The threat posed by Chinese cyber attacks in Australia is not new, but the scale of activity is becoming of greater concern, particularly given the lackadaisical attitude of many Australian government and private organisations when it comes to cyber security.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
This may be part of the reason why Scott Morrison recently announced that political and private-sector organisations in Australia have come under cyber attack from a "sophisticated state-based cyber-actor". Furthermore, Defence Minister Linda Reynolds declared that malicious cyber activity was "increasing in frequency, scale, in sophistication and in its impact".
We have actually been under increasing cyber attack since the 1990s from a range of state actors and hackers associated with foreign government agencies - including some of our "allies" (but not our Five-Eyes partners). China has been the main offender.
The standard public response in the Defence Department to cases of possible intrusion to our non-air-gapped networks was "there is no evidence that anyone has penetrated our Defence systems". This avoided acknowledging whether penetration had occurred or not - because there was often no way of knowing.
Not much sophistication is required to penetrate many Australian organisations because it can be done using known vulnerabilities. It is common for Chinese Advanced Persistent Threat (APT) groups to search for unpatched web servers as soon as a software vulnerability patch is announced.
When I taught at the University of California at San Diego in 2003, most of the students studying advanced computing were from China. Being California, there were regular "insider" briefings for students by luminaries and indiscreet "nerds" from Silicon Valley about new cyber technologies and "breaking" areas of research.
It should not have been a surprise then when sensitive data was hacked from the US Joint Strike Fighter program. In April 2009, the Wall Street Journal reported that Chinese computer spies had penetrated the program's database and acquired terabytes of secret information. China's J-31 stealth fighter is strikingly similar to the US (and Australia's) F-35 Joint Strike Fighter - and was produced at a fraction of the cost.
A confidential report subsequently prepared for the Pentagon revealed that designs for more than two dozen weapons systems had been compromised. They included the Joint Strike Fighter, the Osprey aircraft, the advanced Patriot missile system, the Navy's Aegis ballistic missile defence system, and the Black Hawk helicopter.
Hackers in China work for one of three government organisations: the People's Liberation Army (PLA), the Ministry of State Security (MSS), or the Ministry of Public Security (MPS) - or are "free-lancers". The latter often cooperate or work with government agencies and Chinese industry or are associated with the MSS for their own security.
PLA Units 61398 and 61486 are Military Unit Cover Designators of PLA APT units believed to be the source of many cyber attacks, including spearphishing, as part of China's effort to embed software backdoors and steal trade and military secrets from foreign targets.
The PLA's main focus though is on cyber warfare and cyber defence in preparation for state-on-state conflict. No country wants to show its cyber capability before a conflict, so we don't know how effective China would be in disrupting Australia's systems if we were involved in a military conflict against China.
The MSS is the intelligence, security and "secret police" agency responsible for counter-intelligence, foreign intelligence and political security. It is the organisation in control of China's foreign cyber espionage operations.
The MPS is China's principal police and security authority and is the government ministry responsible for day-to-day law enforcement - similar to the FBI's responsibilities - but including monitoring internal communications. (I once had a hosted visit with the MPS in Shanghai.)
China's "free-lance" hackers or "gun-for-hire" APT groups are motivated by nationalism, patriotism, the challenge of penetrating foreign security systems, and obtaining information for their own financial benefit.
It is often not possible to tell who is working for who in China, and whether the cyber activity is being orchestrated or not. However, US Department of Justice indictments since 2018 have demonstrated US investigators' capability to identify what has been stolen from US companies and track it down to individual cyber attackers in China.
Targets of interest for China's cyber attacks are: foreign R&D (including COVID-19 vaccine research); advanced technology in general; "anti-China" activities by Chinese nationals abroad; any country's foreign policies affecting China; trade-related information; foreign governance systems (including identifying politicians susceptible to influence), and; any information that will benefit its defence and space sectors.
China is more interested in exploiting foreign internet networks than disrupting them.
China itself has been a longstanding target of the US National Security Agency (NSA) and many other foreign signals intelligence organisations, including those of most of its neighbours. (China's own cyber security is rated as very good.)
China's cyber activity against Australia may have been stepped up in response to Australia's continued questioning of China's policies (in relation to Uighur "re-education" camps, COVID-19 "cover-ups", and erosion of Hong Kong democracy) and our enthusiastic support for US policies, in an effort to get Australia to back off.
Cyber attacks offer a low-cost, low-risk, deniable way to exert pressure without causing a larger crisis.
However, the increase in Chinese cyberactivity against Australia may not have been orchestrated in Beijing. It could be a spontaneous reaction by Chinese "cyber patriots" to what they see as Australia's hostility towards China and recent allegations of anti-Chinese violence in Australia. (Some estimates suggest there could be as many as 50-100,000 hackers operating in China.)
Economically, Australia is far more dependent on China than China is on Australia, so federal politicians' continued public criticism of China could be counterproductive and against our national interest. Quiet diplomacy might be a more effective way of achieving desirable outcomes, but don't expect China's cyber attacks to disappear anytime soon.
- Clive Williams is a visiting professor at the ANU's Centre for Military and Security Law. He was formerly Director of Security Intelligence in Defence.