Western response to Chinese hacking weak and bureaucratic
Chinese hackers attacked critics of Beijing and democratic institutions.
Chinese state-sponsored hacking attacks on Western democratic institutions, parliamentarians, government officials, academics and journalists ‘push close up’ to what constitutes ‘outright conflict’ but expose the limits of what affected governments can do to push back, a leading cyber intelligence expert said.
Mike Bareja spent more than 15 years leading Australia’s response to technology-based threats to national security and is now Deputy Director of Cyber, Technology and Security at the Canberra-based think tank Australian Strategic Policy Institute (ASPI).
Speaking to Latika Takes, he said the mass hacking attacks and attempts to compromise electoral systems exposed by Western allies on Monday, were part of sustained efforts by China and Russia to ‘poison the well and create distrust and chaos.’
‘Democracies run on trusted information,’ he said.
‘China and Russia’s malicious grey-zone cyber attacks may fall short of outright conflict, but it’s pushing close up against it.
‘Targeting electoral systems and politicians strikes at the heart of our liberal democratic societies, and we cannot stand idly by and let these attacks go unpunished.’
US charges seven Chinese hackers
The United States and the United Kingdom acted in tandem as they announced that China had conducted separate hacking attacks and breached Britain’s electoral register three years ago.
The US released a 27-page indictment charging seven Chinese men who spammed thousands of Western politicians, officials, ambassadors, activists, business figures and other critics of the Chinese Communist Party for the past 14 years with around 10,000 malicious emails.
‘This prolific global hacking operation — backed by the PRC government — targeted journalists, political officials, and companies to repress critics of the Chinese regime, compromise government institutions, and steal trade secrets,’ Deputy Attorney General Lisa Monaco alleged.
The UK’s Deputy Prime Minister Oliver Dowden told the House of Commons that Chinese hackers had breached the Electoral Commission between 2021 and 2022 and in a separate campaign had attempted to covertly monitor UK parliamentary accounts in 2021.
Whodunnit?
The group that conducted the attacks was the ATP31 Group - the Advanced Persistent Threat 31. It operates out of Wuhan, as part of the Ministry of State Security’s Hubei State Security Department’s cyberespionage program under the guise of a front company.
‘Some of this activity resulted in successful compromises of the targets’ networks, email accounts, cloud storage accounts, and telephone call records, with some surveillance of compromised email accounts lasting many years,’ the US statement said.
ATP31 Group’s methods involved sending their targets emails that posed as links to legitimate news articles from established media outlets and journalists but contained hidden tracking links.
If an email was opened, this act would transmit the user’s location, internet protocol (IP) addresses, network schematics and the devices used to servers operated by the Chinese hackers. They would then use the data to refine their attacks to target recipients’ home routers and other connected devices.
New Zealand compromised
Separately, New Zealand’s signals intelligence agency the Government Communications Security Bureau and National Cyber Security Centre said the Parliamentary Service — which runs parliamentary and MPs support services — and the Parliamentary Council Office — which drafts legislation — had been hacked, by a different Chinese hacking network.
‘Analysis of the tactics and techniques used by the actor enabled us to confidently link the actor to a PRC state-sponsored group known as APT40,’ GCSB Director-General Andrew Clark said.
Australia, another member of the Five Eyes intelligence sharing network that comprises the US, UK, New Zealand and Canada, said the behaviour was ‘unacceptable and must stop.’
In a statement, Foreign Minister Penny Wong said Australia’s electoral systems were not compromised by the cyber campaigns targeting the UK.
Who was targeted?
Among the thousands targeted were all the European and most British parliamentarians belonging to the Inter-Parliamentary Alliance on China, an international group of cross-party legislators from 35 parliaments who joined forces in 2020 to pressure their governments to take a tougher stance on Chinese interference. Many of these same members had been previously sanctioned by China.
In July 2021, I reported that IPAC dubbed the ‘nuisance alliance’ by Chinese state media, had been told a cyber attack had been launched against them.
