Phishing in the South China Sea: Cyber Operations and Hybrid Warfare in the Troubled Waters

CERT-LatestNews ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic

unnamed (1).jpg

Chinese maritime militias posing as fishermen – dubbed ‘little blue men’ – buzzing around U.S. military vessels stationed in the South China Sea. Intensified island-building activities by the People’s Liberation Army (PLA) to claim large swaths of territories in the waters disputed by six East and Southeast Asian nations. Donations to political parties friendly to China’s aspirations in the region. Covert cyber operations targeting territorial rivals. 

While Russia’s hybrid warfare tactics have dominated the news cycle since the annexation of Crimea in 2014, China’s activities in the South China Sea have drawn close lessons from the Kremlin’s playbook. Beijing’s embrace of the concept of modern hybrid warfare has been part of the regional power’s calculated bid to blur the lines between ‘war’ and ‘peace’ in pursuit of its maritime sovereignty claims and avoid outright provocation of its rivals – particularly the United States.

Much of the discussion around the Russo-Ukrainian conflict on hybrid warfare has focused on Russian operations in cyberspace, and for a very good reason: Ukraine quickly emerged as a cyber war testing ground for Russian hackers perfecting their increasingly sophisticated cyber operations that have knocked off power plants, falsified election results, and paralyzed key industries and government agencies. In the South China Sea, for years the international community followed anxiously as PLA units piled sand and built airstrips onto the disputed rocks. At the same time, behind the scenes a string of aggressive cyberattacks believed to originate from China has been hitting regional rivals’ networks. These attacks have shown a notable uptick during each geopolitical crisis surrounding the waters, yet gone almost unnoticed by governments and analysts alike. If the Kremlin’s tactics in Ukraine are any indication, however, Beijing’s cyber war capabilities could soon redefine armed conflict in the South China Sea.

The battle for the disputed waters first went digital in April 2012, following a tense standoff between Chinese and Filipino vessels docked at the Philippine-claimed Scarborough Shoal. A Chinese cyber unit breached government and military networks in the island nation, stealing military documents and other highly sensitive communications related to the conflict. In the half decade since, the two loudest opponents to China’s nine-dash-line in Southeast Asia, Philippines and Vietnam, along with the headquarters of the 10-nation Association of Southeast Asian Nations (ASEAN) and private critical infrastructure companies have faced an avalanche of cyberattacks originating from China.

Chinese hackers, much like their Russian counterparts in Ukraine, have done little to cover their traces or mask their ties to the territorial dispute: Last July, Vietnamese airports were hit hard in a series of breaches, with hacked flight monitor and announcement systems altered to display pro-Chinese, derogatory messages about the country’s territorial claims. Two years earlier in 2014, Chinese hackers breached a Vietnamese intelligence agency’s network twice, gaining access to secret information about the country’s diplomatic and military strategies. The first breach followed deadly anti-China protests in the aftermath of an international incident surrounding a Chinese oil rig in Vietnam-claimed waters, the second occurred in a likely response to Vietnamese weapon and naval acquisitions,

In July 2015, China-based hackers sent an even clearer message. During a hearing at the Permanent Court of Arbitration in The Hague over China and the Philippines’ overlapping claims, the court’s website was reportedly infected with malware originating from China, leaving anyone interested in the landmark legal case – diplomats, journalists, lawyers – at risk of data theft. A year later in 2016, within hours of the Court’s unanimous rebuke of China’s nine-dash-line, tens of websites in the Philippines were knocked offline for several days in a crippling distributed denial of service (DDoS) attack, hitting key government agencies including the Department of Foreign Affairs and National Defense, the Central Bank, and local medical centers.

Through these breaches, Chinese cyber units working for or in tandem with the government have gained critical access to confidential information on China’s rivals’ military capabilities and diplomatic negotiating positions, giving Beijing an upper hand in future crises. More alarmingly, the attacks have given hackers strategic access to networks in target countries’ military organizations and critical infrastructure companies. This access could be exploited during future operations not only for further espionage or the spread of disinformation, but to cause physical damage and human casualties. In Ukraine, Russian hackers have already repeatedly shut down power stations, causing blackouts in the middle of freezing winter temperatures; the threat of a similar attack knocking offline medical centers, transportation systems, or electric facilities in one of Southeast Asia’s mega cities is just as likely.

Should the simmering tensions in the South China Sea escalate into an active military conflict? China’s cyber units can be expected to quickly graduate from espionage and relatively harmless denial-of-service attacks and website defacements to sustained attacks causing real damage in the physical world. The Southeast Asian claimants, however, remain woefully unprepared to counter Chinese hackers with operational cyber capabilities that are weak at best and completely non-existent at worst.

The need for better cyber defenses has become an oft-repeated mantra in cybersecurity literature. However difficult – and for many countries in the region, dauntingly costly – they remain the best way to protect a nation’s networks. The Southeast Asian countries with competing claims to the South China Sea should begin rapidly investing in more sophisticated cyber capabilities through national investments, regional initiatives, and broader international defense cooperation. In addition, increased training on online best practices for civilian Internet users, whose numbers grew by 80 million across the region last year alone, would help fend off threats emanating from patriotic hacker groups and other less sophisticated threat actors.

At the same time, the United States, whose South China Sea policy under President Trump remains largely adrift, should redirect its attention back to the region. Although geographically far removed, its regional alliances and broader strategic interests in the Asia-Pacific would inevitably drag the country into a dispute. Continued freedom-of-navigation operations within Chinese-claimed waters; joint cybersecurity exercises with the region’s militaries; deft diplomacy; and increased bilateral engagement with the increasingly pro-Chinese leadership in the Philippines would effectively challenge Beijing’s narrative, boost the region’s cyber defenses, and help balance the waning U.S. influence in the region.

As the last three years in Ukraine have demonstrated, nation states have grown increasingly capable and willing to use cyber tools to accompany more traditional means of warfare. Without a resolution on the horizon, the South China Sea dispute is likely to remain inflammatory for the near future. Countries with competing claims to the troubled waters need to take swift action to better defend their networks before the next digital tantrum with potentially catastrophic consequences takes place.

http://www.chinausfocus.com/peace-security/phishing-in-the-south-china-sea-cyber-operations-and-hybrid-warfare-in-the-troubled-waters

Tagged