“Containing” Iran, which was the central piece of American policy from 1979 to 1990, has again come to the forefront of US diplomatic efforts under the Trumpadministration.
Late Ayatollah Khomeini’s Islamic revolution in 1979 had not only ended Iranian alliance with the US but also threatened Saudi leadership of the Islamic world. US had found a willing partner in Saddam Hussein’s Iraq to contain Iran. He had his own axe to grind against his northern neighbor. Gulf funding to the project was an irresistible `bonanza’. After enduring a decade-long war that crippled Iraq, Saddam Hussein invaded Kuwait largely due to American diplomatic “inertia” and broken promises of Sheikdoms.
The US policy towards the region has since been one of “fire-fighting” with devastating consequences for the Middle East.
Today, Iran has grown much stronger than it was and is on the threshold of becoming a nuclear power. Islamic Jihad, created and nurtured by the US, Saudis and Pakistan, has transformed itself into a “Caliphate”, threatening not only its creators but also the world at large.
Iran is no more a Khomeini’s Islamic Republic. It is willing to be a responsible partner to maintain regional stability, although it demands to be recognized and treated as a prominent leader of the region.
This is not acceptable to Saudis and Israelis. So to Trump too. Thus, begins revival of “contain Iran” policy.
Secretary of State Rex Tillerson flew into Riyadh on22nd October, as part of his tour to the region to “gently” push Saudis and its allies to resolve their disputes with Qatar and revive Saudi-Iraq relations. Both the tasks are aimed at creating a unified front to confront Iran.
The inaugural session of the Saudi – Iraq Coordination Council was jointly opened by King Salman and Prime Minister Haider al Abadi in the presence of Tillerson. Saudis and other Gulf countries had earlier frozen their coordination council with Iraq, following Saddam Hussein’s invasion of Kuwait twenty-seven years ago.
Senior American officials have been working behind the scenes for better relations between Saudi Arabia and Iraq to take on Iran. Brett Mc Gurk, the American envoy to the international coalition fighting the ISIS, and former Assistant Secretary of State for Near Eastern Affairs Stuart Jones played a key role in promoting the revival of the coordination council.
Iraq is considered central to the policy of containing Iran, “then” as well as “now”. Why then Washington and Riyadh allowed the alliance with Iraq to break up in 1990 leading to the “misadventure” by Saddam, who had his own reasons to do what he did.
Poor Saddam had found himself pushed to a corner after the much-promised financial bonanza from three Sheikhdoms, Saudi Arabia, Emiratis and Kuwait, for Iraqi efforts to neutralize Khomeini’s Islamic revolution did not materialize. Iraq’s economy was devastated from the long-drawn war with Iran.
In one of the coordination council meetings, Iraqi pleadings for financial aid received heckles. An official, who was present in the meeting, later revealed to an Arabic publication that Kuwaiti representative derisively said, “send Saddam’s wife and daughters to earn money for him”. Enraged Saddam Hussein interpreted US Ambassador April Catherine Glaspie’s statement that “Washington had no opinion on Iraq-Kuwait relations” as a nod to go ahead and teach Kuwait a lesson.
Rest is history.
The clock has since turned full circle. The US and Saudis again want Iraq to be the bulwark against the“ambitious” Islamic Republic.
The old policies, however, are unlikely to work.
Iran is not the same any more. Iraqi Shiites are in power now in Baghdad and they are closely aligned with Iran to stabilize the country and the Levant. Russia has returned to the region to take the mantle of its predecessor, the Soviet Union.
Several new players are in the fray. Kurds tasted power and demand bigger pie. Re-alignments among the regional powers have shaken up strategic plans of the big powers. Iran, Iraq, and Turkey “ganged up” to nip in the bud Kurdish dream of an independent state. Notwithstanding the defeat of the Caliphate of the ISIS, the Jihadi groups continue to be a formidable force to reckon with.
The region cannot afford any further ill-conceived policies as any further instability would only serve as a fertile ground for Jihadi groups. There are other ways to keep Iran bound by rules. Middle East needs a more nuanced and well-considered policy from the US.