In the US, officials working at the White House, the Justice, State, Commerce and Treasury departments, along with US Senators, political party campaign operatives and spouses were all targetted. In one instance, the email of a serving US ambassador to a Southeast Asian nation was compromised between June 2022 and February 2023.
APT31 Group hacked and attempted to hack dozens of companies working in sensitive sectors such as defence and telecommunications, including a provider of 5G network equipment and a leading global provider of wireless technology, the US said.
Dissidents were also in APT31 Group’s crosshairs. Norwegian government and officials were attacked after Hong Kong’s Umbrella Movement was nominated for a Nobel Peace Prize in 2018 and malware was used to compromise the accounts of Hong Kong pro-democracy activists and their supporters.
The response
While the United States led the way by charging seven APT31 members and releasing the indictment, the UK said it had summoned the Chinese Ambassador in London and sanctioned a front company and two members of APT31.
‘The UK judges that those actions demonstrate a clear and persistent pattern of behaviour that signals hostile intent from China,’ Deputy Prime Minister Oliver Dowden told the House of Commons.
‘We are today acting to warn of the breadth of targeting emanating from Chinese state-affiliated actors such as APT31, to sanction those actors who attempt to threaten our democratic institutions, and to deter both China and all those who seek to do the same.’
The backlash
MPs from all political parties savaged Dowden, with the former Conservative Leader Iain Duncan Smith, UK co-founder of IPAC and one of the MPs sanctioned by China, leading the way.
He told Dowden that the government’s response was a ‘bit like an elephant giving birth to a mouse.’
‘I am rather underwhelmed by this statement,’ Tim Loughton, another Tory MP and member of IPAC, said.
Jim Shannon from the Democratic Unionist Party — the British nationalist and conservative party in Northern Ireland — said the All-parliamentary Group for International Freedom of Religion or Belief that he chaired, had had its website hacked with text questioning China’s human rights violations removed.
He urged Dowden to stop handling the ‘Chinese oversteps’ with ‘kid gloves’ and instead ‘handle them with authority.’
‘This is too little, too late. It is reactive, not proactive. Two lowly officials get sanctioned when half the UK population’s data and electoral roll get cyber-attacked,’ observed Chris Law from the Scottish Nationalist Party. Stewart McDonald, also from the SNP said the deputy prime minister had ‘turned up to a gunfight with a wooden spoon’.
‘My first reaction is: “Is that it?” The spin was clearly not matched by this statement,’ said Labour’s Kevan Jones.
ASPI’s Bareja agreed.
‘The UK and US responses seem weak – the UK imposing sanctions on two people and one company, while the US charges seven hackers,’ he said.
‘But these types of responses are bureaucratic, technically difficult and politically hazardous.
‘Nevertheless, we are getting better and faster at them.’
‘An escalating situation’
Under pressure, Dowden was coaxed into revealing more measures the UK could take against China.
These included potentially placing restrictions on Chinese electric vehicles from entering the UK and placing the CCP on the enhanced tier of the Foreign Influence Registration Scheme which would require anyone working in arrangement with the CCP to declare their activities and subject them to greater scrutiny.
‘Nobody should be in any doubt about the gravity of this matter,’ Dowden said.
‘These are not the actions of a friendly state, and they require our serious attention … this is an escalating situation.
‘I said that there had been a démarche, and that is exactly what is happening.’
But with polling showing the Tories’ are poised to lose power at the next election, likely to be held before the end of the year, attention will soon move to Labour’s approach.
Catherine West, shadow Asia minister travelled to Beijing last week. She told me that Labour would act on Chinese interference in government.
‘It was so important for me to visit Beijing ahead of the election, and meet with senior Chinese leaders, to put on record our concerns about human rights, national security, and interference in our democracy and make it clear this is something we will act on in government,’ she said.
She said Labour would audit the UK-China relationship within its first 100 days in office.
‘Our audit will make sure the government can manage risks and deter threats from China.
‘And it will give British businesses clarity on how to trade safely with the world’s second-largest economy.
‘Labour will work with NATO allies to develop new measures designed to protect our democratic values, institutions and open societies.’