributes most effectively in the contractor environment: by supporting the investigative and enforcement architecture once a compliance tripwire has surfaced misconduct, and by helping translate a technical compliance failure into a national security narrative that the government can prosecute (U.S. Department of Justice 2025a; U.S. Department of Justice 2023).
This is not a criticism of counterintelligence. It is an argument for modernizing how we describe counterintelligence effectiveness. In the defense industrial base, export compliance is not adjacent to counterintelligence. Export compliance is frequently counterintelligence in operational form. When built correctly, it makes illicit transfer hard to hide, expensive to sustain, and likely to fail under audit pressure. The Soong case is the quiet proof that governance, oversight, and export controls can stop a technology transfer plot even when no one is running a classic counterintelligence operation at the beginning.
Bibliography
- Department of Defense Office of Inspector General, Defense Criminal Investigative Service. 2023. “Defendant Admits Using Intermediary to Funnel Payments for United States Army Aviation Software Exported to Beihang University.” Press release, January 17, 2023.
- U.S. Department of Commerce, Bureau of Industry and Security. 2022. “South Bay Resident Charged with Smuggling and Exporting American Aviation Technology to Beijing University.” Press release, May 26, 2022.
- U.S. Department of Justice. 2022. “South Bay Resident Charged with Smuggling and Exporting American Aviation Technology to Beijing University.” Press release, U.S. Attorney’s Office, Northern District of California, May 26, 2022.
- U.S. Department of Justice. 2023. “Castro Valley Resident Pleads Guilty to Illegally Exporting American Aviation Technology.” Press release, U.S. Attorney’s Office, Northern District of California, January 17, 2023.
- U.S. Department of Justice. 2025a. “Justice Department Declines Prosecution of Company That Self Disclosed Export Control Offenses Committed by Employee.” Press release, Office of Public Affairs, April 30, 2025.