(The writer is former Additional Secretary, Cabinet Secretariat)
Bloody cyber- war raging in the Gulf
Believe it or not, a bloody cyber-war is raging in the Gulf region with
what were once local one-upmanship games for dominance becoming
internecine inter-state battles to the glee of foreign contractor-specialists
in cyberwar technologies. Pegasus spyware has come to put premium
even on the head of political dissidents to the dismay of rights
campaigners. Well, it may sound unbelievable but Pegasus’s
surveillance capacity is nearly limitless. It can control cell phones,
record conversations and even photograph all those in the vicinity of the
Frankly, the Gulf region is not new to offensive cyber ops. These date
back to November 2007 when the US and Israel had closed ranks to
cripple the Iranian nuclear program with malware Stuxnet. It took
Tehran three years to ‘discover’ the damage caused at its Natanz
uranium enrichment plant and other N- facilities. “Operation Olympic
Games” destroyed over five thousand centrifuges out of an estimated
nine thousand in use, and delayed Iran’s nuclear progress by more than a
What is unfolding these days is much wider in scale and concept.
Saudi Arabia and Israel are at the forefront of the new cyber-war. For
both the common enemy is Iran.
While Riyadh wants to undermine Tehran in all its glory, Tel Aviv’s
campaign seeks to engineer regime change and bottle nuclear ambitions
of Ayatollahs. Iranian financial and energy infrastructure is the focus of
Israel’s malware, known as Wiper and Flame. Iran’s central bank,
Ministry of Culture and drilling platforms were targeted besides nuclear
facilities in 2012 by Unit 8200, Israel’s equivalent of the American
NSA. The ‘stars’ virus infested governmental computer systems. The
Duqu Trojan prepared the stage for further strikes by stealing data.
Retaliation from Iran is on no less small scale with its focus as much on
espionage as disruption.
Basij, which operates under the Islamic Revolutionary Guards (IRG),
has created a “cyber army” with thousands of hacker-egg heads recruited
from universities and religious schools. Unlike the American and Israeli
cyber operations, which are conducted by professional intelligence
agencies backed by bottomless budgets, Iran’s capabilities are modestly
funded. Believe it or not the Iranian hacker campaign is disorganized as
well. They are exclusively overseen by the IRG and are composed of a
scattered set of independent contractors. They have, nevertheless,
proved that even a poor man can produce cyber weapons that have lethal
So it will be fair to talk about Iranian cyber adventurism first.
Early last year (2017) Iranian group, Leafminer, targeted networks in
Saudi Arabia, the UAE, Qatar, Kuwait, Bahrain, Egypt, Israel and
Afghanistan. Its weapons were two strains of custom made malware,
Trojan Imecab and Backdoor Sorgu, according to cyber security major,
Symantec. Trojan Imecab was used to set up a persistent remote access
account on the target machine with a hard-coded password while
Backdoor Sorgu enabled remote access.
Iranians have not spared the US. Defacement of Voice of America’s
websites was amongst their first disruptive acts against the ‘Big Satan’.
A group styled as the Izz ad-Din al-Qassam Cyber Fighters focused on
the American financial sector with its “Operation Ababil”. It caused
hundreds of millions of dollars in damage. The hackers stole more than
31 terabytes of data for financial gain. Among the victims were 36
American companies and five American governmental agencies besides
144 American universities.
No surprise, it was the most destructive cyber-attack on the United
States. It was the act of two Iranian corporate entities that employed at
least seven persons, according to the indictment delivered by the US
Justice Department eight months back. Three of them were part of the
Sun Army, an Iranian defacement group, whose modus operandi is
similar to Iranian Cyber Army and other state-aligned teams.
An Iranian espionage campaign, “Operation Madi,” has claimed upto
800 American victims. It was the handiwork of Mortal Kombat
Underground Security Team, a small group. Iranians are also said to
have gained access to the unclassified US Navy Marine Corps Intranet.
Just ahead of re-imposition of N- sanction recently, the US came under
renewed Iranian attack, according to cyber security firm FireEye’s report
released on 18th September. A group identified as Advanced Persistent
Threat 33 (APT 33) used phishing e-mail attacks with fake job
opportunities to gain access to an American aerospace organization
amongst others. The username of the group links it to the Nasr Institute,
a hacking group believed to be controlled by the Iranian govt.
