Dragon’s cyber hacking operations: State sponsored game-plan
In the last few years, countless cyber-attacks were reported globally that were linked to the People’s Republic of China. The Chinese cyber-hackers, who target the foreign networks and websites are sponsored by the Chinese government. They are highly trained and have acquired abilities not only to exploit common vulnerabilities but also to discover and even create new vulnerabilities.
The US National Security Agency’s in-depth report of 23rd October points out that one of the greatest threats to the US National Security Systems, Defence Industrial Base and Department of Defence information networks is the “Chinese state sponsored malicious cyber activity”. The report underlines that the Chinese hackers exploit “computer networks of interest that hold sensitive intellectual property, economic, political, and military information.”
In July 2020, US had ordered the closure of the Chinese consulate in Huston, when it discovered that the Chinese officials there were involved in the intellectual property theft and indicted two Chinese nationals for allegedly hacking hundreds of companies and crucially had attempted to steal coronavirus vaccine research. The United States Department of Justice has charged five Chinese national for their involvement in hacking targets not only in the US governments but also the networks of the Indian and Vietnam government. They also carried out attacks on the UK government network unsuccessfully.
These hackers belonged to a state-sponsored hacking group linked with the Chengdu 404 Network Technology (“Chengdu 404”), a PRC company. The US government alleged that the hackers targeted “over 100 victim companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong”. The business companies were specially targeted in countries such as the US, Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam.
In India, recent media reports pointed out that Zenhua Data based in the south-eastern Chinese city of Shenzhen, compiled a huge database of over 10,000 Indians in the fields of politics, government, business, technology, media and civil society. This activity was obviously for launching influence operations. There had been several reports of the Chinese hackers attacking the Indian government networks in the past as well.
In 2013, the China’s cyber espionage operations by Unit 61398- a military cyber-hacker unit under cover had surfaced. In 2015, an authentic report published by Singapore based cyber security firm FireEye gave graphic details of the functioning of an anonymous group dubbed as APT30 that was primarily focusing on the data of businesses, governments and military operations in India and other ASEAN (Association of Southeast Asian Nations) countries.
The most audacious Chinese cyber-hacker attack was witnessed in 2016, when the Permanent Court of Arbitration gave its verdict in favour of the Philippines and also nullifying the Chinese claim in the South China Sea (SCS). The Chinese hackers attacked the website of the national airline at two biggest airports of Vietnam (Noi Bai International Airport in Hanoi and Tan Son Nhat International Airport in Ho Chi Minh City) and placed a statement as well as spoke against the stance of Vietnam and the Philippines on the SCS after taking over control of the speaker system at the Hanoi airport. An insulting message against the two countries was posted crossing all limits of decency. Earlier, 68 websites national and local government websites of the Philippines were attacked soon after the verdict was announced. Notwithstanding denial by 1937CN group that it was not involved, the pictures on the screen at the time of attack clearly revealed its involvement. This group was earlier involved in cyber-attacks in 2012, 2014 and 2015.
The above examples reflect how the Chinese sponsored hackers are currently operating under the instructions of the state authorities. Their operations are aimed to achieve the following objectives of the Chinese authorities. First, they are trying to collect data on the target countries, their critical infrastructure and key persons. Second, they are also collecting data on the business firms that can give competitive advantage to the Chinese firms. Third, they are planting malwares to destroy the data. The development of ability to destroy command and control system of adversaries remains their one of the important objectives. Fourth, they plant disinformation to misguide the users. Fifth, they convey political messages as was the case in Vietnam and the Philippines.
Sixth, they steal information about the coronavirus vaccine from other countries. While the US government has observed this, according to Spanish media, Chinese hackers have stolen information from Spanish laboratories working on a vaccine for Covid-19. Seventh, the data collected about targets is analysed with the help of AI and influence operations are designed to change their perceptions favouring the Chinese position. Fake social media accounts are created to launch influence operations against the key persons in foreign countries. By continuously bombarding the targets, their ability to objectively see the things get impaired and they take position which support China. They specially target strategic community to create ‘useful idiots’ who prove helpful in supporting the Chinese position in foreign countries.
The attack in Vietnam and taking over the control of the speaker system pointed out that the expertise of the Chinese hackers and the level of support to them from the Chinese state. As per Google, the Chinese hackers were also running the campaign under the guise of McAfee antivirus software. The Chinese hackers have also been accused for stealing data from the big data servers. Besides, China is known to be exporting devices equipped with backdoor surveillance tools. Huawei and ZTE are notorious in this sphere. China also purchases companies dealing with computer network with this intention. The Chinese company Lenovo, which bought IBM’ PC business in 2004, was reported to be shipping laptops with ‘superfish’ malware which undermined basic security protocols.
For China, the cyber warfare is the decisive element in its strategy to ascend the international system and is central in military conflicts. Hence, the Chinese sponsored hacking operations have the larger objective in accordance with their hegemonic ambitions. These operations have a reach to practically all fields and can weaken economy and political will of adversaries. The Chinese concept of “No Contact War” is also significant in understanding the objective of the Chinese cyber operations. The underlying principle is fighting wars without its forces coming into contact with the forces of adversaries and winning war without causalities. This means breaking the will of adversary to fight.
While the issue of attribution remains a problem, timing, context, selection of targets and issues clearly reveal the involvement of China. The cyber-hacking operations are not only increasing rapidly but the attacks are assuming new dangerous dimensions. The attacks are becoming more diverse, becoming better at what they do and becoming more adept at using virtual attacks to inflict real damage. The Artificial Intelligence help the hackers in unthinkable ways. They engage very large elements at the very same time.
There is a need to understand the larger game-plan by target nations and take appropriate measures to neutralise the impact of such operations by exposing their nefarious plans and countering the impact of influence operations as they create obstructions in decision making processes, generate social tensions, weaken economies and political will to oppose China. Pragmatism demands identifying the targets and the narratives employed to formulate counter narratives. The need for doing away with the Chinese equipment and software, reliance on indigenous products, creation of stronger protective systems and more importantly adoption of a cyber strategy based on effective deterrence can hardly be over-emphasised. International cooperation is also imperative for countering such Chinese state sponsored activities.