{"id":65862,"date":"2021-07-20T15:00:55","date_gmt":"2021-07-20T05:00:55","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=65862"},"modified":"2021-07-20T17:15:12","modified_gmt":"2021-07-20T07:15:12","slug":"chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/","title":{"rendered":"Chinese state-backed hacking: time to level the playing field and breach the Great Firewall"},"content":{"rendered":"
<\/figure>\n

More than 30 countries across Europe<\/a>, North America<\/a> and Asia<\/a> yesterday joined in revealing and condemning the Chinese government\u2019s Ministry of State Security\u2019s work with Chinese cyber hackers and cybercriminals to hack companies, governments and other organisations globally, stealing valuable intellectual property and even conducting ransomware attacks.<\/p>\n

The grouping included Japan<\/a>, the United States<\/a> and, through NATO<\/a>, 28 European nations, as well as New Zealand<\/a>, Australia<\/a> and Canada<\/a>.<\/p>\n

Far from being an issue involving only Beijing and Washington as part of strategic competition between two great powers, this behaviour from the Chinese state shows that China poses a systemic challenge to all open societies. So it\u2019s not a surprise that this large and growing group of governments is working more closely together to face it. They\u2019re the same grouping we saw coming together on China at the G7-plus meetings in Cornwall last month.<\/p>\n

Chinese state actions and the government\u2019s cooperation with China\u2019s criminal hacker \u2018ecosystem\u2019 are damaging and flagrant. That\u2019s not new news. So, what do we do?<\/p>\n

We need to start by realising that this is not just a case of Chinese authorities tolerating cybercriminals operating out of China. The Chinese government is working with and through its criminal cyber community to advance its own interests and damage others\u2014corporations and governments alike. That damage is to every one of the countries that spoke out yesterday and to companies operating in their economies.<\/p>\n

There are four big messages out of this for governments and companies.<\/p>\n

The first is to really take in the implications of this deeply malign, damaging behaviour of the Chinese state, which professes peaceful intent and an abhorrence of interfering in other jurisdictions, and think through the specific risks and damage that can result. This is a board- and CEO-level issue for every Australian company, for example.<\/p>\n

The second is for governments and companies to actively tighten their cybersecurity by implementing the detailed set of mitigating measures<\/a> the US and partner cybersecurity agencies set out in support of yesterday\u2019s statement. Three big things to do are getting software patches up to date to remove vulnerabilities Chinese hackers can use; increasing the internal system monitoring that your organisation does to spot malicious and suspicious activity inside your network; and using anti-virus software along with a domain reputation service (to spot activity coming from malicious or suspicious sources before it compromises your company\u2019s or agency\u2019s systems).<\/p>\n

These steps will make it harder for the Chinese government\u2019s Ministry of State Security and the cybercriminal outfits they work with to successfully penetrate and compromise company and government systems internationally.<\/p>\n

The last two messages are arguably much more challenging and more important.<\/p>\n

These global attacks were about China hacking into foreign digital technology\u2014in this case Microsoft Exchange systems used in much of the advanced world\u2014with the Chinese attackers looking for valuable information and also vulnerabilities in how companies\u2019 and governments\u2019 critical digital systems work. That\u2019s a bad problem to have.<\/p>\n

But consider the enormous additional vulnerabilities that any government, critical infrastructure operator or government agency faces by using Chinese-sourced digital technology. The Ministry of State Security doesn\u2019t need a hacker network to get into these systems. As ASPI\u2019s series of reports<\/a> on the expansion of China\u2019s tech giants shows, it can go straight through the front door, accessing and using data produced by the normal business operations of Chinese digital systems and, when it needs to, compelling the secret cooperation of Chinese vendors and operators.<\/p>\n

That gives company and government decisions about digital technology and software adoption a very sobering risk to factor in along with the usual business-case elements of cost, performance and ease of implementation.<\/p>\n

National 5G and digitisation initiatives, along with specific critical and digital infrastructure decisions\u2014whether on transport, communications, public health or e-commerce\u2014must now take account of not just the risk of hacking, but the risk of inherent compromise of digital supplier and operating organisations.<\/p>\n

The last big message from this wholesale Chinese hacking enterprise is that it\u2019s time to stop accepting that our open economies and societies are somehow uniquely vulnerable and that all we can do is make ourselves harder targets, soak up these Chinese (and Russian\u2014remember Solar Winds<\/a>) attacks and express concern.<\/p>\n

