Step side Russia: the new global hacking bogeyman is now officially China.
Just days after the US accused Beijing of hacking hundreds of millions of Marriott accounts and extracting the private data of countless Americans, even as the ongoing diplomatic feud over Chinese "intermediation" in western communications via the likes of Huawei escalates, moments ago the EU unveiled that China was now also the new Wikileaks, accusing hacker tied to China's People's Liberation Army of a "huge hack" of its diplomatic cables and reviving fears about vulnerabilities in the 28-country bloc’s data systems.
According to investigators, hackers had accessed cables on a variety of geopolitical issues including terrorism, transatlantic relations, peace in the Middle East, arms control, the South China Sea and the Asia and Oceania working party.
In a campaign dating back at least to 2015, the hackers gained access to more than a hundred organisations including the EU’s Coreu electronic communication network, the FT reported citing a report due to be published on Wednesday by cyber security company Area 1 Security, that exposed the breach. According to the report, Chinese hackers used the Cypriot foreign ministry as an entry point to conduct cyber espionage over several years throughout the block. Other targets included parts of the UN and the AFL-CIO, a confederation of American unions that may have been of interest to the Chinese because it was involved in trade negotiations.
The EU Council secretariat said it was “actively investigating” allegations of a “potential leak of sensitive information”. “The Council Secretariat takes the security of its facilities, including its IT systems, extremely seriously,” it added.
The revelations come as the latest embarrassment to the EU at a time of heightened concerns about the ability of groups linked to perpetual cyberwarfare bogeyman Russia and other powers to exploit weak links in its information and financial networks.
But how do we know it's China this time and not, say, North Korea, Moscow, or some basement dwelling supporter of Julian Assange? Well, according to Oren Falkowitz, CEO of Area 1, he had “absolute confidence” that a Chinese group was behind the attacks, because of an extensive analysis of their techniques... the same way CrowdStrike had "absolute confidence" Russia hacked the DNC server without, of course, allowing the FBI to also investigate it independent. He linked the hacks to the Strategic Support Force of the People’s Liberation Army.
In a hack surprisingly reminiscent of how "the Russians" got access to John Podesta's email, Area 1 said the hackers initially accessed the system using unsophisticated phishing techniques, sending an email with a malicious link or attachment to people inside the ministry in Cyprus.
“It only takes access to one of the parties to expose all the other secrets,” Mr Falkowitz said. “You just break the weakest link in the diplomatic chain.”
Of course, cynics may respond that this is just another convenient arrangement meant to escalate cyberwar tensions between the west and China.
The hack is the latest to involve China, whose government reached an agreement with the Obama administration in 2015 designed to curtail corporate espionage hacking companies to steal intellectual property or data, but it did not directly address more conventional cyber espionage against governments. As a trade war escalates between the US and China, the agreement is under pressure.
The thousands of hacked documents revealed concerns in the EU “about an unpredictable [President Donald] Trump administration and struggles to deal with Russia and China and the risk that Iran would revive its nuclear programme”, according to the New York Times, which also had access to the trove.
As for Cyprus being used as the entry point, that too is hardly a coincidence: the alleged use of the Mediterranean island as the "unwitting gateway" for the hack is likely to intensify some EU states’ security focus on Nicosia, after concerns about Russian money and influence there.
As the FT notes, the bloc is grappling separately to plug weaknesses in its financial supervision revealed by revelations that €200bn of suspect cash — largely from clients in Russia and other former Soviet republics — had flowed through the Estonian branch of Denmark’s Danske Bank.