The US Department of Justice is indicting seven Chinese people for allegedly being members of a hacking group. That group is said to operate on behalf of the Chinese government and, according to the Americans, has carried out thousands of (attempted) hacks on politicians, journalists, companies and critics of the Chinese regime in the United States and Europe.
“This case is a reminder of the lengths the Chinese government is willing to go to target and intimidate critics,” said US Attorney General Merrick Garland. The US and the United Kingdom are imposing sanctions against a Chinese tech company, which they say is a front for the Chinese government spy agency.
The Americans’ indictment states that the hacker group, which is said to have been active since 2010, sent more than ten thousand phishing emails to high-ranking officials. This would have allowed the Chinese government to trace the online movements of the targets.
We do not see the Chinese navy in the North Sea, but Chinese hackers do in the Netherlands and throughout Europe.
Within the world of cybersecurity, the hacker group is known as APT31 Group. APT stands for Advanced Persistent Threat. Cyber security professor Bart Jacobs (Radboud University) explains that this term indicates that highly professional hackers are behind the operation. “In practice, these are often actors acting on behalf of a government.”
Jacobs is not surprised by the Chinese operation and its scale. “That’s how the Chinese do it. We don’t see the Chinese navy in the North Sea, but Chinese hackers do in the Netherlands and throughout Europe.”
“Nothing new under the sun,” says MEP Bart Groothuis (VVD), who specializes in digital security. “But what you do see is that the Chinese have shifted their focus from economic and political espionage to undermining the democratic legal order. This is a new hunting ground.”
Emails with hidden links
The hackers sent emails to their targets that appeared to come from legitimate news platforms or journalists. The emails contained hidden links, so that simply by opening the email, information was passed on to China about, for example, the user’s computer system.
Jacobs: “If you want to hack that computer, you need to know what kind of system is used so you can then carry out a targeted attack.” According to the US Department of Justice, in some cases these activities led to the “successful compromise of email accounts, which could sometimes be tracked for years.”
An important purpose of these types of operations is to keep an eye on critics of the Chinese regime, says Jacobs. “In this way, the Chinese can find out who the sources of those critics are. These sources probably come largely from the Chinese community, which the Chinese government wants to silence.”
‘Dangerously nonchalant’
European parliamentarians were also targeted by the hacker group. The indictment states that all EU members of the Inter-Parliamentary Alliance on China (IPAC), an international organization that speaks out against human rights abuses by China, were targeted.
Former MP Sjoerd Sjoerdsma (D66) was a member of IPAC at the time of the hacking operation. He calls it very painful that this could have happened. “It is dangerously nonchalant how the Dutch government deals with the Chinese threat and hacking attempts. It is embarrassing that the US makes this public and imposes sanctions, while the Netherlands and the EU remain silent.”
Unlike Sjoerdsma, Professor Jacobs does not think that the Netherlands underestimates the Chinese cyber threat. “The AIVD and MIVD regularly warn about this.”
At the beginning of February it was announced that China had broken into Defense systems with malware. Jacobs: “It was exceptional that the ministry announced in detail how the attack took place. They did this to warn internationally and as a deterrent to the Chinese: if you attack us, we will announce how. Whether China really cares will stop them from continuing to do this, I don’t know, but they might think three times before attacking certain targets in the Netherlands.”
Countermeasures
Outgoing Prime Minister Rutte spoke today in Beijing with Chinese President Xi Jinping and also discussed the malware attack on Defense with him. “While these are difficult topics to discuss, this relationship is important and we will continue our dialogue with China.”
According to MEP Groothuis, countermeasures must come from Brussels. “The European Council and the Commission have a task ahead of them: impose sanctions, but also speak a clear language that China understands. You must create a black book of all these operations together and then issue a loud bang by saying: we are going into Europe take countermeasures.”
