From the Business World (Oct 18):
Chinese cyber spies go ‘fishing’ amid South China Sea dispute
IN THE MIDST of a week-long hearing on a South China Sea
territorial dispute, the Web site of the Permanent Court of Arbitration (PCA)
in The Hague
went offline.
The incident happened in July as the Philippines challenged China’s claim to more than 80% of the South
China Sea, an assertion that Manila
says encroaches on its exclusive economic zone. Based on an analysis of the
software and infrastructure used, the site was infected with malware by someone
in China, according to
ThreatConnect, Inc., a US
security company. China
didn’t take part in The Hague
hearing.
Alongside the increased presence of coast guard and military ships and planes,
cyber espionage is emerging as a new front in the wrangling over the South China Sea, an artery for global trade that
straddles the Indian and Pacific oceans. Over the past 18 months China has rapidly built on reefs in the area,
butting up against smaller claimants such as Vietnam
and the Philippines.
China
regularly uses its coast guard and fishing vessels to warn away the boats of
other countries. The disputes have pulled in the US,
which patrols the waters in the name of navigational freedom -- most recently
it has reportedly been considering sailing warships into the 12 nautical mile
exclusion zone around the islands China is building.
“Whenever you see island-dispute issues flare up you also see cyber activities
spike as well,” said Tobias Feakin, director of the International Cyber Policy
Centre at the Australian Strategic Policy Institute in Canberra. “If it is being used in
coordination with the prodding that the Chinese do in a physical way, it surely
shows you see a strategic advantage in the use of that power.”
DATED NETWORKS
Southeast Asia’s smaller economies are vulnerable to hacks, given a lack of
spending on cyber defense by some countries that rely on remittances from
thousands of their citizens working overseas to propel growth, and a reluctance
to report breaches of government security. The one protection may be how dated
or incomplete networks are, with a reliance in far-flung areas on paper files.
Southeast Asian governments and companies are 45% more likely to be targeted
than the average for the rest of the world, security provider FireEye, Inc.
said in a recent report. While Chinese President Xi Jinping agreed last month
with US President Barack Obama to broad principles to stop the theft of
corporate secrets, the yet-to-be-developed rules will only cover the US and
China and won’t extend to traditional intelligence collection.
“The Chinese aren’t going to shut down their cyber espionage operations,” said
Dmitri Alperovitch, co-founder and chief technology officer of security company
CrowdStrike, Inc. “So they are most likely going to double down on traditional
intelligence collection.”
In The Hague, the Philippines
was seeking to enlist international law to deter China’s
expansion in the South China Sea. Hackers
embedded the PCA’s Web page on the case with code that infected visitors to the
page, according to ThreatConnect. That left diplomats, lawyers, and journalists
interested in the case at risk of information theft, plus their wider
organizations.
“It’s like catching fish with a net,” said ThreatConnect chief intelligence
officer Rich Barger. “I dip a big net into the ocean, I collect fish over the
course of a few hours, and then I have the option of pulling out a few targeted
fish that I wanted to have.”
The PCA Web site was unavailable for a short period in July due to technical
problems, Gaelle Chevalier, a case manager at the PCA, said via e-mail, adding,
“We have no information about the cause of the problems.”
The Philippines’ Deputy
Presidential Spokesperson, Abigail F. Valte, who was at The Hague, said she heard about the attack.
“We were surprised,” she said.
There are other signs of cyber attacks on countries at times of tension with China. When China dragged an exploration oil rig into
contested waters last year, it led to deadly anti-China protests in Vietnam and
clashes at sea between coast guard boats. There was a spike in cyberattacks on
Vietnamese government targets, according to CrowdStrike.
PEACEFUL PURPOSES
Neither the Chinese foreign ministry nor the defense ministry responded to
faxed questions about alleged Chinese involvement in the breach of the PCA or
Vietnamese government Web sites.
Officials regularly claim China is a victim of cyber security breaches and
have repeatedly denied being the source of hacks in the United States
and other countries.
The foreign ministry contends its island-building program in the South China Sea is legitimate because the reefs are its
sovereign territory, and that the construction is for peaceful purposes.
Vietnam
has seen a rise in cyber attacks on government sites with more than 3,000
defacement attacks and over 5,000 malware attacks in the first half of the
year, according to the information security authority in the Ministry of
Information and Communications. Hackers were found to have used Internet
protocol addresses based in countries including China,
the United States, and Russia, it said
in an e-mailed response to questions.
“Whenever there has been a vital political, economic or social event, such as
when the South China Sea disputes get
heightened and complicated, attacks on government agency websites, especially
those with a domain of .gov.vn, were seen to rise in volume, scope and mode,”
the authority said.
CrowdStrike’s claims jibe with those of FireEye, whose Mandiant division
alleged in February 2013 that China’s
military may be behind a group that hacked at least 141 companies worldwide
since 2006. After the report was published, the United States issued indictments
against five military officials who were alleged members of that group, known
as Advanced Persistent Threat 1.
In April, FireEye identified a group named APT 30 which it said had spent a decade
targeting governments, the military, and corporations in Southeast
Asia. It said software code and language were among indicators the
software used in attacks was developed in China.
ThreatConnect has identified a group of hackers called Naikon APT which it said
is backed by the People’s Liberation Army. Known as unit 78020, the group
conducts cyberespionage against Southeast Asian targets, ThreatConnect and
Defense Group, Inc. wrote in a report published last month.
While China
is viewed as the most active of the region’s cyber espionage actors, other
countries are developing capabilities, according to CrowdStrike’s Alperovitch.
“But the Chinese have been in this game for 15 years so they are head and
shoulders above everyone else.” -- Bloomberg
http://www.bworldonline.com/content.php?section=Nation&title=chinese-cyber-spies-go-fishing-amid-south-china-sea-dispute&id=117146