Cyber operations have become China’s tool of choice to gain proprietary intellectual property and gather personal data worldwide.
In February 2021, malware originating from China was found in an Indian power grid. Experts have suggested the malware may have shut off the lights of Mumbai city at the height of the border stand-off in Ladakh.
The Ministry of State Security and the People’s Liberation Army’s (PLA) Strategic Support Force primarily handle China’s cyber operations.
The Strategic Support Force emerged from the PLA reorganisation in 2015. With the creation of this new, integrated force, China combined electronic warfare, information warfare and cyber operations. Under President Xi Jinping, though, it’s the Ministry of State Security that acquired the power to wage cyber operations with the help of an army of civilian recruits.
The Ministry of State Security has in the past used open-source data hunting for zero-day exploits, which can grant access to a device from a remote location. Zero-day exploits are vulnerabilities in the software code, and exist across various electronic devices.
Also read: Cybersecurity breaches are on the rise. What can we do to become more resilient?
China’s deep dive into cyber warfare
In 1999, two Chinese Air Force colonels identified the coming age of electronic warfare and cyberspace following the US’ Iraq war. Qiao Liang and Wang Xiangsui’s Unrestricted Warfare underscored the ability to wage warfare below a certain threshold of conflict. “The first rule of unrestricted warfare is that there are no rules, with nothing forbidden,” said Qiao in an interview.
But since the publication of Unrestricted Warfare, China’s military strategy has evolved. The 2015 China Military Strategy document called cyberspace “a new pillar of economic and social development and a new national security domain”.
Pursuing cyber warfare isn’t unique to the US or China, as all major powers have invested in offensive and defensive cyber capabilities. But China’s swift improvement of capabilities has made experts across the world pay attention.
The Microsoft Exchange Server hack — attributed to Chinese hackers — has revealed the capabilities that the Ministry of State Security and PLA have enhanced since the early 2000s.
“China’s appetite for America’s private data has been one of the biggest open secrets of modern intelligence. Intelligence officials estimate that China has now stolen all the personal identifiable information of about 80% of Americans, and it has a good start on collecting information on the remaining 20%,” wrote American journalist Dina Temple-Raston following her investigation into the Microsoft hack for National Public Radio (NPR).
The UK, US and EU have accused the Hafnium group – with ties to the Chinese State – of hacking the Microsoft Exchange Server, which gave access to a vast trove of data.
Also read: Cyber threats now sit alongside nuclear ones – India needs a formal national strategy
Hacking on the back of civilian recruits
The US remains ahead of China in waging cyber operations, but China has slowly caught up with a civilian integration model. Institute of International and Strategic Studies has called China a “Tier 2” cyber power in its 2021 Cyber Capability and National Power assessment. The US remains the top cyber power.
According to reporting by The New York Times and other publications, China’s Ministry of State Security has established a sophisticated network of private entities that hire and train hackers to work for the Xi Jinping government. The community of hackers has gathered information on US citizens from hacks such as Marriott hotel’s customer database. The cyberespionage network has tried to steal Ebola vaccine data and secret technology from a self-driving car company.
The Ministry of State Security’s office in Hainan set up a private entity called Hainan Xiandun Technology Development Ltd, to recruit fresh graduates of top Chinese universities with technology and linguistic skills. The US’ Federal Bureau of Investigation (FBI) has indicted three officers of Hainan State Security Department in relation to Hainan Xiandun Technology Development’s operations.
A 2013 recruitment advertisement by Hainan Xiandun said, “Since its establishment, the company has worked in the information security industry and has a wide customer base in the government, military, public security, telecommunications and finance”. The advertisement asked for “information security technicians and interns” and suggested a salary range of 4,000 to 10,000 yuan per month ($618 to $1,546) during the probation period of three months. The recruits could get paid up to 15,000 yuan ($2,319) per month after their probation period. The NYT has reported salaries for certain technical roles between $1,200 to $3,000.
According to 2016 documents, Hainan Xiandun had a registered capital of 2 million RMB and the company’s location was the Hainan University Library. The FBI believes that the company has since been disbanded, but continued to recruit up until 2019.
The recruits of Hainan Xiandun targeted aviation, defence, education, government, health care, biopharmaceutical and maritime companies in Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland, the UK, and the US.
Also read: Don’t rush to give clean chit to China. Mumbai power grid failure is a strong warning
A new protocol
China’s estimated annual cost of intellectual property theft to the US economy is between $300 billion to $600 billion in the year.
Cyber threat assessment firm Recorded Future has linked the new push to cloak cyber operations behind civilian entities to China’s Digital Silk Road Initiative. China wants to export its own global internet regulations by establishing the norms with the “new internet protocol” plan. For now, there are only a handful of countries, including Saudi Arabia, Iran and Russia, that have expressed interest in China’s internet protocol. But China continues to push for the adoption of the new norms at various international technology forums.
Xi Jinping’s recent decisions to establish regimes around personal data protection, including the regulatory actions against Didi Chuxing, are part of the strategy to reduce access by US operations to China’s data.
The conflict at our physical borders has shaped 20th century geopolitics. China’s advancing cyber capabilities have added another domain of conflict, which should become a part of public discourse.
The author is a columnist and a freelance journalist. He was previously a China media journalist at the BBC World Service. He tweets @aadilbrar. Views are personal.
(Edited by Prashant)