1. Accusation at the Heart of British Democracy
Background on the Tory Parliamentary Expert
A Tory parliamentary expert on China has been accused of spying for Beijing from a position at the very heart of the seat of British democracy has declared they are completely innocent. The unnamed male expert in question is in his twenties insisted his work in Parliament has been to ‘educate others’ about the ‘threats presented by the Chinese Communist Party’.
Expert’s Defence and Role of Educating Parliament
OK, so let’s look at this on a basis of our own educated status to date. My first observation here is, why are we consulting, and for that matter paying a twenty something, unknown expert to educate Parliament on what is a long-standing, known threat!
2. Reflecting on Historical Context
Questioning the Role of Young Experts in Parliament
Is that not the job of those sitting in Thames House, or maybe even the people working in the NCSC (I will come to them later).
“Unrestricted Warfare”: An Eye-Opener from 1999
So, let us roll back the clock of the education we have already enjoyed, not forgetting the doctrine to be found in the publication of Unrestricted Warfare, published in 1999 by People’s Liberation Army officers Qiao Liang and Wang Xiangsui which introduces new types of warfare which may be conducted by civilians as well as by soldiers including computer hacker attacks, trade and finance wars, not to mention bio – AKA win at any cost, in fact on the cover of one such publication shows the bringing down of the New York Trade Towers!
3. Evidence of Chinese Cyber Threats
A Trip Down Memory Lane: Attacks from 2007
Let us also revisit some other educated facts in the form of the Chinese cyber-attacks on the UK, US, and Germany to name but a few targets circa 2007 which compromised several government agencies by Chinese state-sponsored actors suspected of breaching the unclassified networks of the U.S. Departments of State, Homeland Security, and Energy, and UK defense and foreign ministries.
The ‘Titan Rain’ Incident and Its Repercussions
On a personal note, it was the following year when I was speaking at a conformance sponsored by the Cabinet Office at which one delegate asked a question relating to the Chinese Cyber Threat – a question which the panel did not seem able to respond to, so I did – and my comments were reported in the press as follows: ‘The Chinese government were behind the ‘Titan Rain’ attacks on the US and the UK. The attacks were identified as coming from servers in China, but the Chinese government has never officially been accused of being behind the assault. Walker’s claims will add to the paranoia about Chinese hackers attacking visitors and business delegates traveling to the Beijing Olympics. He went on to 2007 people did not take it very seriously, and then there were state-sponsored Chinese groups and all sorts of other groups attacking the UK and the US and getting into the infrastructure.’
4. Personal Encounters with the Threat
Praise and Criticism from London Computer Crime Unit
Interestingly enough a very senior member of the then, London Computer Crime Unit called me to say well done, as I had spoken what others feared to say for polite political reasons. Needless to say, the Cabinet Office apologized to the UK Chinese Ambassador on my behalf. However, it was in 2010 when the same Cabinet Office published a RESTRICTED notification that both China and Russia posed a severe electronic threat to the UK – how times had changed!
5. Bank Security and Cyber Vulnerabilities
Breach Discovery in a Central London Bank
Some other snippets of education on the Chinese Cyber Threat. When I was working on a project for the most central of UK London based banks, through OSINT techniques I discovered that the bank was breached and connected into several .cn servers, which appeared to give some sort of remote connectivity into the establishment – a position of which the bank were completely unaware of. Upon the bank’s security team being made aware of this connectivity, a second scan of the environment showed the .cn connectivity was no longer in place – however, within three months the removed connectivity to the .cn devices was back in place. What was even more worrying here was there were a large number of associated users in this system which were gov.uk email addresses offering up the potential of secondary exposure.
6. Institutional Responses to the Threat
Early Underestimations by GCHQ
Other aspects of concern for me are what has been at the very heart of the tolerated threats. It was way back in 1985 when I was working within a secure GCHQ connected Lincolnshire outstation when I became aware of the new threats posed by the new phenomenon called the computer virus. Given my keenness to impress, I sent off a signal on the inter-community connected network to the masters at Fiddlers Green, Cheltenham. When the response came, it was a surprise, it said, ‘We (GCHQ) consider the threat posed by the computer virus as a passing nuisance’!
The Dismissive Attitude of CPNI in 2005
Roll the clock forward to 2005 when I met with a senior member of the CPNI (Centre for the Protection of National Infrastructure) discussing the current 2005 implications of the Cyber Threat – her response was that it was a figment of scaremongering and was generated by people such as I!
The Controversial HUAWEI Debate and NCSC’s Silence
My last observation on the tolerance of the threat related to the NCSC silence about the HUAWEI debate relating to this Chinese infrastructure being placed at the very heart of the UK interconnectivity – here the agency comments and direction were absent – there are times when even government agencies who place polite politics in before security should speak out.
7. Real-life Consequences in the Political Arena
A Former Home Secretary’s Risky Experience in China
My last proof of the threat – as if proof were needed. When I was working in the Palace Westminster a senior, ex Labour Home Secretary was to visit China. Prior to the trip, he was advised not to use his laptop whilst in the country, and not to connect to any WiFi or networking facilities. Upon his return however, when his laptop was connected to the parliamentary network, it commenced polling, and sending out bursts of unidentified malicious traffic. The security team engaged to remove the device from the network. The MP involved was asked why he had not followed the advice given – he responded that he had done so and whilst in the country his laptop had remained in his hotel room and was never used!
8. Concluding Thoughts: Addressing the Chinese Threat
The Need for Awareness and Education
To conclude – is there a Chinese threat? You bet there is. Is there a need to educate on the posed threat? Again, yes there most certainly.
John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chief for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). For the last decade he has delivered training courses in the Middle, and Far East to Commercial, Industrial, the Financial Services Sector, and Military Agencies, including the UAE, US, Pakistan, Saudi Arabia, Malaysia (KL), Singapore, Argentina, and Sao Paulo
He served in the Royal Air Force 22 years’, specialising in Counterintelligence, working with UK Agencies such as GCHQ/CESG, and others in the fields of SIGINT, COMINT and Satellite Communications, holding appointments such as System ITSO for a CIA SCIF.
In the commercials sectors of IT/Cyber he has worked for/with Logica, Bae, T5, GM, Experian, Betfair, Palace of Westminster, House of Lords/Commons, TSol (Treasury Solicitors) and provided Consultancy to the Saudi Arabian MOD, TRA (Telecommunications Authority (Dubai) and the Military Academy of Malaysia (KL) on SOC, CSIRT, Digital Forensics and OSINT. Within the last 5 years he has focused on Geopolitics, with global expertise around the UAE and Russia, Anti-Terrorist Operations (ATO), Cyber-Warfare, Dezinformatsiya (Disinformation) and Maskirovka (Military Deception).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.