Written by Sarosh Bana.
As the shadow of a resurgent China looms menacingly across the globe, alarms are sounding about cyberattacks mounted from that country by state agencies or independent hackers against targets worldwide.
Recently, such attacks targeted agencies that included NATO, the British Foreign Office, British think tank Chatham House, and public health bureaus and foreign affairs ministries of ASEAN countries This came to light from a major leak of data from I-Soon, known as Anxun in China, a privately-owned cybersecurity firm that was founded in Shanghai in 2010 and which has an office in Chengdu, in Sichuan province.
More than 500 leaked files from I-Soon – which is said to be routinely contracted by the Chinese government and police for such tasks – were posted on the San Francisco-based GitHub developer platform that allows developers to create, store, manage and share their code.
Launched in 2008 by Tom Preston-Werner, Chris Wanstrath, P.J. Hyett and Scott Chacon, GitHub was in 2018 acquired by Microsoft for $7.5 billion.
The hacking incidence revealed to cyber threat intelligence (CTI) researchers the extent of cyber espionage perpetrated by China, which deploys agents to harvest sensitive data on targets that include foreign governments and institutions. The Chinese Academy of Sciences reportedly owns a small stake in I-Soon through a Tibetan investment fund.
Private hacking contractors like I-Soon reportedly pilfer data, which include intellectual property rights, from overseas agencies and governments to sell to the Chinese authorities. A vast network of these hackers-for-hire companies has emerged over the past two decades in keeping with the soaring demand for overseas intelligence by the Chinese state security.
The expansive reach of this clandestine industry has been cultivated by company executives who lavish all kinds of perquisites on potential clients from the Chinese government in their pursuit to win contracts. The uploaded files on GitHub have been of copious chat logs, company prospectuses and data samples, as also Portable Network Graphics files of screenshot documents, including call logs and presentation slides, from employees of I-Soon.
Just days before this scandal burst into the open, a spokesperson at the Chinese Embassy in Manila had observed, “The Chinese government all along firmly opposes and cracks down on all forms of cyber-attacks in accordance with the law, and allows no country or individual to engage in cyber-attacks and in other illegal activities on Chinese soil or by using Chinese infrastructure.”
The I-Soon repository was subsequently taken down. The company is said to have been embroiled in a commercial dispute with a peer firm, Chengdu 404, whose hackers were indicted by the US Department of Justice for cyber-attacks on American companies as well as on others like the pro-democracy activists in Hong Kong.
While the UK Foreign Office was reported to have declined comment, a NATO functionary was quoted as saying, “The alliance faces persistent cyber-threats and has prepared for this by investing in extensive cyber defences; NATO reviews every claim of cyber-threats.”
Washington has of late plotted a counter-offensive to such pervasive Chinese hacking operations that have compromised myriad internet-connected devices, with the Justice Department and Federal Bureau of Investigation reportedly securing legal authorisation to remotely disable aspects of the Chinese hacking campaign. There are fears that such concerted hacking can be channelised for disrupting the US elections in November, the havoc wrought by ransomware on corporate America last year being a grim reminder.
China’s foreign ministry termed all accusations about Beijing’s culpability “groundless” and “extremely irresponsible”, and instead held the US as “the initiator and master of cyber attacks”. Ministry spokesperson Wang Wenbin told reporters: “Since last year, China’s network security agencies have issued reports one after another, revealing that the US government has carried out cyber attacks on China’s key infrastructure for a long time. Such irresponsible policies and practices put the global critical infrastructure at great risk.”