With the announcement that the UK government would impose sanctions on two individuals and one entity accused of – unsuccessfully – targeting British parliamentarians in cyber attacks in 2021, the phrase ‘tip of the iceberg’ comes to mind. But that would underestimate the iceberg.
James Cleverly, the home secretary, said the sanctions were a sign that “the targeting of our elected representatives and electoral processes will never go unchallenged”.
But some experts saw it as a sign that Britain had been backed into a corner by a decision in Washington to charge seven people linked to the hacking organization known as APT31. accused of involved in a “prolific global hacking operation” that sent more than 10,000 malicious emails to politicians, officials, journalists and critics of China on several continents.
The sanctions “will not make any difference” to UK cyber security, said Alan Woodward, professor of cyber security at the University of Surrey, who said they were “the equivalent of sending a stiffly worded letter”. The British government “needs to say something because the Americans are saying something, but still doesn’t want to upset the Chinese.”
The government revealed the historic hacking attempts on the same day it pointed the finger at a “Chinese state-affiliated entity” that had compromised the Electoral Commission systems between 2021 and 2022. The Chinese embassy in London said the British statement was “completely baseless and constitutes malicious defamation”. But Britain has not accused any of the sanctioned entities of involvement in that breach. The government has “conflated two separate issues in a way that is quite confusing to the general public,” said Jamie MacColl, a cybersecurity research fellow at the Royal United Services Institute think tank.
Part of the reason Britain’s response is seen by some as weak and confusing is that Chinese hacking attempts are not isolated events. On the contrary, they form the ecosystem in which all Western governments must shape their relations with Beijing. In a report published on March 27, Google said China “continues to lead the way in state-sponsored exploitation.” Only APT31 has been linked to hacks France, Finland and from Microsoft, while New Zealand said this week that another well-known Chinese hacking group, APT40, attacked its parliament in 2021 (the Chinese embassy in New Zealand denied the allegations).
A recent data breach from Chinese cybersecurity company iSoon revealed the extent to which Chinese hackers compete for government contracts, sometimes hoovering up data from foreign agencies on spec in the hopes of selling it to the highest bidder. In the case of APT31, the US Department of Justice alleges that the hacking operation was directly led by a provincial branch of China’s Ministry of State Security.
But in general, says Mei Danowski, a Chinese cybersecurity expert and author of the Natto thoughts newsletter, almost every cybersecurity company in China would have some sort of contract with government customers. With a cybersecurity industry worth an estimated $13 billion, that’s a lot of potential hackers.
That leaves Western governments struggling to coordinate an effective response to hacks or hacking attempts. In many cases, the Chinese government has plausible denials of responsibility and it is not always clear what the impact of data breaches is. Audrye Wong, an assistant professor at the University of Southern California, said that while Russia-based hacks often “sow discord and chaos,” China has been “more cautious” and “still cares deeply about shaping the perception of China and the Chinese Communist Party. ”. Many Western international security experts refer to the maxim that while Russia is the storm, China is climate change.
Danowski says that since the U.S indicted hackers linked to a company called Chengdu 404 in 2020, business operations in China have continued as normal, indicating that the ‘name-and-shame’ tactic adopted by the US and Britain this week has run out of steam. can be quite symbolic.
And while China says it has “no interest or need to interfere in Britain’s internal affairs,” some cybersecurity experts note that gathering information about foreign states is the bread and butter of any country’s intelligence operations – in other words: spies spy.
Reuters recently reported that Donald Trump, while president, authorized a covert CIA operation on Chinese social media to turn Chinese public opinion against Beijing, in an operation that may still be active. If Chinese cyberattacks lead to “the intimidation of dissidents, I could see why sanctions would be justified,” MacColl said. “But from my perspective, the said activity is mainly political espionage.”