Hacking, PM on China, Taiwan debate, Higher Education
PM quizzed, Chinese entities and individuals sanctioned
Hello,
As this research note will explore, this was a big week for cyber crimes and protecting data. Multiple Western governments pointed the finger at a Chinese state-linked group for being behind attempted malicious campaigns on politicians in their respective countries, and sanctioned entities in response.
One aspect sorely missing from the wider UK conversation is the degree to which public bodies and local councils may find themselves on the receiving end of these complex attacks. The British Museum recently published an autopsy of how it was hacked and compromised, and local authorities experienced 37 attempted breaches every minute - in 2018. That number will be significantly higher now, with several thousand hacking efforts a month at a time when their budgets are being cut. These hacks - although not state-linked at this stage - cripple the entire IT ecosystems of councils, and their ability to care for residents. Hopefully, Parliamentarians can push for more help for their local councils on these issues when they return from Recess.
Finally, thank you for the kind words and wishes following Friday’s announcement. I’ll try and reply to all of them over the coming weeks. In the meantime, you will be getting eight more of these research reports, and I may write occasional irregular briefings as I consider what comes next too.
Have a peaceful Easter Weekend.
- Sam Hogg, Editor
In this week’s briefing, we examine:
China-linked hacking
PM asked about China approach, TikTok, Vodafone and CPTPP
Higher Education under the hammer
Diplomacy Tracker
Politics
Readers of this briefing will likely be aware that the British Government assigned blame for two separate hacking efforts to Chinese-linked groups, and sanctioned three organisations and individuals involved. Here are the key facts:
On Monday, Deputy Prime Minister Oliver Dowden revealed that Chinese-linked groups had initiated two ‘malicious cyber campaigns’: one comprised the Electoral Commission in 2021 and 2022, while the other was “attempted reconnaissance activity” against British parliamentarians in 2021. Press release here, and Dowden’s full statement above (or read it here). Prime Minister Rishi Sunak told reporters on a press round “We’ve been very clear that the situation now is that China is behaving in an increasingly assertive way abroad, authoritarian at home, and it represents an epoch-defining challenge, and also the greatest state-based threat to our economic security.” He added “So, it’s right that we take measures to protect ourselves, which is what we are doing.”
Three of those MPs belonged to IPAC - Iain Duncan Smith, Tim Loughton, and Stewart McDonald - and they gave their own press conference prior. All three were in media throughout the day, along with IPAC’s driver Luke de Pulford. In the following days, Government Minister Nusrat Ghani was also named among those targeted in 2021.
In the case of the former, it’s worth reading the Electoral Commission’s update at the time. It claimed that “According to the risk assessment used by the Information Commissioner’s Office to assess the harm of data breaches, the personal data held on electoral registers, typically name and address, does not in itself present a high risk to individuals.”
GCHQ’s NCSC believes it is almost certain that the China state-affiliated Advanced Persistent Threat Group 31 (APT31) was involved in the second of those campaigns - which Dowden said on record had not been successful. This isn’t the first time APT31 has been flagged by the British Government: in 2021, the UK and allies publicly linked to the group to the Chinese Ministry of State Security following the hacking of the Microsoft Exchange Server. For those interested, this (anonymous) group of intel researchers has been following APT31 for some time.
As a result of the revelations (which someone/some group decided to leak to the weekend papers a day in advance of any action in classic sloppy Westminster fashion), the British Government sanctioned the following: Wuhan Xiaoruizhi Science and Technology Company Limited, which is associated with APT31, operating on behalf of the Chinese Ministry of State Security (MSS) as part of China’s state-sponsored apparatus. Zhao Guangzong, who is a member of APT31, operating on behalf of the MSS and has engaged in cyber activities targeting officials, government entities, and parliamentarians in the UK and internationally. Ni Gaobin who is a member of APT31, operating on behalf of the MSS, and has engaged in cyber activities targeting officials, government entities, and parliamentarians in the UK and internationally.
The United States followed suit later in the day, announcing sanctions on those three plus arrest warrants for several others. In its much more extensive documentation, it revealed the Chinese hackers’ targets “included every European Union member of IPAC, and 43 United Kingdom parliamentary accounts, most of whom were members of IPAC or had been outspoken on topics relating to the PRC government.” New Zealand also revealed that another Chinese group, APT40, targeted its Parliament in 2021. A couple of days later, Finland accused APT31 of orchestrating a cyber attack targeting the country's Parliament in 2020.
On Tuesday, the FCDO summoned the Chargé d'Affaires at the Chinese Embassy. Per the spokesperson: “The FCDO set out the Government’s unequivocal condemnation of Chinese state-affiliated organisations and individuals undertaking malicious cyber activity against UK democratic institutions and parliamentarians. The UK Government would not tolerate such threatening activity, and would continue to take strong action with partners across the globe to respond.”
Dowden’s statement led to a Parliamentary debate. In short, MPs were almost universally displeased with the lack of action the Government had taken, believing it fell far short of what was required. Labour asked for an assessment of why the groups had done this - was it to gather data or to leak later? IDS reiterated calls for China to be upgraded to an official threat, rather than “epoch-defining challenge,” while former Home Secretary Suella Braverman asked if “there [is] not a compelling case for China to be listed” in the enhanced tier of FIRS, the foreign influence registration scheme (a point made on numerous occasions in the debate by several MPs.) From the Government’s point of view, classifying China as a ‘threat’ would be going further than any of the Five Eyes partners, which they are reluctant to do. An exception may be made when it comes to putting them into the enhanced tier, but it’s a long way from certain.
On social media, former Secretary of State Robert Jenrick tweeted “The Government clearly is not holding China to account for their attack on our democracy. Taking three years to sanction two individuals and a small company is derisory. This feeble response will only embolden China to continue its aggression towards the UK. It’s crystal clear that China should be classified as a hostile state. It must be listed as such on the enhanced tier of the Foreign Influence Registration Scheme. From Beijing’s actions in Hong Kong to Xinjiang our pitiful sanctions regime has let China off cost-free.” Truss loyalite and former Minister Simon Clarke tweeted “We have to end our naivety on China. Every time we talk about a reset, there is fresh evidence of malign activity. Hong Kong. The Uighurs. Taiwan. Attacking our democracy. If we blame ourselves for not seeing Putin’s true nature, why make the same mistake with Xi?”
In what the media has painted as a moment of foot-in-mouth syndrome, Education Secretary Gillian Keegan was asked if China was a threat during a routine media interview. She tried to swerve the question, saying "As I’ve said before, I’m not in the Diplomatic Service or the Foreign Office but it is obviously a security threat. Keegan also said, “But I do recognise the complexity because clearly starting some sort of trade issues is what we want to avoid as well.”