More targeted indictments<\/a> and asset freezes on Chinese officials\u2014like leaders and operatives in the Ministry of State Security\u2014and charges against Chinese cybercriminals will help. Magnitsky-style laws in more countries, including Australia, must be part of the answer here. But that just won\u2019t be a big enough deterrent by itself.<\/p>\n

From here, given the systemic challenge that China under Xi Jinping is for many of us, it\u2019s time to give Beijing some home games and homework to do.<\/p>\n

China\u2019s own digital ecosystem is messy, patchy and vulnerable. It requires legions of humans to keep spotting gaps and fixing seams, as well to operate and police. And we know how vulnerable the ruling Chinese Communist Party regime feels to anything but well-chewed, censored information reaching the 1.3 billion Chinese citizens who are not party members.<\/p>\n

Listening to Xi\u2019s CCP centenary speech<\/a> reminded anyone who had forgotten that a central thought he and the other CCP leaders have every day is the need to continue to struggle to stay in power within China. So, ensuring only the \u2018correct line\u2019 is provided in China\u2019s information space is a continuing huge priority for Xi.<\/p>\n

The same is true, strikingly, for Vladimir Putin in Russia, whose recently released national security strategy<\/a> sees the \u2018home front\u2019 as the most dangerous and critical one for him to control to stay in power, given the threat of foreign ideas and information that challenge his narratives. While commentary has been about Russia\u2019s use of cyber and disinformation power against others, the vulnerabilities in Russia\u2019s own cyber and information space worry Putin more than most other threats. Xi seems to suffer the same anxieties, as did his predecessors.<\/p>\n

The governments that are routinely targeted by Beijing can work together and independently to stand up China-focused outfits with missions like Radio Free Europe<\/a>, creating and using capable digital-era approaches to routinely breach the Chinese government\u2019s \u2018Great Firewall\u2019. This can provide sources of external information and commentary, and also provide footage of Chinese security thugs beating up Hongkongers and operating arbitrary interrogation centres, of the People\u2019s Liberation Army massacring Chinese students in Tiananmen Square in 1989, and of eyewitness testimony about the graphic mass abuses Chinese officials are committing against Chinese Uyghurs every day.<\/p>\n

Some healthy doses of China\u2019s own history, including the mass deaths Mao Zedong inflicted in Chinese people through his Great Leap Forward, will contest the propaganda-driven, aggressive nationalism Xi and his leadership colleagues stoke every day.<\/p>\n

This will provide a partial antidote for the historically ridiculous notions that all China\u2019s troubles have been inflicted by evil foreigners, and that the party is Chinese people\u2019s benevolent protector. The contrast with the stage-managed happy, dancing Uyghurs and the silence and denials of other abuses committed by the CCP will be confronting and jarring to Chinese citizens and amplify the power of this external information.<\/p>\n

We know there\u2019s an appetite for this kind of information\u2014and for discussion within mainland China and with people in places like Taiwan and elsewhere\u2014from the example of the short-lived Clubhouse<\/a> app, where exactly this kind of conversation happened before Chinese censors banned it earlier this year.<\/p>\n

And lastly, while we\u2019re thinking through how to demonstrate to the Chinese government its own vulnerabilities as part of stronger deterrence, it\u2019d be useful to ensure that Beijing understands it has myriad of its own critical infrastructure and digital vulnerabilities.<\/p>\n

Having Beijing know the practical reality of this, and be anxious about vulnerabilities that it doesn\u2019t know about but which other capable governments might, could be the kind of tangible constraint Xi and his colleagues best understand. This is a future for cyber deterrence.<\/p>\n

This coordinated response from the democracies hopefully ends the approach whereby governments, including in Canberra, would say nothing publicly about extensive\u00a0Chinese state cyber intrusions while pretending that wider relations with Beijing could progress as normal.<\/p>\n

There can be no return to a trusting \u2018win\u2013win\u2019\u00a0relationship with Beijing at the same time as we are being spied on and\u00a0robbed blind by its hackers.<\/p>\n

So, the nasty implications of this most recent exposure of Chinese state and criminal cooperation are much wider than just providing more work for cybersecurity professionals and concerned foreign affairs departments. It\u2019s a further step along the path of growing international cooperation to deal with the systemic challenge of China. And it\u2019s time to show that the digital playing field isn\u2019t all tilted in Beijing\u2019s favour.<\/p>\n","protected":false},"excerpt":{"rendered":"

