Griffin on Tech: War of words over hacking heats up - but is it news?
Last week’s revelations about a 2021 breach of New Zealand’s parliamentary computers by state-sponsored Chinese hackers appear to be serving some larger Five Eyes public relations strategy to put pressure on China.
Because the announcement of a network breach, which apparently didn’t result in any sensitive information being accessed, wasn’t really news. It followed similar accusations in the UK and the US about attempted incursions by a group known as Advanced Persistant Threat 40 (APT40), which Western intelligence agencies have linked to China’s Ministry of State Security.
It prompted a rare press conference from the GCSB last week, to which most cybersecurity professionals privately responded with a shrug of the shoulders. The whole thing had a stagey feel to it, as though the US and its allies are making their indignation obvious now to help justify some future action against China.
A volt from the blue?
The song and dance make about Volt Typhoon a few months back, where the US Government and its Five Eyes allies including New Zealand issued a joint report claiming that Chinese hackers have been quietly lurking in the networks of critical infrastructure providers for years, had exactly the same feel to it.
It’s fair enough to call out Chinese hacking if there is credible evidence of it, but I found myself agreeing with NewstalkZB host Mike Hosking last week who questioned what all the fuss was about.
“The simple truth in all of this is that the Chinese are not to be trusted, but then I assume they would argue the same thing about us,” he said in his Mike’s Minute segment.
“China basically are bad actors all over the world and have been for years, and I would be equally surprised if… the likes of the Americans, the British, and any major player in the European continent, aren’t doing pretty much the same sort of thing.”
Hacking, like spying, is just another tool in the big powers’ arsenal as they attempt to get one over on their geopolitical rivals, and it has been as long as computers have been around. Smaller nations like ours without offensive cyber capabilities often get caught in the crossfire.
US as a hacking superpower
Plenty of evidence has emerged in the last decade of US state-sponsored hacking efforts targeted at China. Classified documents leaked by former CIA systems administrator Edward Snowden in 2013, showed that the US Government hacked into Chinese mobile network providers to harvest text messages, and that the National Security Agency (NSA) accessed servers at telecommunications provider Huawei, the company it said couldn’t be trusted to build 5G networks in Western countries, and which we excluded from our own mobile network projects.
China’s Ministry of State Security acknowledged publicly for the first time last year, that the hacking had taken place, in its own extremely rare and stagey announcement, delivered via an official WeChat statement, as is the Chinese way.
The US Government wanted to find ways to exploit Huawei equipment, which was being increasingly used both by its allies and adversaries. That wasn’t news either.
What was definitely news a week before the GCSB Chinese hacking revelations, was the Inspector General of Intelligence and Security owning up to the fact that a foreign agency has been running a spy operation in New Zealand for almost a decade - an operation government ministers weren’t even aware of.
Using other documents leaked by Edward Snowden, investigative journalist Nicky Hager was able to piece together that the system was probably APPARITION, which he claims was used to gather information to locate terrorist targets of US capture-kill operations around the world.
Zero trust
The escalating fingerpointing over state-sponsored hacking is really just political posturing related to tensions between the US and China, and to a lesser degree, the US and Russia.
Every day, security experts monitor the flood of attempted attacks that take place against private and public organisations and figure out how to combat them and the new wave of AI-generated cybercrime.
It would be helpful if the PR campaign against China was supplemented with a decent investment at a natonal level in cybersecurity, an area we have woefully underspent in as a nation.
Photo credit: Mika Baumeister/Unsplash