Just before this audacious attempt, Iranians targeted seven Middle
Eastern countries – not for one day or one month but for three long years
between 2015 and 2017. A network reconnaissance outfit, APT 34,
carried out these attacks, according to Fire Eye. The targets were
financial, energy, telecommunications and chemical companies. The
group came to light because it logged into virtual private networks,
VPNs, from Iranian IP addresses, was active during normal Iranian
business hours and occasionally leaked Iranian addresses and phone
Iran also stands accused of mounting many cyber-attacks against GCC
countries. Of them, Operation Cleaver is particularly significant. It was
a series of coordinated cyber-attacks that infiltrated Kuwait, Saudi
Arabia, Qatar and the UAE targeting oil and gas industries,
telecommunications, airports, government entities.
Surprisingly, the Iranian hackers are not Iranian diaspora, as many like
to believe. An analysis of the documented Iranian hackers shows that
they are solely Iranians operating inside Iran; well they benefitted from
freelance Russian hacker – trainees. That is beside the point.
Saudi Arabia’s interest in cyber security was a sequel to Iran’s attack on
its national oil company Aramco twice in 2012 and 2016. The Iranian
hackers broke into the company’s digital infrastructure, infested over
30,000 computers with virus, “Shamoon”, and posted sensitive data on
the internet. This resulted in Aramco’s shut down for a while. In defence
of Iran, it is said that the trigger was provided by an attack on its major
oil terminal at Kharg Island. The hackers owed allegiance to a group
called ‘Cutting Sword of Justice’. In a statement they blamed Saudi
Arabia for crimes and atrocities in several countries, including Syria and
The 2016 malware strike on Aramco was well timed at the start of the
weekend so as to reduce the likelihood of discovery before maximum
harm could be inflicted. Aramco and several of its ancillary companies,
located in the hub of the Saudi petrochemicals industry, were forced to
shut down their networks. Further attacks against the Aramco were
reported last year (2017), which were assisted by freelance Russian
Riyadh has since created a variety of institutions to combat cyber threats
and has also tied up with foreign state agencies as well as private
companies in the US, Israel and Europe. On its part Washington has
increased its support for the development of Saudi Arabia’s cyber
capabilities under a $110 billion modernization deal. Crown Prince
Mohammed’s brain child Taqnia Cyber, a subsidiary of Public
Investment Fund, is being pump primed to become his cyber force for
security, and intelligence operations.
The UAE has built an extensive cyber warfare capability than any other
state in the Gulf region. This protective ring has become an absolute
necessity as it is the most targeted country in the Middle East and the
25 th most-targeted globally. Five percent of all global cyber-attacks
targeted the Emirates last year.
While battling Iran for regional supremacy, Saudi Arabia and its ally, the
UAE are trying to undermine Qatar and Oman with cyber bugs. The
first such ops was mounted in April- May 2017, which demolished the
myth of unity amongst the member nations of Gulf Cooperation Council
According to sequence of events now available, the attack began on the
evening of 19 April 2017 when hackers placed a bug on the website of
Qatar news Agency (QNA). Soon afterwards, the Emirates cyber
warriors exploited a vulnerability in QNA internal network code, gained
full control of the entire network and began mining data and text. On 23 rd
May, the hackers took over QNA’s system just before mid-night and
posted “incendiary” quotes attributed to Qatar’s Emir’s speech at a
military graduation ceremony.
The post was “tailored” to appear praising Iran as an Islamic power,
hailing Hezbollah and Hamas as resistance movements and criticizing
the regional policies of the United States. As if on queue Saudi and
Emirati media launched a blitzkrieg to malign Qatari Emir.
Qatari authorities promptly sought assistance from the US, which
dispatched FBI officers to Doha for investigation. Their findings show
that the QNA website experienced a 15-minute surge in the number of
visits – 41 visits -originating from the UAE in particular. The hike in the
number of visits showed the hackers’ eagerness to make sure that the
planted news had been circulated.
