Cyber Security

Middle Powers Must Intervene as Giants Confront to Dominate Global Order

The two technical giants, US and China, have intensified their unfettered confrontation for global domination.  Either of them coming out victorious is no solace as both want to subjugate the international community to their control.  Their next major clash is coming up in November ITU meet in New Delhi. Middle powers need to pool their resources to guide the US-China competition to a more benign world order. European Union, Russia and India may well lead.

———

by Prasad Nallapati

The US is vertically divided on Russia, but it presents a united front to confront and stop Chinese march to global domination. This paper attempts to review the cyber confrontation between the US and its two adversaries and how a potential damage could be averted for better world order.

“RussiaGate” Collapse 

The Democratic Party’s crusade to discredit President Trump’s election and his alleged collusion with Russia during the 2016 polls, derisively called “RussiaGate,” has finally been collapsed with the latest revelations that the cybersecurity firm, CrowdSrike, had no evidence of Russia exfiltrating data from the servers of the Democratic National Convention (DNC) and that the FBI set a perjury trap for Gen. Michael Flynn.

Now, it is the turn of the Trump administration to launch a counter-investigation into what he calls, “ObamaGate”.  Attorney General William Barr has commissioned John Durham, US Attorney to Connecticut, to get to the bottom of the origins of the “Russia collusion” probe initiated by the previous Obama administration against the then President-elect. Barr may have ruled out criminal investigation into Obama or Joe Biden, former Vice President, but their senior officials, former Deputy Attorney General Sally Yates, former FBI Director James Comey, then-CIA Director John Brennan and former Director of National Intelligence James Clapper may have to worry.

The chickens have come home to roost after Democratic Chairman of House Intelligence Committee, Adam Schiff, was forced to release documents relating to its 2017 “closed-door” investigation into alleged collusion between Trump’s campaign and Russia.  These testimonies are quite revealing.  Shawn Henry of the CrowdStrike, who was the only one allowed by DNC to examine its servers following alleged hacking, testified on December 5, 2017 that there was no proof of Russian hackers actually exfiltrating emails and it was only circumstantial evidence.

James Clapper disclosed to the Committee in July 2017 that he never saw any direct empirical evidence that the Trump campaign or someone in it was plotting/conspiring with the Russians to meddle with the election. Attorney General Loretta Lynch, National Security Adviser Susan Rice, UN Ambassador Samantha Power, and other Obama officials have also admitted that they did not have any evidence or were never briefed about any collusion. Much of the “evidence” or suspicion of collusion was based on a much maligned Steele Dossier, which was developed by a former British intelligence official and paid for by the campaign of then-presidential candidate Hillary Clinton. FBI Deputy Director Andrew McCabe confirmed to the House Committee that they were not able to prove the accuracy of all the information in the dossier.

Notwithstanding such unproven allegations, the Democrat legislators got the Department of Justice to launch an investigation by Special Counsel Robert Mueller. He could not find any collusion but all the same the Democrat-controlled House launched impeachment process to remove Trump from Presidency, knowing well that it would not succeed.

Reams of papers were produced, and hundreds of hearings were held in the Congress in the last four years on Russian manipulation of not just the 2016 election, but mid-term and provincial elections as well. They concluded that the Russians are continuing unabated, and their hackers are at it to influence this year’s election too.  Europeans have also blamed Russian hacker operations of manipulating the EU elections, Brexit vote and various other national polls.

Holes in European Suspicions on Russia 

An investigation report released on May 13 by German intelligence authorities found that Russia’s Military Intelligence, GRU, was responsible for the cyberattack in November 2015 on Bundestag (German Parliament) including personal email account of Chancellor Angela Merkel. It was long suspected to be the work of Russian operatives who reportedly obtained sensitive data that was later used in an attempt to destabilize the political system in the run-up to federal elections in 2017.  It took five years to gather evidence of the involvement of the hacker group, APT 28, known as Fancy Bear, which is believed to be working for the GRU.

The report claims that the same group, led by the GRU agent Dimitri Badin, was also behind the attack on the DNC servers in the US. As the assertions of Russian involvement in the DNC case have not been proven, it may now be difficult to hard sell the GRU complicity in German cyberattack.

Critics have highlighted several other instances of false anti-Russia campaigns by American liberal segments.  The New York Times on May 14 blamed Russian hackers for the November 2016 cyberattack in which nearly one million customers of the German Deutsche Telekom were knocked offline after their home routers were corrupted, using computer worm, Mirai. The attack was in fact carried out by a British hacker, not Russian intelligence. Daniel Kaye was arrested at Luton airport by British National Crime Agency and extradited to Germany, where he was sentenced to 18-year imprisonment. The Times story was later corrected.

US Consensus to stop Chinese Ambitions 

But when it comes to China, the divide between the Republicans and the Democrats disappear and there is bipartisan consensus in the US Congress to frustrate Beijing’s global ambitions. While the US-China competition and confrontation is quite widespread encompassing all spheres of relations, it is more pronounced in the cybersecurity domain.

The two nations are slated to face their major cyber clash in India, where the next meeting of the International Telecommunication Union (ITU) is scheduled to be held in November this year. Beijing has proposed a radical change to the way the internet functions. It envisages a different standard for core network technology called “New IP” (Internet Protocol) that it claims would make the internet more efficient and better structured for the digital age.  The ITU oversees standardization of global telecom technologies, services and operations. The Chinese model seeks to replace the current Western-designed open, unified worldwide web with a more fragmented patchwork of national internets that Beijing calls “cyber sovereignty,” writes Alan Dupont, chief executive of the Cognoscenti Group, a risk consultancy.

