Editor’s note: The insight from Sean Kanuck, IISS Director of Cyber, Space and Future Conflict shows that the battle has gradually shifted to the cyberworld.
A group called Intrusion Truth is ‘doxing’ members of the suspected Chinese government hacking unit known as APT10, which has targeted foreign manufacturing and aerospace firms to steal trade secrets. Intrusion Truth is purportedly motivated to combat industrial espionage and has posted names, Uber receipts and other information that identifies specific individuals from the Tianjin-based unit that it alleges is managed by the Chinese Ministry of State Security.
At a time when states can rarely be held accountable for their hacking campaigns in any appreciable way, efforts to personally compromise the hackers themselves may be one avenue to curtail illicit activity. The landmark APT1 report released by Mandiant in February 2013 introduced a new era of private cyber security firms publicising technical identifiers that expose the actual operators at the keyboard. One can only imagine that state-sponsored hackers who are caught in the act and become the subjects of criminal indictments or international diplomatic controversies will suffer personal and professional setbacks. This approach may prove to be quite an effective cyber analogue of decreasing adversary troop morale in the military context. Strategic theory should not overlook the fact that human beings each have their own motivations and concerns that are not coextensive with the objectives of their organisations.
Iranian influence campaigns
Cyber security firm FireEye linked the Iranian government to a series of online influence campaigns targeting audiences in the United States, the United Kingdom, Latin America and the Middle East. The operation used tactics similar to those of Russia, including fake news sites and inauthentic social media accounts, in an attempt to shape attitudes towards Saudi Arabia, Israel, Palestine and Washington’s foreign policy on Iran.
A tip-off from FireEye also led to the removal of 652 pages, groups and accounts from Facebook and Instagram. Facebook identified several suspicious networks of accounts originating from Iran that were used to promote propaganda and organise events. The activity dates back to 2011 and includes spending US$12,000 on political advertising on the platform. Google revealed that it had also removed 39 YouTube channels, six blogs on Blogger and 13 Google+ accounts that it linked to the state-run Islamic Republic of Iran Broadcasting. In addition, Twitter suspended 770 accounts, the majority of which originated in Iran.
Another ongoing cyber espionage campaign emanating from Iran is believed to be targeting 76 universities across 14 countries. The operation relies on some of the same infrastructure that were used by the state-sponsored Iranian hackers indicted by the US government in March for stealing intellectual property from American universities.
Unease builds in run-up to US elections
Last week’s false alarm of an attempt to hack the Democratic National Committee (DNC) voter database highlights the tense atmosphere surrounding the upcoming midterm elections in the US. While some commentators criticised the premature reporting of suspect activity – which was actually part of a cyber security test – many others lauded the DNC for erring on the side of caution and immediately seeking federal law enforcement assistance.
In a sign of growing unease between the public and private sectors, participants from nine major technology companies were reportedly disappointed with the lack of specificity regarding potential threats provided by senior officials from the Department of Homeland Security and the Federal Bureau of Investigation. Perhaps discouraged by the level of information they are receiving from the government, representatives from Facebook, Twitter and other firms held a private meeting in San Francisco on 24 August to discuss their own election security strategy.
Facebook responds to war crimes in Myanmar
Facebook removed organisations and officials in Myanmar from its platform, including accounts and pages associated with the country’s military. The social media company took down one Instagram account, 18 Facebook accounts and 52 Facebook pages followed by a total of close to 12 million people. Facebook stated it had taken the decision in order to prevent actors associated with Myanmar’s military from ‘using our service to further inflame ethnic and religious tensions’.
Facebook has received criticism for the role it played during clashes between Myanmarese authorities and the country’s Rohingya minority that led to widespread human-rights violations. A United Nations Human Rights Council mission found that ‘hate speech and incitement to violence on social media is rampant, particularly on Facebook’.
Consumer spyware firms breached
Spyphone, a company that sells spyware to consumers, left several terabytes of surveillance data in an unsecured Amazon S3 cloud storage. The company’s software tracks texts, calls, emails, messaging applications, location services, passwords and other information. Approximately 2,200 Spyphone customers, many of them parents monitoring their children, were affected by the breach. A similar company, TheTruthSpy, had data on more than 10,000 customers stolenby a hacker in February. At least five other consumer spyware companies have been hacked in the last 18 months because of poor security.
Australia to block Chinese tech in 5G upgrade
The Australian government announced that it would not allow ‘vendors who are likely to be subject to extrajudicial directions from a foreign government’ to participate in its 5G mobile network infrastructure. Although Huawei and ZTE were not explicitly named in the security guidance, the decision ends months of speculation over whether the government would permit the two Chinese firms to be involved in the upgrade. It also follows decisions by countries like the US, which bannedHuawei and ZTE from bidding on government contracts due to espionage concerns.
China promotes former internet regulator to chief propagandist
The Chinese government named Xu Lin as the head of the State Council Information Office, the Chinese Communist Party (CCP)’s propaganda arm. Xu’s appointment may represent an effort to strengthen CCP’s control over a state institution, says IISS Senior Adviser Nigel Inkster. Xu was previously head of the Cyberspace Administration of China and head of the Secretariat for the Leading Small Group on Informatisation and Cyber Security – the position which conferred real power. ‘In contrast to his extroverted predecessor Lu Wei – now under investigation for corruption – Xu has kept a low profile but has loyally implemented President Xi Jinping’s cyber agenda and presided over a departmental rationalisation of cyber responsibilities.’ He will be replaced by his former deputy Zhuang Rongwen, who is also close to Xi.
Last week, the US-China Economic and Security Review Commission released a report on the strategy, goals and actors associated with the CCP’s United Front Work Department, the agency that coordinates foreign influence operations by co-opting ‘ethnic Chinese individuals and communities living outside of China’.
Credits | IISS