The last app I check before bed — no matter how bad I know the habit is for me — is almost always a news app. This is part of the downside to being an occasional news junkie, and I highly recommend not following my example.
Nonetheless, I seemingly like to throw the dice on matters like “Should I sleep or should I lie here fretting for the next five hours?” And, I confess, it’s a habit that has become much worse in the last year or so for all of the obvious reasons.
So I was in bed and checked out for the day when I saw the BBC’s top headline on the evening of July 19: “China accused of cyberattack on Microsoft Exchange servers”. I mention the setting so I can blame my sleepiness for my first thought, which was “How is that news?” Needless to say, I lost no time to fretting — about this — that evening.
It was only in the clear light of day that I had the wherewithal to remind myself of what we did and didn’t know when news of this Exchange hack was reported back in March 2021. At the time, Microsoft’s Threat Intelligence Center claimed “with a high degree of confidence” that a Chinese hacking group — called Hafnium — was behind this major breach, but US government statements were more circumspect, promising the ubiquitous further investigations.
Still, the attack was big news for a lot of reasons, chief among them being the sheer reach of Microsoft’s Exchange service. By exploiting the vulnerabilities therein, the group not only lay claim to millions of employee data points as hundreds of thousands of enterprises use this tool, but also opened the gates for more nefarious actors to follow. The BBC’s sources termed it “a shift from a targeted espionage campaign to a smash-and-grab raid”. That’s probably a very accurate description, but — ouch — it’s harder to write after the week SA has had, facing down real-world raids armed with little more than cooking oil.
Speaking on Kiwi radio Newstalk ZB, strategic analyst Paul Buchanan also used the analogy of “a ram-raid or smash-and-grab operation where Chinese state hackers shared the vulnerability with criminal entities, much like the Russians do”. As I wrote at the time, these claims were disputed by Chinese sources, who argued that the nation “firmly opposed and combats cyberattacks and cyber theft in all forms”, and this latest claim has been just as swiftly denied.
What is interesting, though, is the escalation in global co-operation on this front. I can’t think of another instance of cybercrime that saw statements from Nato, the EU and others, all co-ordinated for release alongside the statement from the Biden administration. Also jumping in as heavyweight backup are Australia, New Zealand, Canada and Japan.
The White House statement specifically calls out the People’s Republic of China’s “pattern of irresponsible behaviour in cyberspace”, arguing this is “inconsistent with its stated objective of being seen as a responsible leader in the world”.
On the matter of who hacked who, and with whose tacit backing, these statements really don’t go much further than what was already widely claimed in March. And it is noted that the parties stopped short of imposing sanctions or expelling Chinese diplomats, which were among recent retaliations against Russian-state sponsored hacks. They haven’t ruled out the possibility of action, of course, but the worry here is that even if the watchdog is bigger he’s still toothless — for now.
Several analysts have suggested the lack of sanctions reflects the extent of the economic and trade power China has amassed around the world, making it hard for any single state to wage the battle alone. It also makes it harder for the Biden administration to demand collaboration from China on matters of climate change and curbing emissions while remaining “tough” on cyber-espionage and campaigns.
However, the language used by these global alliances and powerhouse states is making it clear that the stakes of cybercrime and cyber-based interference campaigns is escalating. Nato has in fact included cyber defence as part of its “core task of collective defence”. The implications of the joint condemnation must surely be “Don’t mess with us, we have the numbers” — and the implied threat of using those numbers in co-ordinated exclusions of China from the global playground in future.
• Thompson Davy, a freelance journalist, is an impactAFRICA fellow and WanaData member.
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.