From defence to attack: governments in the Asia-Pacific region are strengthening their offensive cyber weapons in the fight against Chinese cyber warfare targeting their countries. Intrusions attributed by officials and experts to Beijing this year include targeting government-linked groups in South Korea, an Australian research institute, Taiwan’s ruling party and opposition politicians in Cambodia.
China’s ministry of foreign affairs described the allegations as “absurd”. Beijing was “resolutely opposed to any form of cyber attack”, a spokesman said.
Yet the number of Asia-Pacific countries who have adopted offensive cyber abilities, defined as the ability to disrupt or damage systems and networks, has risen from four — China, North Korea, Pakistan and India — to at least 14, according to FireEye, a Silicon Valley cyber security company. Governments are also boosting cyber security spending, rewriting cyber-focused laws and strengthening monitoring agencies.
The moves mirror similar policy changes in the West. The Trump White House recently authorised “offensive cyber operations” against enemies of the U.S. The U.K. is preparing to launch a new cyber warfare unit to counter online attacks from countries such as Russia, North Korea and Iran.
Officials rarely disclose their cyber operations or name countries linked to attacks, citing national security. However, the head of cyber security for one Asia-Pacific government says his department’s tactics include agents accessing Chinese networks to foil attacks “before they come to our front line”.
They’re [China is ] going after…any sort of policymaker that is going to give the Chinese government decision-making advantage.
Benjamin Read, manager of cyber-espionage analysis, FireEye
Experts say there has been a sharp increase in cyber attacks by China across the region over the past two years, partly as a result of Beijing’s 2015 deal with the U.S. to refrain from cyber espionage. After that agreement was signed, China redirected its focus towards Asia, according to Samm Sacks, a China cyber specialist at the Center for Strategic and International Studies, a Washington-based think-tank.
“We saw a redirection of cyber activity originating from China, that initially had been going towards U.S. targets, reoriented towards other areas in the Asia region,” she said.
Experts also point to China’s strengthened offensive capabilities, and the reorganisation of its cyber bureaucracy under the control of President Xi Jinping, as evidence of the shift.
“They’re going after ministries of foreign affairs, any sort of policymaker that is going to give the Chinese government decision-making advantage,” says Benjamin Read, manager of cyber-espionage analysis at FireEye.
Tsinghua University was the origin of cyber-espionage campaigns earlier this year targeting the Tibetan community in India and the state government of Alaska, research has shown.
Experts say the shift towards offensive operations raises concerns about breaching international law.
“It is in a grey area [legally]. There are no clear definitions,” says the government cyber security chief, adding that, while attacks on the country did not always emanate from Chinese IP addresses, some had been traced to academic institutions linked to China’s military.
Australia is one of the few countries to publicly confirm its security agencies used offensive cyber actions to disrupt terrorist organisations, including ISIS.
Canberra has also banned Chinese telecoms equipment makers Huawei and ZTE from providing 5G technology to Australian mobile phone operators amid national security concerns. The country was allegedly hit by Chinese cyber attacks on its Bureau of Meteorology in 2015 and the Australian National University this year. Beijing has denied involvement.
In New Zealand — a member of the Five Eyes intelligence network with Australia, the U.S., the U.K. and Canada — a policy paper released in July signalled the military wanted greater cyber powers. “To maintain relevant combat capabilities, including interoperability with close partners . . . the defence force needs to be able to conduct a broader range of cyber operations,” the document said.
Of nearly 400 serious cyber incidents hitting key New Zealand organisations in the year to the end of June 2017, 30 percent had indications of being linked to state-sponsored groups, according to an official in Wellington. China’s espionage activity also had a “heavy emphasis” in Southeast Asia, especially around regional meetings and events linked to the Association of Southeast Asian Nations, FireEye’s Read said.
In March, Indonesia launched a cyber agency under direct presidential control to curb a rising number of digital attacks. The agency chief, Djoko Setiadi, says “some attacks came from overseas”, and that the government’s online domain was the prime target.
Additional reporting by Xinning Liu and John Reed
Experts link China cyber attacks to tech theft
There has been a marked increase in Chinese cyber espionage against American companies over the past two years, according to U.S. experts. U.S. cyber security groups retained to fend off attacks on corporate clients said there was a lull in Chinese attacks following a 2015 bilateral agreement to end government-sponsored hacking. But they now say attacks are back at or above the pre-accord level, and are targeting trade secrets.
“Over the past two years, and especially in 2018, we have observed a resurgence from multiple state-sponsored Chinese cyber-espionage groups,” says Benjamin Read, manager of cyber-espionage analysis at FireEye.
The activity now included “stealing sensitive business information . . . in addition to operations directly targeting intellectual property”, he adds.
The U.S. trade representative’s office said Beijing is not respecting the 2015 agreement.
“Chinese espionage against the US now is greater than it was in the cold war,” says James Lewis, senior vice-president at the Center for Strategic and International Studies. Tom Kellermann of cyber security firm Carbon Black adds that attacks are increasingly targeted and could accelerate amid the trade battle between Beijing and Washington. “As the trade war escalates so will cyber attacks,” he says.
A new U.S. national cyber strategy unveiled in September by President Donald Trump said: “China engaged in cyber-enabled economic espionage and trillions of dollars of intellectual property theft.”
The U.S. will “defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict”, the Department of Defense said in a separate strategic update.
However, Chinese experts were sceptical. “The U.S. is trying to create the narrative of a ‘China cyber space threat’,” says Shen Yi, director of the Cyberspace Governance Study Center at Fudan University in Shanghai. “In reality, the U.S. is the biggest source of these threats.”
By Edward White, Jamie Smyth, Stefania Palma and Yuan Yang
OZY partners with the U.K.’s Financial Times to bring you premium analysis and features. © The Financial Times Limited 2018.