CNN-News18’s Shreya Dhoundial speaks to top cybersecurity expert and Recorded Future CEO Christopher Ahlberg on China’s digital army and what India needs to watch out for
Of late, China has been flexing its muscles in cyperspace. More and more reports are emerging of Chinese State-sponsored hackers targetting institutions and companies around the world, particularly in Europe and the United States.
Just last month, a US-based private cybersecurity company said it uncovered evidence that an Indian media conglomerate, a police department and the agency responsible for the India’s national identification database had been hacked, likely by a State-sponsored Chinese group.
So, what is China up to? And how wary does India need to be?
CNN-News18‘s Shreya Dhoundial speaks to top cybersecurity expert and Recorded Future CEO Christopher Ahlberg.
The following interview has been edited and condensed for clarity:
A lot of work you do is China-centric. Could you tell us what is the threat landscape that we are looking at as far as cyber espionage/cyber warfare is concerned?
Thinking of cyber, it has become this sort of new vector of… call it intrusions at large. Think of it as two big pieces: One is to steal money and the other is to steal secrets, and maybe there is a potential for actual destruction in the future. So, the threat landscape includes that. You know there are people, primarily Russian criminals, who are trying to steal money. Then, there’s stealing secrets. That’s what you’ve seen the Chinese doing over the past 10 to 20 years.
What exactly is China trying to do?
There are two main things. The first is driving their economy. They have a goal, the Communist party does, of growing seven percent per year. That is basically impossible to do without stealing intellectual property. So they have a massive project to steal intellectual property around the world. A lot of it is obviously from Europe and US, primarily from the US. It is not by random chance that every Chinese fighter jet looks like a copy of a US fighter jet.
The second is getting ready for war. If you want to get ready for a war, you want to pre-position malware in systems all around the world. You want to be able to build a database of your opponents: be it officers, intelligence officers, those sort of things. They have sort of a mass-scale effort for that as well.
How does it work? What is the hierarchy? Is it State-sponsored? Are these lone-wolf campaigns?
You have two main agencies that do this in China: the strategic support forces under the PLA and the Ministry of State Security. Those are the two key pieces. They operate a little bit separately. PLA tends to run their own units. For example, recently, a bunch of Indian institutions were hacked by the Chinese. It was done by Red Fox Strode which operates out of Xinjiang province, in particular unit 609010 run by the PLA.
The MSS calls themselves sort of independent contractors. Sometimes they’re tied to universities, sometimes to super-computing centers or separate companies. There are examples of these sort of companies run as penetration testing firms and claim to do ordinary security work, but in reality are working on behalf of the government. Typical Chinese operations are not lone wolf campaigns.
We are often told that future wars will be fought in cyberspace. What Indian sectors have been targeted and what are the potential sectors that India should be looking at as far as Chinese espionage is concerned?
The important thing to note is that warfare is going to be hybrid. It is going to involve classic warfare and cyberwarfare (whether that is espionage to destroy things and influence operations). Influence operation is a key component.
The sectors that we observe that are being targeted are government entities, defence sector and telecommunications. It makes sense. If you want to steal secrets, you are going to do that to the government, you are going to go after the defence industry because you want to understand the capability of the adversary.
And telecommunication because it is the place to steal other sort of information and sometimes they get information straight from the telecommunication companies. Those are the biggest sectors. But they are obviously going to go after other sectors.
But most of these companies say we are well-protected; we have a wall. Then how are the Chinese managing to infiltrate?
This idea of wall is an illusion. All companies, including government companies, are moving into the digital world. Everything is going online. Number one, now the wall goes away. There probably never was a wall to begin with. But now things are spread out across the internet. I think too many people are cocky rather than being humble.
And there are always gaps. The question is: do you know the gaps better or does the adversary know the gaps better? And unfortunately, the adversary just keeps on looking and looking. He just needs to find one gap at one time.
If you are some Chinese MSS outfit or PLA outfit who has the job to go after this one Indian defence contractor, the job is specific. They are happy to wait two years to get in. They just need to wait for the one time during those two years for there to be a gap and they continuously scan it.
One can understand why Chinese firms will be interested in defence contractors. But why the energy sector?
Two different reasons. There are probably many, but I will list two. One, the work we do around Red Echo where they pre-position malware into dispatch centres around India. You can do that for two reasons: because you are pre-positioning malware that you want to destroy power structure at the time of war. Or you just want to send a signal that you can. You just want to mess with the opponent, just get him afraid.
The other part of it is that energy companies are some of the most hacked around the world. Their hands are in oil fields, you know Indian oil companies probably have all kinds of information where they are finding oil around the world. It could be their own or joint ventures. If I was China, I would find that information, use it on my own, maybe I’d sell it or give it to my own oil companies. Oil companies are being hacked all day every day.
Could you list for us some of the major campaigns China has launched as far as cyber-attacks are concerned?
Looking at just the past two years alone, we identified 60 attacks from PLA and MSS. That’s a fair amount. It takes time and effort from Chinese side. That means you’re doing one every other week over two years. We have probably identified only a portion of it. These guys are quite active. This, again involves going after defence and power sectors.
The India, China relationship is at a low. We’ve seen a stand-off at eastern Ladakh for the past 20 months. Over this period, have you seen increased Chinese cyber activities directed against India?
We saw that last summer when the activities were ongoing at Pangong Lake area. Intrusions in the power infrastructure likely occurred at that time. It is hard to know whether they were doing it before. But as per our observations they happened around and after the Pangong Lake activities.
China is making a big push towards digital colonisation in Africa. What is China trying to do there?
China needs resources. All countries needs resources, but maybe China needs resources more. China knows Africa is a place from where they can get a lot of resources. They also share a complete willingness to work with a lot of people, like dictators, that we would not like to do business with.
China is quite happy to do business there. So, if you ask again why would they get into oil companies, that’s probably why. They figure out other people have found resources in Africa, now they want to get to that. Now they are building what they call a road initiative that is sort of shaping the world’s minds both at the individual, national or international level to the benefit of the China.
That is what they are doing and there is a long-term plan. China sees Africa as its backyard. They have built a big base in Djibouti. They can take their aircraft carriers to this base. Just go to Google maps and look at the southern part of Djibouti. It is not a tiny base that they have built. It is incredible.
Every time Beijing sells equipment to an African nation or puts in place some kind of infrastructure… is China embedding itself in Africa?
It is more subtle than that. If you are a big investor in the country, you get big influence. That is what China has done in Pakistan. That is what they are doing in Africa. So, they try to be a good investor. I don’t think they are malicious about every little thing that they are doing. They have their objectives and they try to find partners. That’s why the Chinese telecom companies have had an aggressive plan sponsored by the Chinese government to put in place infrastructure across Africa and many other places.
It is not necessary that there is going to be a microphone in every little device. However, what is important to know is there has been a lot of debate about whether they are building backdoors into these things or not. The key thing is that it was built by Chinese engineer working in Chinese companies. So, they have the full blueprint of how it works and in the future, they have the time and the opportunity to plant certain things.
It might be a software upgrade, it might be totally fine and legit, but, again they know how to get things into it. Telecom companies are one of the favourites of hackers but that does not mean that we, as a free world, should accept Chinese infrastructure.
In the cyber espionage space, are you seeing any sort of collusion between China, Pakistan and Turkey?
We don’t have any hard data on that. They are certainly rumours that Pakistan is influenced by China in cyberspace. We don’t have any hard data.