A stark political fact stared India in the face in 2020; China’s data sharing laws forced Chinese origin companies to share data received by them with Chinese intelligence agencies, confidential details such as tax details, Aadhaar card and PAN number. Egged by the threat to national security (based on numerous reports given by the Indian Cyber Crime Coordination Center), the Ministry of Information Technology banned more than 267 Chinese mobile apps. The move was in line with the foreign investment policy that required Chinese companies to ask permission from India before investing in Indian firms.
The threat to national security was not only limited to India’s geographical sphere. A month later, in his last days of Presidency, Donald Trump blatantly described a generalized threat of “Chinese connected software applications that can access personal devices such as smartphones, computers and tablets”, and promptly decided to issue an executive order banning WeChatPay, Alipay and six other Chinese apps.
The slew of political measures undertaken by both the US and India came after a long haul of Chinese cyberspace misdemeanors that were targeting critical infrastructure as well as the international reputation of the countries to protect their national security and the privacy of citizens. But the Chinese infringement of privacy continued unabated as in 2021, CyFirma, a Singapore based company revealed that the information technology systems of two of India’s institutes at the forefront of the vaccine drive, Serum Institute of India (SII) and Bharat Biotech were targeted by Chinese state backed hackers. The Chinese hackers might have been trying to steal valuable information in order to reduce the huge difference between the sales of the OxfordAstraZeneca/CovidShield vaccine in favor of the Chinese flagship Sinopharm vaccine.
In 2022, RecordedFuture, a cybersecurity firm based in the US also disclosed the fact that India’s power grids in Ladakh were affected by Chinese state sponsored hackers. The same cyber security firm had also alleged that the power outages witnessed by Mumbai in 2020, was the handiwork of a Chinese hacking group, RecEcho which resulted in the breach of the power sector. Similarly, as far as America is concerned, numerous accounts of Chinese espionage have been reported. Through an executive order in 2020, Donald Trump obliged a Chinese company to divest from Stayntouch, a cloud based company managing properties. The move came after information was received that Chinese hackers had stolen data of 500 million guests of Marriott’s Starwood network, including personal data such as passport numbers. Security clearances of more than 21 million Chinese agents were arranged during the 2014 cyber intrusion of the Office of Personnel Management while more than 78 million Americans were affected during the breach of the US health insurance company Anthem in 2015. In 2017, members of the Chinese military were indicted for the 2017 Equifax cyber intrusion when personal information of almost half of Americans was compromised.
More recently, in March 2021, the Hafnium hacking group targeted researchers, think tanks, defense contractors and US government officials by breaching the Microsoft Exchange Server and exploiting its email vulnerabilities. The executive order, “Protecting Americans’ Sensitive Data from Foreign Adversaries”, issued by Joe Biden in June 2021 also emphasized the need to reign in the threat from China. The threat to data privacy is no longer limited to Indian and America as has been seen through the countless cases of data breach and infringement throughout the world. In 2017, it was discovered that a backdoor inserted by China at the African Union (AU) headquarters in Addis Ababa resulted in the transfer of data from computers every night for five years and security camera footage from inside the AU headquarters was also stolen by Chinese hackers. In August 2020, secret government files were exposed to being stolen when a report from the Papua New Guinea’s National Cyber Security Centre and the Australian government noted that the National Data Centre built by Huawei in 2018 was blemished by various cyber security implications. Similarly, Netherlands largest mobile network KPN’s backdoor was used by Huawei to access customer data and call records, including conversations made by government officials in 2010.
Given the innumerable examples of Chinese efforts to infiltrate data security of various nations, it is a given that the threat to national security and critical infrastructure by Chinese state sponsored hackers is only escalating. In light of this decades long nefarious development, all countries should initiate counterintelligence programs to provide more in depth analysis of defensive briefs undertaken to alleviate the threat while constantly upgrading the data privacy standards and imbibing a more stringent national cybersecurity framework. To monitor and thwart such insidious designs as perpetrated by the CCP, collaboration can also be made with civilians who are rigorously trained to tackle such operations.