The Washington Post has corroborated the “hacking” story, sourcing its
information to American intelligence officials. “The United Arab
Emirates has orchestrated the hacking of Qatari government news and
social media sites in order to post incendiary false quotes attributed to
Qatar’s Emir that sparked the on-going upheaval between Qatar and its
neighbours,” the American daily reported. And added: “data analysis by
US intelligence agencies has confirmed that senior members of the UAE
government discussed the plan and its implementation a day before the
A big boost to Qatar’s campaign against the UAE has come from an
entirely unexpected quarter.
Global Leaks, an obscure group of hacktivists with a Russian e-mail
address, has hacked into the Hotmail account of Yousef al-Otaiba, the
UAE ambassador in Washington DC, and obtained communications
exchanged between senior Emirates officials, think-tanks, PR executives
and journalists “as a part of UAE lobbying efforts to shape American
foreign policy narrative biased against and detrimental to Qatar”.
To the great satisfaction of Qatar, the Global Leaks gave the hacked e-
mails to The Intercept, an on-line investigative portal, for publication. .
At least one group of hackers, who are either Russians or want to be
identified as Russians, appears to be working overtime as freelancers for
a number of Gulf States; their methods have a striking resemblance to
the methods adopted to hack into the Emirati ambassador’s mail box. A
number of Emirati diplomats as well as other public figures in the Gulf
region have also been their targets. Researchers Collin Anderson and
Cladio Guarnieri have nicknamed the group as Bahamut.
Latest development on Qatar-UAE cyber spat has another American
A prominent Republican fundraiser, and lobbyist, Elliott Broady, who is
also a Trump ally, has gone to the town with a legal campaign against
the Qatari government and its agents in Washington, DC. He runs an
intelligence firm, Circinus, and it has a multi-million dollar contract with
“My e-mail accounts are hacked and stories damaging my reputation are
put out in the American papers”, he claims. The leaked/hacked emails
showed Broady reporting to UAE representatives regarding the meetings
he had held with President Trump and senior administration officials.
Qatar’s natural gas company, RasGas, has also faced ‘cyber music’,
resulting in the shutdown of its website and email servers for some time.
The digital infrastructure that controls production and delivery was not
affected though. Two years ago, in 2016, a more damaging attack
occurred, and the target was Qatar National Bank (QNB), one of the
largest in the Middle East. Hackers managed to steal massive amount of
data including about half a million accounts and published them online.
One “folder” was labelled SPY reportedly containing information about
British (MI6), American, French, and Polish intelligence agents
stationed in Qatar. Other folders had labels that read: Al Thani Royal
family, State Security Bureau, Ministry of Defence and Al Jazeera.
DISSIDENTS ON TARGET
Now cut to cyber warfare targeted at dissidents in the Gulf countries.
The brutal murder of dissident cum journalist Khashoggi at the Istanbul
consulate of Saudi Arabia is only a tip of the iceberg. Cyber tools and
other infrastructure created by an Israeli company were used to lure him
to meet his end.
Edward Snowden, the whistle blower on American covert cyber
operations, who has taken refuge in Russia, has disclosed that the NSO
Group supplied Pegasus spyware used in the Khashoggi operation.
This very software was installed on the phone of Omar Abdulaziz,
another exiled Saudi dissident and a friend of Khashoggi. The two were
in regular cell phone contact and had no clue to being monitored by
Canadian research institute, Citizen Lab, has unearthed extensive abuse
of Pegasus spyware to target civil society by authoritarian regimes,
Saudi Arabian and Kuwaiti including.
Like Saudis, the UAE has made extensive use of spyware technologies
to target political dissidents. Ahmed Mansoor, a human rights activist,
is the latest victim. The spyware was installed on his telephone thus
keeping him under continuous monitoring. His email account was
hacked and an amount of $140,000 was ‘stolen’ from his bank account.
Mansoor has since been put behind bars.
There is an Israeli angle to the Emirates ops.
US-Israeli firm, Verint, is the lead contractor for its interception agency.
Emirati authorities have also set up a well-funded private company,
Dark Matter, to create advanced surveillance apparatus with the Israeli
Pegasus programme as the backbone. Eighty per cent of Dark Matter’s
revenues reportedly comes from Signal Intelligence Agency, the Emirati
equivalent of American National Security Agency (NSA). Of course,
the United States has been the primary source of the Emirate’s military
and intelligence apparatus, including cyber-warfare capabilities.
