January 2024

WEB WARRIORS ON THE PROWL

Web warriors on the prowl

Yvonne Gill warns of the looming threat of Chinese cyber attacks, and considers how the world proposes to counter it

The growing number of cyber intrusions into critical US infrastructure, and into that of its allies, by Chinese cyber warriors has set off alarm bells in defence and cyber security circles in the West. Essentially probing attacks, the Chinese have been testing their capacity to create chaos and disruption within US military and civilian infrastructure critical toits security and the smooth functioning of its economyin times of conflict. The Chinese also intend to map the strengths and weaknesses of Western cyber security and the likely counter-measures the adversaries would take to fend off intrusions.

The computer systems of about two dozen entities – power and water utilities as well as communications and transportation systems – were hacked over the past year, The Washington Post reported. Although no disruption was caused, the paper said, the cyber-attack, carried out by a China-based hackers’ group, Volt Typhoon, ‘was a part of a broader effort to develop ways to sow panic and chaos or snarl logistics in the event of a US-China conflict in the Pacific’.

It has long been known that China has an extensive espionage network of human spies and hackers, who systematically steal military and high-tech secrets, both to help its key industries keep abreast with technological advances, and tomodernise its military. Stealing intellectual property (IP) has been a part of the CCP’s strategy to achieve hyper-growth. The industry and the state work in tandem, for instance, towards achieving the CCP’s ‘Made in China’ goals and achieving dominance in different sectors of the economy.

Data collected by cyber security agencies since 2000 indict China for being associated with more than 90 cyber espionage campaigns. India, too, has been a target of Chinese cyber-attacks. During the Indo-China conflict along the Line of Actual Control (LAC) in 2020, a China-based hacker group, codenamed RedEcho, targeted at least ten installations critical to India’s power grid, as well as two ports. The threats were promptly neutralised by Indian cyber experts.

A multi-year cyber espionage campaign targeting multinational companies was exposed by US cyber security company Cybereason in 2022
A multi-year cyber espionage campaign targeting multinational companies was exposed by US cyber security company Cybereason in 2022

How aggressive the Chinese cyber intrusions can be is evident from Operation CuckooBees, a multi-year cyber espionage campaign that targets multinational companies. The operation was exposed by Cybereason, an American cyber security company, in 2022.The hackers had exfiltrated hundreds of gigabytes of IP data from the targeted companies, according to Cybereason.

An estimated 1 in 5 US corporations have had their trade secrets stolen. Start-ups and small businesses, accounting for over 44 per cent of the America’s economic activity, are easy targets. Today, a large number of small and medium companies are responsible for cutting-edge innovationsin the fields of Artificial Intelligence (AI) and Machine Learning (ML). These innovators are developing a whole range of products, having a wide range of applications, from productivity tools to cyber security applications. The Chinese will no doubt be aggressively targeting these firms as they have done in the past.

Stealing intellectual property has been part of the CCP’s strategy to achieve hyper-growth

The 2023 Annual Threat Assessment, released by the Office of the Director of National Intelligence (ODNI) in February, stated that ‘China almost certainly is capable of launching cyber-attacks that could disrupt critical infrastructure services within the United States’..

‘If you had asked me ten years ago, the answer would have been China is primarily focused on economic and political espionage, looking to advance their economy, looking to steal secrets or plans for fighter jets, but that threat is absolutely evolving,’ says Brandon Wales, executive director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).‘I think it is far more serious today.’

In May this year, the Five Eyes countries (the US, UK, Australia, Canada and New Zealand) issued an alert about the Chinese hackers group Volt Typhoon,affiliated with China’s People’s Liberation Army, targeting‘networks across US critical infrastructure’.Italso pointed outthat Volt Typhoon‘could apply the same techniques against these and other sectors worldwide’. Microsoft, which initially detected the activity, maintains the secretive group has been engaged in these hacking campaigns since mid-2021. It tried to intrude into critical infrastructure, including ‘communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors’.

BlackTech, uses sophisticated cyber tools to target routers to move ‘from international subsidiaries to headquarters in Japan and the US’

Another group of Chinese cyber warriors, BlackTech,in late September targeted ‘government, industrial, technology, media, electronics, and telecommunication sectors, including entities that support the militaries of the US and Japan’, according to a joint advisory issued bythe two countries. BlackTech, active since 2010, uses sophisticated cyber tools to target routers to move ‘from international subsidiaries to headquarters in Japan and the US – their primary targets’, the security advisory said. The US and Japan have urged network providers to take steps to ‘protect devices from the backdoors the BlackTech actors are leaving behind’. In August, The Washington Post had also reported that Chinese hackers penetrated classified Japanese military networks in 2020.

The US Defense Department’s October Report underlines three distinctive strands of Chinese cyber warfare: disinformation, espionage, and hacking critical infrastructure. These tactics are intertwined with its broader strategic goals. China would take a multilevel strategic approach if it were to come into direct conflict with the United States. This would include“destructive”cyber-attacks to‘hinder military mobilization, sow chaos, and divert attention and resources’, the report points out.

The Chinese strategy will also be to simultaneously overwhelm and disrupt the infrastructure and military capabilities of US allies in the Indo-Pacific and South China Sea. Taiwan will be a prime target, should the CCP decide to launchan aggression against the island nation or even if it were in direct conflict with the US.

POWER STRUGGLE: Along the LAC in 2020, a China-based hacker group, codenamed RedEcho, targeted at least ten installations critical to India’s power grid
POWER STRUGGLE: Along the LAC in 2020, a China-based hacker group, codenamed RedEcho, targeted at least ten installations critical to India’s power grid

China has also developed sophisticated capabilities for spreading disinformation on social media. It has developed new tools for digital disinformation operations.A report released by Microsoft in September says that China could use generative AI to create realistic-lookingfake images and videosto spread disinformation on social media. ‘In the past year, China has honed a new capability to automatically generate images it can use for influence operations meant to mimic US voters across the political spectrum and create controversy along racial, economic, and ideological lines.’ China’s ‘state-affiliated multilingual social media influencer initiative’ has reached 103 million accounts in 40 languages, while ‘China-aligned’ accounts have both impersonated American voters and connected with real users about political matters, the report pointed out.

Similarly, the Defense Department’s report described China’s focus on developing information strategies to spread fake information during a conflict situation. China is said to be making these operations a part of its military exercises, too. The report says that China views ‘cyberspace, electronic, space, and psychological warfare’ as ‘integral to achieving information superiority early in a conflict [and] as an effective means to counter a stronger foe’.

With global cyberspace becoming an integral part of all walks of life, and the economic, financial, social and political activities now almost totally dependent on the rapidly growing neural networks and ever-advancing microprocessor technology that has unleashed a revolution in the sphere of Artificial Intelligence, with Large Language Models and Transformer Technology, the brave new world could be facing challenges so far unfathomed. And the worst case scenario could be a belligerent CCP autocracy playing spoilsport and making cyberspace its future battleground.

Yvonne Gill is a freelance journalist based in London