The United States has formally accused China of both funding and operating cells of hackers who infiltrate research labs working on responses to COVID-19. From a statement released jointly by the FBI and the Department of Homeland Security’s Cybersecurity Advisory Unit:
[The PRC-affiliated cyber actors and non-traditional collectors] have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with Covid-19-related research. The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.Public Service Announcement, “People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations ” at FBI & CISA
Many countries have a vital national interest in vaccines, medicine, and tests so some illicit information-gathering might be expected. The question raised recently at Wired is, at what point is a response warranted?
But there’s an argument that even normally acceptable geopolitical espionage should be highly circumscribed when going after vaccine and related data… The CISA/FBI announcement indicates that the US government is mulling the parameters of espionage in a pandemic. At an extreme, aggressive hacking against targets developing vaccines or other lifesaving treatments could be interpreted as crossing an invisible line—and could warrant some sort of retaliation.Lily Hay Newman, “The US Says Chinese Hackers Went Too Far During the Covid-19 Crisis” at Wired (May 14, 2020)
State-sponsored cyberhacking has picked up since COVID-19 spread worldwide. Reuters recently reported that Gilead, the US-based pharmaceutical company that makes anti-COVID drug Remdesivir, was the target of hackers backed by Iran. Some nations have also tried to hack into China’s system in an effort to obtain accurate information on COVID-19 cases. The WHO reported a five-fold increase in cyber attacks compared to this time last year. Many of these attacks were targeted at the general public with emails that spoofed WHO employees’ emails, asking for donations.
Last week, the National Cyber Security Center in the UK and the Cybersecurity and Infrastructure Security Agency in the US sent a joint warning to healthcare organizations after the World Health Organization and other medical organizations and research institutions were targeted with what they called “large-scale password splaying” to obtain member passwords and other account information. These organizations have also been targeted through vulnerabilities in unpatched software and in certain VPNs, a problem that intensified when many people started working from home.
The US and UK did not specify which countries were involved, only calling them “advanced persistent threat groups”; however, according to the New York Times, this wording is often used for “the most active cyberoperators: Russia, China, Iran and North Korea.” Security specialist Justin Fier told the Times that the current frequency of cyber attacks and the spectrum of targets in this area is “astronomical, off the charts” and that “Everyone is conducting widespread intelligence gathering—on pharmaceutical research, PPE orders, response—to see who is making progress” (May 10, 2020).
Additionally, Google reported finding “more than 12 state-sponsored hacking groups using the coronavirus to craft phishing emails and attempt to distribute malware,” including phishing emails aimed at U.S. government employees. Cybersecurity strategist Peter Singer told Wired that there has never been a better time to be a government hacker:
This is beyond the wildest dreams of the attacker in terms of the scale of remote work, in terms of all the ad hoc systems that have had to be put into place. The target might be a government or corporate system, or it’s a personal account—it’s just such an incredibly open environment.Lily Hay Newman, “Google Sees State-Sponsored Hackers Ramping Up Coronavirus Attacks” at Wired (April 22, 2020)
Many organizations have called for global norms for resisting cyber infiltration. At present cyber espionage occupies a blurry line between obtaining information by illicit means and an act of aggression. The UN has attempted to lay down a set of norms for cyber interaction between members but talks were stymied and no formal rules have been put in place. One constraint is that member states are divided, with China and Russia and their allies on one side and the US, UK, and their allies on the other. Notably, China has controlled much of the conversation, calling for ambiguously worded rules or rules that it does not itself follow. For example, the Chinese Communist Party would consider anyone who disturbs the stability of their authoritarian rule a “terrorist,” a definition that is not widely accepted elsewhere.
China/US History of Hacking
In 2015, China signed an agreement with the US that distinguishes between political cyber espionage and economic espionage, which usually means obtaining trade secrets (Wired, September 25, 2015). Political espionage is part of the “norms of espionage” (nation states constantly gather information on each other, often by illicit means). Obtaining trade secrets, however, is considered theft of intellectual property. As per the terms of the agreement, if China engages in economic espionage, then the US is entitled to respond with economic sanctions as well as proportional counterattacks.
The 2015 agreement was renewed in 2017 under the current U.S. administration although China continued to push its limits. However, China has violated the terms of the agreement on several occasions, including hacking into Google, Microsoft, Intel, and VMware, to say nothing of the Equifax hack where Chinese military hackers stole 150 million records.
All of which makes China’s behavior [after the 2015 agreement]—toeing the furthest edge of the agreement’s red line and occasionally crossing it entirely—a case study in the power and limits of diplomacy when applied to curbing secret, deniable, and often invisible digital misbehavior.Andy Greenberg, “China Tests the Limits of Its US Hacking Truce” at Wired (October 31, 2017)
Last week was not a good week for China’s global image. Apart from the US formally accusing China of trying to steal COVID-19 research, the CIA accused the Chinese government of strong-arming the WHO into delaying declaring a global health emergency so that the country could hoard medical equipment (Newsweek). Further, China’s attempts to control the narrative of the virus’s origins are not working. Over 120 countries have signed a petition calling for an impartial investigation into the early days of the pandemic. If a reliable report is produced, it should make for some very interesting reading.
AI in war means deepfakes as well as killerbots. In its Gerasimov and Primikov doctrines of warfare, Russia makes this clear. (Denise Simon)