“Critics contend that the New IP would bake authoritarianism into the architecture underpinning the web and give state-run internet service providers granular control over customers’ use. An investigation by the Financial Times found that the new protocol would require the network to have tracking features and a “shut-up command” that could enable governments to arbitrarily deny users access, a departure from the present internet system, which acts as an agnostic postman that moves data around.” According to Harvard social scientist Shoshana Zuboff, “What China wants is a technological infrastructure that gives them the absolute control which they have achieved politically, a design that matches the totalitarian impulse. So that is frightening to me and should be fright­ening to every single person.”

Acceptance of the proposal by the UN governing body would allow countries to choose the existing architecture or move to China’s version.  Such an outcome is not acceptable to the US as internet power is now mostly held by four large American corporations: Apple, Google, Amazon and Facebook.  New IP would end this virtual oligopoly and usurp global leadership in technology. If there is no consensus, which is most likely, the world could split into separate information channels, one led by the US and the other by China.

Meanwhile, the Trump administration is further tightening screws on crippling the Chinese tech giant, Huawei Technologies. The Commerce Department imposed new restrictions on May 15 requiring foreign semiconductor makers to obtain a license from US officials before they can supply Huawei-designed semiconductors to the Chinese company that were produced using American technology. The restrictions are designed to narrow loopholes in the last year’s ban on export of US technology to Huawei, which allowed the company to be able to purchase semiconductors made outside the US with US software and equipment. The key element is in blocking the sale of chips made according to Huawei designs.  The new rule, however, does not stop US semiconductor manufacturers from selling chips to Huawei that are made outside the US according to American designs.

US Security agencies have urged the Federal Communication Commission (FCC) to revoke China Telecom’s license to provide links between the US and foreign countries. CSO Online reports that a US investigation of China Telecom’s operations found “substantial and unacceptable national security and law enforcement risks,” the US Justice Department said in April. China Telecom is a US subsidiary of China’s state-owned telecommunications company. The agencies expressed particular concern about the nature of China Telecom’s US operations, which they argue could give China Telecom the ability to engage in economic espionage and sabotage, mainly by re-routing US internet traffic through Chinese servers, using something called “BJP (border gateway protocol) hijacking,” CSO Online notes.

Chinese power equipment suppliers would also feel the heat with President Trump signing on May 1 an executive order that declares foreign cybersecurity threats to the US electricity system a national emergency. The order bans the “acquisition, importation, transfer or installation,” of bulk-power system electricity equipment from companies under foreign adversary control.  The order did not name any specific foreign adversaries, but it is apparently directed against China, which is the main adversary source of supply of bulk-power system equipment.

The FBI is investigating more than 1000 cases of Chinese theft of American technology.  US security agencies held a China Initiative Conference in February this year to alert private companies and academic institutions about the threats of intellectual property thefts from Chinese entities. The main focus of concern was China’s “Thousand Talents Program” which enticed many American academics into non-transparent financial exchanges. A Chinese American neuroscientist, Li Xiaojing, was sentenced on May 13 while earlier in January, Harvard professor, Charles Lieber, and two of his Chinese researchers were charged with assisting the Chinese government.

Intrusion Truth, an online group of anonymous cyber-security analysts, have found real identities of Chinese hackers and their affiliation with certain provincial departments of the Chinese Ministry of State Security (MSS).  According to them, APT3 is linked to MSS Guangdong, APT 10 to MSS Tianjin, APT 17 to MSS Jinan and APT 40 to MSS Hainan. The Department of Justice has since filed criminal cases against APT 3 and APT 10, charging individual hackers, employees of security firms and intelligence officers.

US law enforcement agencies have also warned users about the security and privacy issues relating to popular video-teleconferencing app Zoom and chat app, WeChat, etc.  NASA and SpaceX have banned their employees using the Zoom.  The app’s management admitted to problems relating to end-to-end encryption and data moving through Chinese servers, which they claim to have been rectified now.

China Launch Counter-Investigations into US Hacking Campaigns

China has aggressively countered many of these US allegations with its own investigation report holding the CIA responsible for a series of cyberattacks on targets in the Peoples’ Republic. Qihoo 360, a Chinese cybersecurity firm published a comprehensive report outlining an eleven-year cyber campaign by the CIA hacking group, called “APT-C-39”, targeting a wide range of industries, including aviation, oil and gas, scientific research institutions and tech companies, besides several government agencies. Central to the report was the hacking tool “Vault-7 which was extensively used in these attacks. Qihoo linked the tool to the CIA hacking materials which were leaked to the Wikileaks in 2017 by its own developer, Joshua Adam Schulte, a former employee of the agency.  The attacks, from September 2008 to June 2019, targeted systems in Beijing, Guangdong and Zhejiang provinces.

Conclusions

The two technical giants thus have intensified their unfettered confrontation for global domination. The world is getting trampled under their feet.  Either of them coming out victorious is no solace as both want to subjugate the international community to their control.  The middle powers therefore need to pool their resources to guide the US-China competition to a more benign world order. European Union, Russia and India may well lead.

The US may like to review its internal fissures, based on factual assessments rather than emotional ideological underpinnings, so as to be able to put up a united front. Or else, alas, it may get weakened by internecine quarrels and worthless foreign wars preventing its ability to stop Chinese destructive campaign. It is proven time and again that Russia is not a monster, that it was made out to be, trying to undermine the US. As the US is heading to elections in November to elect next President, Russia remains the most divisive issue.  Trump sees Putin a strongman with whom he could make deals, while the Democratic Party candidate Biden holds contempt for the Russian leader as a dictator out to destroy American interests. If Trump gets reelected, US may find a partner in Russia and that will checkmate Chinese global ambitions. Otherwise, Moscow remains eternal enemy that will partner with Beijing to weaken the US status.

(Prasad Nallapati is President of Hyderabad-based think-tank, Centre for Asia-Africa Policy Research, and former Additional Secretary to Govt of India)