More than 30 countries across Europe, North America and Asia yesterday joined in revealing and condemning the Chinese government\u2019s Ministry of State Security\u2019s work with Chinese cyber hackers and cybercriminals to hack companies, governments and …<\/p>\n","protected":false},"author":766,"featured_media":65864,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[1383,1801,2138,728],"class_list":["post-65862","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-ccp","tag-cybercrime","tag-cybersecurity","tag-hacking"],"acf":[],"yoast_head":"\nChinese state-backed hacking: time to level the playing field and breach the Great Firewall | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chinese state-backed hacking: time to level the playing field and breach the Great Firewall | The Strategist\" \/>\n<meta property=\"og:description\" content=\"More than 30 countries across Europe, North America and Asia yesterday joined in revealing and condemning the Chinese government\u2019s Ministry of State Security\u2019s work with Chinese cyber hackers and cybercriminals to hack companies, governments and ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-20T05:00:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-20T07:15:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/GettyImages-1233642432.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"651\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Shoebridge\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Shoebridge\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/GettyImages-1233642432.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/GettyImages-1233642432.jpg\",\"width\":1024,\"height\":651,\"caption\":\"BEIJING, CHINA - JUNE 25: Journalists take photos as they stand on a monument with a large Communist Party flag outside the newly built Museum of the Communist Party of China on June 25, 2021 in Beijing, China. China will mark the 100th anniversary of the founding of the Communist Party on July 1st. (Photo by Kevin Frayer\/Getty Images)\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/\",\"name\":\"Chinese state-backed hacking: time to level the playing field and breach the Great Firewall | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/#primaryimage\"},\"datePublished\":\"2021-07-20T05:00:55+00:00\",\"dateModified\":\"2021-07-20T07:15:12+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b7802124e14835ff19b5c244e962849f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Chinese state-backed hacking: time to level the playing field and breach the Great Firewall\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b7802124e14835ff19b5c244e962849f\",\"name\":\"Michael Shoebridge\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9ad669e65739d5a3f4bbc0e839d8a6b8?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9ad669e65739d5a3f4bbc0e839d8a6b8?s=96&d=mm&r=g\",\"caption\":\"Michael Shoebridge\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/michael-shoebridge\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Chinese state-backed hacking: time to level the playing field and breach the Great Firewall | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/","og_locale":"en_US","og_type":"article","og_title":"Chinese state-backed hacking: time to level the playing field and breach the Great Firewall | The Strategist","og_description":"More than 30 countries across Europe, North America and Asia yesterday joined in revealing and condemning the Chinese government\u2019s Ministry of State Security\u2019s work with Chinese cyber hackers and cybercriminals to hack companies, governments and ...","og_url":"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2021-07-20T05:00:55+00:00","article_modified_time":"2021-07-20T07:15:12+00:00","og_image":[{"width":1024,"height":651,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/GettyImages-1233642432.jpg","type":"image\/jpeg"}],"author":"Michael Shoebridge","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Michael Shoebridge","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/GettyImages-1233642432.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/GettyImages-1233642432.jpg","width":1024,"height":651,"caption":"BEIJING, CHINA - JUNE 25: Journalists take photos as they stand on a monument with a large Communist Party flag outside the newly built Museum of the Communist Party of China on June 25, 2021 in Beijing, China. China will mark the 100th anniversary of the founding of the Communist Party on July 1st. (Photo by Kevin Frayer\/Getty Images)"},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/","url":"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/","name":"Chinese state-backed hacking: time to level the playing field and breach the Great Firewall | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/#primaryimage"},"datePublished":"2021-07-20T05:00:55+00:00","dateModified":"2021-07-20T07:15:12+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b7802124e14835ff19b5c244e962849f"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/chinese-state-backed-hacking-time-to-level-the-playing-field-and-breach-the-great-firewall\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Chinese state-backed hacking: time to level the playing field and breach the Great Firewall"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b7802124e14835ff19b5c244e962849f","name":"Michael Shoebridge","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/9ad669e65739d5a3f4bbc0e839d8a6b8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9ad669e65739d5a3f4bbc0e839d8a6b8?s=96&d=mm&r=g","caption":"Michael Shoebridge"},"url":"https:\/\/www.aspistrategist.ru\/author\/michael-shoebridge\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/65862"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/766"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=65862"}],"version-history":[{"count":4,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/65862\/revisions"}],"predecessor-version":[{"id":65880,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/65862\/revisions\/65880"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/65864"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=65862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=65862"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=65862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}