The honour of most highly surveilled country, however, goes to Iran,
going by Edward Snowden’s leak on a tool known as “Boundless
Information”. The ‘beneficiaries’ are the intelligence agencies of the US
and its partners, who have amassed billions of Iranian internet and
IMPLICATIONS FOR INDIA?
Honestly, there is no reason for worry to India from the unfolding Gulf
Cyber war and the consequent thriving business for foreign cyber
agencies and mercenaries from the US, Israel, and Russia. It cannot,
however, put on blinkers.
India has several business interests in the region. Chabahar Port, India is
building in Iran despite the US sanctions regime, has a strategic
importance, particularly in view of maritime cyber-attacks, which have
become a growing menace with several actors, both official and
mercenary, sharpening their tools.
Anyhow India also is not immune to such attacks. For instance, in June
2017, operations at India’s largest container port, Jawaharlal Nehru Port
were hit by Ransomware attacks.
It will be in India’s interest therefore, to put on a thinking cap. It can
make a beginning by offering to the Gulf countries assistance in cyber
technologies – an area the Indian Silicon Valley is acknowledged to
have made good strides.
Looming Chinese Informatized Warfare
Like the United States and the Europe, India is staring at heightened `Informatized warfare’ China has mounted in a big way in its march toward global dominance. Beijing has integrated its internet based espionage with its military command structure. And in line with the Confucian strategy of hiding capabilities from the preying eyes of the enemy, it is quietly placing under its shadow the cyber networks across the world to further its foreign and security policies.
India is `practicing ground’
Whether India likes to admit, much less concede, this big country with long borders and large population has been Chinese cyber wayfarers’ training, testing and sharp-shooting ground right from Day One. From expertise gained on this soil, Beijing has been spreading its cyber operations across the globe. It’s all a part of its strategic “Revolution in Military Affairs” (RMA) concept, launched at the turn of this century.
How China went about its India business makes an interesting study on how the Bamboo Capitalist regime carries out its modern day espionage operations. Using the cover of a Hong-Kong based internet service provider, and a Port Luis (Mauritius) based shell company, it set up its Indian venture, ‘Now India’ in 1999. Those were the early days of Internet boom in the Indian capital.
The Chinese company offered `compact discs’ that helped an eager netizen quick access to the Internet. I have seen the disc on sale at a throw away price at the most unlikely places. Pan shops, neighbourhood kirana stores and roadside petrol pump – you name it, the Chinese were everywhere with their disk tantalizing the Indians whom the state-owned MTNL and BSNL were taking for a ride.1
Unknown to the Indian netizens, the disc had an embedded Remote Administration Tool (RAT).2 And it made the personnel manning the India centric servers based in Hong Kong work in multiple shifts. This `backdoor’ entry, needless to say, gave the Chinese a foothold in burgeoning internet market. Well, like all Chinese dreams, this dream of capturing the Indian space did not last long. The Indian sleuths literally caught the Chinese with their pants down.
This exposure has not deterred the Chinese telecom companies suspected to have close links to their military intelligence. They have set up their branches in India and continue to expand their businesses supplying telecom products and services. One such company is Huawei.
Founded by Ren Zhenfei, a former engineer in People’s Liberation Army, Huawei set up its first overseas R&D centre in Bangalore in the year 1999. The Chinese and Indian employees were segregated. The Indian staff were made to confine their movements to the ground and the first floor of their sprawling complex. Many Chinese experts were brought in regularly. Some came to master IT intricacies. Some were there simply to learn English language. The Chinese worked in such secrecy that the Indian staff had no clue whatsoever.3
Today, Huawei’s Bangalore R&D centre is the largest among all of its overseas centres.4 Huawei and other Chinese technical giants like ZTE have major presence in the countries around India, particularly in the areas bordering the country. They are laying fiber-optic cable along the whole length of road network into Pakistan and further that China is building as part of its CPEC (China-Pakistan Economic Corridor) and BRI (Border and Road Initiative).
