‘Show of force’: Why Australia fears China’s Microsoft hacking ‘ecosystem’ may escalate

Chinese President Xi Jinping now has a devoted party supporter as his #2. Photo: AAP

Chinese President Xi Jinping now has a devoted party supporter as his #2. Photo: AAP Photo: AAP

Allegations that Beijing was behind a massive hack of Microsoft data put China in “rogue state” territory, cyber security experts say.

China has angrily denied Australian claims it was responsible for the attack on Microsoft Exchange email servers or the theft of corporate secrets, with the federal government admitting it risked “serious implications” by calling out the rising superpower.

But such malicious cyber attacks cross a red line of diplomacy, according to China watchers.

“Cybercraft is replacing statecraft as an expression of geopolitical power,” said Tom Sear, a fellow at UNSW Cyber at the Australian Defence Force Academy.

“They must be concerned about the sophistication or up-ramp in Chinese cyber power capacity.”

What are the cyber allegations against China?

On Monday night, Australia joined NATO, the European Union and the ‘Five Eyes’ intelligence group to claim malicious cyber activity targeting Microsoft’s Exchange email network originated from China.

The alleged hacking allowed criminals to steal valuable intellectual property or hold it ransom.

Australia joined the US and others in specifically alleging China’s Ministry of State Security was the culprit.

Karen Andrews. Photo: AAP

Home Affairs Minister Karen Andrews, Defence Minister Peter Dutton and Foreign Minister Marise Payne claimed Beijing engaged “contract hackers” to undertake “intellectual property theft” for “commercial advantage to the Chinese government”.

US Secretary of State Antony Blinken claimed China “fostered an ecosystem of criminal contract hackers”.

President Joe Biden said the Chinese government may not be “doing this themselves, but are “protecting” or “accommodating” those involved.

Despite previously attributing hacks or criminal behaviour to China, Russia or North Korea, Australia has largely been reluctant to specifically name certain countries as alleged aggressors.

Ms Andrews said it was “in our national interest” to call it out now but did not say why.

Why is this important?

Fergus Hanson is director of the International Cyber Policy Centre at the Australian Strategic Policy Institute, an independent think tank that receives funding from Australia’s Department of Defence and the US Defence and State departments.

Mr Hanson said most countries saw it as “fair game” to gather intelligence or conduct espionage on one another. But commercial espionage crossed a red line, he said.

“All nation states conduct espionage against each other all the time – it’s a routine part of international relations to know what your neighbours are doing on policy,” Mr Hanson told The New Daily.

“But normally you don’t have nation states conducting cyber attacks to make money. The exception to that is North Korea, but now you’ve got this example of subsidiaries of the Chinese state conducting ransomware attacks to make money on the side.”

Australia joined allies in accusing China of conducting the hack. Photo: Getty

He said it was “unusual” for Australia to openly attribute this type of rule breaking to a specific country, but noted this was also an unusual situation.

“China tries to present itself as a country abiding by international rules, saying it’ll be a friendly alternative superpower to the US. But this is an example that not only breaks its own commitments, but [is also] the kind of behaviour typically associated with a rogue state,” he said.

“If Australia was accused of this type of activity, it’d be a shocking breach of its standing in the international community.”

China’s President Xi Jinping made numerous agreements not to engage in such behaviour. In 2015, then-US president Barack Obama said he and President Xi had agreed neither country would “conduct or knowingly support cyber-enabled theft of intellectual property”.

Ms Andrews said China “won’t get away with it scot-free”, but could not name specific repercussions beside “reputational damage” as a result of being called out.

What does this mean for cyber security?

Australia’s Ambassador for Cyber Affairs Tobias Feakin tweeted the attack “undermined international stability and security”.

Ms Andrews said it affected 30,000 organisations.

Mr Sear, a leading expert in cyber warfare and security, said while the Microsoft hack involved the theft of valuable information, the global pushback may be “about a broader shift”.

He wondered whether global partners were more interested in countering Beijing’s “aggression” rather than their increased technical capability.

Microsoft was the hacking target. Photo: Getty

“It was quite a serious, aggressive act, and had capacity for deep impacts,” he told TND.

“China is fearless at the moment. They’re going for it. Xi is escalating conflict … we’re in a state of low-level cyber war, constantly.”

Mr Sear claimed the US, UK, Australia and numerous other allies had more advanced cyber capabilities than China, but Beijing was fast improving.

“China wants to position itself as a leader in cyberspace,” he said.

‘Next phase’

The co-ordinated global statements from the US, Europe, Asia and Australia were also noted as unusual by security experts.

“This joint statement from Five Eyes is a statement of multilateralism, as a show of force,” Mr Sear said.

“It’s a new thing that all the Five Eyes would go together so comprehensively and call out a nation state. That’s pretty new. We are moving to a next phase, where they’re prepared to do that and call nations out.”

Mr Hanson said there had been a growing use of such multilateral co-operation.

“There’s starting to emerge a bit of a pattern of joint pushback to this kind of bad behaviour,” he said.

“Biden said patching up the US-China relationship was contingent on stopping coercive behaviour against US allies. We’re seeing a realisation in democratic states that they have to collectively push back.

“The old measure was doing things bilaterally. Now, nations are saying the only [way] is to deal collectively, get a critical mass to deal with a country of this size. Absolutely we’ll see more of this strategy.”

What now for Australia?

Ms Andrews stressed Australians shouldn’t “conflate this … with any of the other issues that are bubbling”.

But when the minister was asked whether Beijing could retaliate, such as with more trade tariffs, she admitted there may be pushback.

“We are aware there are serious implications for any attribution that is made to any nation. But we also will not compromise our position on sovereignty and national security,” Ms Andrews said.

Lowy Institute fellow Peter Cai, whose research examines the Australia-China relationship, said the government must have factored in the possible repercussions from Beijing.

He said there was “always a risk China may take some action”.

“China has significant economic leverage over partners and is becoming increasingly likely to use those economic muscles,” he told TND.

“We’ve seen a few rounds of trade sanctions on a broad range of sectors. I can imagine when ministers sign onto statements like this, the history of the last 12 months must weigh heavily on their mind. Does this mean a new round of retaliation?”

Topics: China, Cyber Attack
Stay informed, daily
A FREE subscription to The New Daily arrives every morning and evening.
The New Daily is a trusted source of national news and information and is provided free for all Australians. Read our editorial charter
Copyright © 2023 The New Daily.
All rights reserved.