By Paul G. Buchanan*

Opinion - The GCSB has today confirmed that New Zealand is not immune to a Chinese campaign of cyber theft around the globe, but what can the spy agency do about it? Paul G. Buchanan look at the issue.

Photo: Supplied

The Government Security Communications Bureau (GCSB) has announced that Chinese hackers were responsible for cyber intrusions against New Zealand telecommunications firms who store data for individuals, public agencies and corporate entities.

This is surprising only because it confirms what experts have been claiming for some time: the Chinese are engaged in a global campaign of cyber theft of commercial secrets and intellectual property. It is part of a strategy to become the world's dominant information and telecommunications player within 50 years, and they do so by using ostensibly private firms as cover for hacking activities, directed by the Chinese Ministry of State Security (MSS).

The GCSB announcement coincided with indictment by the US Justice Department of two Chinese nationals who have been identified as belonging to the Advanced Persistent Threat (APT)-10 Group of MSS hackers operating under the cover of a Chinese-registered firm, Tianjing Huaying Haitai Science and Technology Development Company (Huaying Haitai).

Huaying Haitai claims to provide network security construction and product development services but has only two registered shareholders, one manager and no web presence (the domain name huayinghaitai.com is registered to the firm but cannot be found online, which is odd for an internet security provider).

The US has publicly identified Huaying Haitai as the corporate front for ATP-10, and the GCSB has confirmed that ATP-10 was responsible for the New Zealand-targeted cyber intrusions it has detected since early 2017.

The UK simultaneously announced that Chinese hackers had conducted a decade-long campaign of cyber-theft against British commercial entities, while the US identified 75 US-based targets as well as others in 12 other countries (excluding New Zealand).

The GCSB announcement is part of a coordinated effort by Western governments to identify Chinese-based cyber-theft campaigns, and follows similar Australian revelations announced during the 2018 APEC summit recently.

The ATP-10 cyber-hacking campaign violates the terms of a 2016 APEC agreement signed by China and New Zealand, which said member states could not use cyber hacking to engage in commercial espionage or intellectual property theft. It violates similar pacts signed with the US and UK in 2015.

This means that China is deliberately violating international agreements for commercial gain. It also makes all Chinese-based telecommunications suspect, both in terms of their purported use of "digital backdoors" built into their products, which could be used by Chinese intelligence. Chinese telecommunications are seen as bad corporate actors, as well as intelligence fronts by Western countries.

This has caused firms such as ZTE and Huawei to be excluded from critical infrastructure projects and 5G network upgrades in a number of countries, including New Zealand.

The GCSB announcement refers to Chinese hacking in pursuit of cyber theft of sensitive commercial and intellectual property. It does not mention specific targets or refer to cyber-espionage per se.

Yet the two are overlapped because of the nature of the targets and means by which they attacked. ATP-10 hacking attacks are aimed at managed service providers (MSPs), which responsible for providing phone, email and internet services and data banking to individual, public agency and corporate consumers. These include large multinational providers as well as smaller cloud-based data storage firms.

If ATP-10 and other hackers can penetrate the security defences of MSPs, they can potentially bulk collect, then data mine whatever is digitally stored in the targeted archives. Although the primary interest is commercial in nature, the overlapping nature of data networks, especially in a small country like New Zealand, potentially gives ATP-10 and similar hacking groups access to non-commercial political, diplomatic and military networks.

For example, a home computer or private phone that has been compromised by a cyber hack on a internet service provider can become, via the exchange of information between personal and work devices, an unwitting entry point to work networks in the private and public sectors that are not connected to the individual's ISP.

This raises the possibility of incidental or secondary data collection by hackers, which for state organized outfits like ATP-10 may be as useful as the commercial data being targeted in the first instance.

The dilemma posed by the GCSBs announcement is two-fold. First, will the government follow the GCSB lead and denounce the behaviour or will it downplay the severity of the international norms violations and intrusion on sovereignty that the ATP-10 hacking campaign represents? If it does, it sets up a possible diplomatic confrontation with the PRC. If it does not, it exposes a rift between the GCSB and the government when it comes to Chinese misbehaviour.

Neither scenario is welcome but one thing is certain: no response will stop Chinese cyber hacking because it is part of a long-term strategy aimed at achieving global information and telecommunications dominance within 50 years. But one response will certainly encourage it.

* Paul G. Buchanan is the Director of 36th Parallel Assessments ( www.36th-parallel.com) a geopolitical and strategic analysis consultancy.