By: Prof. SRIKANTH KONDAPALLI, Centre for East Asian Studies, JNU
The recent revelation by the US government agencies that China’s Ministry of State Security was involved in cyber attacks on American companies e-mail systems this March; and that China had contracted “criminal hackers” for state-sponsored cyberattacks for financial gains, has rattled the international community, as the globalisation process is intensifying. The US has sought a unified response against China’s attacks from its allies in Europe, Australia, New Zealand, Japan and others; thus seeking global response.
While these accusations are not new, it nevertheless reveals the travails of the ever-expanding cyber domain that has become indispensable after the novel coronavirus spread from Wuhan in China in late 2019. The lockdown of whole nations in the last one-and-half years of the epidemic signified the outreach of e-commerce platforms, fin-tech, start-ups and others on a global scale but also to their vulnerabilities for cyber-attacks. According to an estimate; out of nearly 500 documented cyber-attacks in 2009-19, 79 confirmed attacks originated from China. According to another estimate, 41 percent of global cyberattacks are traced to China till last year.
Thousands of specialised network-warfare specialists from China’s Ministry of State Security, Public Security Ministry and the armed forces are said to be involved in the cyber-attacks worldwide. With the recent launch of the “Military-Civilian Fusion campaign”, China is also sourcing cyber capabilities from civilian institutes and universities.
Apart from stealing data from over 30,000 organisations worldwide during the March attack on Microsoft servers, the targets of China’s cyber-attacks are not only the defence and civilian government agencies but also defence-related and other R&D centres, hi-tech corporations, industries, airlines or are related to economic crimes in the transportation sector, pharmaceutical companies world-wide and non-state actors like the Uighurs, Tibetans or Hong Kong Democracy rights activists as well.
This has resulted in not only crucial intellectual property rights violations but also ransomware and phishing activities leading to billions of dollars in theft apart from other damages.
Major examples of China’s cyber-attacks worldwide include the 2015 hacking of the US Homeland Security computers and stealing the personnel profiles, attacks on Google, Yahoo, Adobe, Northrop Grumman and others. Australia, Japan, Taiwan and European countries also reported an increase in such attacks.
China’s cyber-attacks are not only on western countries but surprisingly on its close partners as well! In May this year, a Chinese group hacked into a nuclear submarine designing group of the Russian Navy. Last year, Chinese hackers conducted cyber espionage on Vietnamese government agencies. The security footage of the African Union headquarters was also siphoned off by Chinese hackers last December. In June this year, Chinese hackers targeted the Afghan National Security Council servers.
Last December, Chinese hackers had compromised the Mongolian National Data Centre.
While India had restricted China’s cyber outreach after the Galwan border skirmish last year; by banning over 200 Chinese apps and investment in infrastructure and start-ups, New Delhi still remains vulnerable to Chinese attacks as reflected in last year, when its transportation and electricity sectors were hacked into. Last October, the hacking of the electricity grid affected Mumbai and other cities.
Despite India’s restrictions on the removal of certain sensitive apps from Chinese mobile phones, and refusal to shortlist Huawei 5G early this year, India could still be vulnerable to cyber-attacks originating from China. Several other cyber-attacks originating from China were reported on India’s security related and other important installations.
As cyber-attacks are now comprehensive and multi-pronged in nature, there is an urgent need for a “rules-based order” to be implemented in the cyber domain. As a member of the recently formed “Quad”, India along with the US, Japan and Australia and others need to evolve policies aimed at countering such cyber disruptions.
In 2019 alone, it is estimated that India lost $19 billion in such cyber attacks. Hence, at the legislative level, India needs to evolve more agile and strict cyber rules and legislation to address emerging cybercrimes.