Britain, the United States and Japan are warning of a worrying upsurge in cyberattacks from China. Many institutions seem to be the target of hackers who are furthering the interests of the Chinese government. Duncan Bartlett investigates claims that Chinese agents used the dark web to offer hundreds of thousands of dollars to criminals who would hack their enemies.
The recent decision by the British government to ban the Chinese company Huawei from the U.K.’s 5G telecom system was not made lightly.
Two questions were considered carefully: how much would it cost to remove all the Huawei gear completely from U.K. systems? And more importantly, how much of a potential threat does Huawei pose to Britain’s security?
The discussion about the money was left to business leaders, civil servants and politicians. They concluded that although the move would be expensive, it would not be unmanageable, once the cost was spread across all of the telecoms companies over a period of several decades.
The British government is now hoping European firms such as Ericsson and Nokia can help build a safe 5G network, with support from technology firms from Japan, South Korea and Taiwan. It should be a good business opportunity for companies based in countries which are friendly with the U.K.
The pressing question of cybersecurity was handed over to an organization known as the Huawei Cyber Security Evaluation Centre, which has a small office in the quiet town of Banbury near Oxford. You might expect this to be a very secret organization but in fact, it is quite open about its work. It was set up as a joint operation between the U.K. authorities and Huawei itself in 2010, and it says its goal is “to mitigate any perceived risks arising from the involvement of Huawei in parts of the United Kingdom’s critical national infrastructure.”
Since 2014, the work of the team in Banbury has been monitored by Britain’s National Cyber Security Centre, known as GCHQ. When U.S. President Donald Trump started lashing out against Huawei and warning America’s allies not to use the company, the team’s work became a matter of considerable international interest.
While investigating the Huawei story, I managed to make contact with a former British diplomat, who said he had some useful information to share with me. The Chinese government, he told me, may have used illegal methods to try to disrupt the work of the Huawei Cyber Security Evaluation Centre. He implied that the Chinese used a combination of bribery and espionage to promote their national interests.
I was intrigued to hear more, so we arranged to speak by phone. I recorded and transcribed our conversation. The man gave me his name and contact details but asked me not to use them in the media. He also told me that he has been working alongside a former British intelligence officer, who he also named.
Excerpts of our conversation follow.
The ex-diplomat first said:
So, you're probably familiar with the Banbury center, which is the institution which exists to double check Huawei kit before it's allowed into the UK’s network? If you read its annual report, it shows that there's a recognition that Huawei equipment does represent a potential high risk. But there has been a decision to seek to manage that.
I know of the centre, yes. So how is it run?
Well this is where there are some, um, I don't want to say inherent flaws, but inherent risks, not the least of which is that the staff at the centre are paid for by Huawei. Yet they work under the supervision of the National Cyber Security Centre. So it's an odd hybrid.
What about the hacking allegations?
So, what we found is that, separate from anything that the Huawei people at that centre are doing, we found out that what you might call a tender [an offer of payment] has been put out for the attention of criminal hackers. And that exists on the dark web. So if someone wants something hacked, they put it out there and different hacking groups will present their knowledge and capabilities, and someone will get a contract.
How much money are we talking about?
What was interesting about this tender targeting that centre was that the sum involved was very large: $600,000 USD. That’s an extremely unusual level of funding for this kind of activity. So that suggests strongly that this is a state actor. Obviously we don't know that it's China, any more than it could be any other country, but that seems like one sort of reasonable analytical hypothesis.
Just on the dark web issue, is that something that's been researched from your side?
Well, it's one of the capabilities that this side has, yes. We've got various points of access to the dark web. So yes, that's something that we brought to the report.
Reviewing the Conversation
After we finished our conversation, I realized that nothing the man said can be proven. He did not invite me to look at the dark website where the appeal for the hackers is apparently posted.
Nor do I know if anyone actually took up the offer to interfere with the work of the team at the Banbury office. All I know for sure is that soon after my conversation with the man, Huawei lost its contract to work with Britain on 5G.
Many other European countries are considering similar bans, encouraged by the Americans. Japan never invited Huawei or other Chinese companies to be involved in its telecoms infrastructure, a decision which seems in retrospect to have avoided a lot of conflict and cost.
It is also worth considering the allegations relating to Huawei in context. There is no doubt that cyberattacks from China are seen as a major problem by the British government .
For example, the Cybersecurity company Malware Bytes picked up an attack in mid-July which was embedded in a document entitled “Boris Johnson Pledges to Admit 3 Million From Hong Kong”. The means used suggests that the source of the attack probably had political motivation. The company said: “We believe this new campaign is operated by a Chinese state-sponsored actor.”
The FBI’s View
In America, FBI (Federal Bureau of Investigation) Director Christopher Wray used a speech in early July to slam the Chinese government for its use of espionage and cyberattacks against the United States.
“To achieve its goals and surpass America, China recognizes it needs to make leaps in cutting edge technology. But the sad fact is that instead of engaging in the hard slog of innovation, China often steals American intellectual property and then uses it to compete against the very American companies it victimizes, in effect, cheating twice,” he said.
He then added that the Chinese government targets “research on everything from military equipment to wind turbines.”
Japan has similar concerns and blames China for a cluster of cyberattacks on firms with close ties to the defense sector, including Nippon Electric Co (NEC), Mitsubishi Electric, Kobe Steel and the satellite data provider called Pasco Corporation.
Defense Minister Taro Kono announced earlier this year that a range of measures would be taken to avoid sensitive data being compromised, saying “we will reinforce the cyber defense squad” within Japan’s Self-Defense Forces (SDF).
The official line from China is that the government is opposed to illegal activities by cybercriminals.
At a recent press conference, China’s Foreign Ministry spokesperson, Wang Wenbin, stated: “The Chinese government is a staunch defender of cybersecurity. We firmly oppose and fight all forms of cyberattacks and cyber crimes. We urge the U.S. to immediately stop slandering China under the pretext of cybersecurity.”
Where That Leaves Us
My view is that it is almost impossible to know for certain who is behind the illegal actions which thrive on the dark side of the web.
Yet I cannot accept that it is merely “slander” to suggest that many crimes involve well-organized and well-funded groups within China, which must surely be well known to the authoritarian state government.
Author: Duncan Bartlett
Duncan Bartlett is the Editor of Asian Affairs and a regular contributor to Japan Forward.