Chinese smart phone brands have come to dominate India, with leading Bollywood stars acting as their brand ambassadors. Xiaomi, Vivo, and Oppo are popping out of roadside shops, while Huawei, with its Honor 9 Lite and Honor 7X doubled its sales to enter the top five league in the first quarter of this year. Together, the Chinese brands have grabbed 57 per cent of the Indian market.5 On its own Xiaomi has cornered 31.1 per cent share and is ahead of the pack, followed by Samsung 26 per cent, Vivo 5.8 per cent, and Oppo 5.6 per cent.
These Chinese brands are now attempting to enter smart TV and IOT (Internet of Things) market in India, which give direct access to peoples’ living rooms.
What is the cumulative effect of these Chinese market forces? On the one hand, it has met the animal instincts of the middle class that is forever on the look out to make a fashion statement. On the other hand, it has given the Chinese informative warriors the leeway they always wanted to gate crash into the land that is home to the Buddha.
Africa had no clue to what Chinese largesse means
The African Union has recently found to its horror that all communications from its headquarters in Addis Ababa had been routinely monitored by the Chinese government since 2012, according to an investigation by French newspaper, Le Monde.
“Every night, between midnight and 2 am, there was a strange peak in data usage – even though the building was almost entirely empty. Upon further investigation, the technicians noticed something even stranger. That data – which included confidential information – was being sent to servers based in Shanghai.”6
South African daily, Mail & Guardian (29 Jan 2018) remarked: “The African Union’s shiny new headquarters was built and paid for by the Chinese government, as a gift to its ‘African friends’. But when the building was officially opened in 2012, China left a backdoor into the African Union’s computer network, allowing it to access the institution’s secrets at will.”7
China has built and donated such grandiose edifices, along with full-spectrum communication network, in many countries in Africa and South Asia. They may all be potential instruments for Chinese espionage, sabotage and informatized operations.
It is possible, therefore, the Chinese spies have had a hearty laugh while viewing the `live coverage’ of closed door annual conference of the Committee of Intelligence and Security Services of Africa (CISSA) held at the Chinese-built Friendship Palace hall in Sudanese capital of Khartoum last year. Senior officials of African and Western intelligence agencies attended the meet and exchanged notes on threat perceptions.8
Corporate reluctance to disclose hacker attacks
The intelligence agencies, whose job is to keep tabs for national security, have picked up early trends of Chinese hackers targeting Indian telecom, pharmaceutical and IT companies. Admittedly most companies have no clue of their systems being compromised; but reality is some ‘wounded’ companies prefer not to disclose fearing damage to their image and commercial losses.
Like, the American rating agency, Equifax, which has ignored FBI advisory to sue the Chinese for hacking its system and stealing highly sensitive personal data on more than 140 million American consumers- all for fear of losing the image. In 2015. Some Equifax employees moved to China to take up local jobs. Many of them, if not all, are feared to have carried with them thousands of pages of proprietary information to the Chinese shores.9 Who said espionage is unidirectional.
Doklam border standoff finally stirred New Delhi to act
The 2017 Doklam standoff has brought into open the latent concerns of Chinese penetration into Indian telecom services. “The government has raised red flags regarding the use of Chinese equipment in telecom and other sectors. Indian telecom companies were sensitized about the vulnerability of equipment and products imported from China,” according to the then Union Home Secretary Rajiv Mehrishi.
India is home to 21 smart phone companies, most of them Chinese. The Ministry of Information Technology has since decided to audit the procedures and processes adopted by them to ensure security and privacy of users’ data.10
As many as 42 Chinese apps are classified as ‘spyware’. ‘Mi Store’ (found on all Xiaomi smartphones), ‘ShareIt’ (apps for file transfer), and ‘WeChat’ (messaging app) are prominent among them. ShareIt is one of the most popular apps in India. Last November the Indian armed force personnel were told to “remove and de-install” these Chinese apps.
“As per reliable inputs, a number of Android/IOS apps developed by Chinese experts or having Chinese links are reportedly either spyware or other malicious ware. Use of these apps by our force personnel can be detrimental to data security having implications on the force and national security,” the defence ministry said. 11
Indian counter-measures were a sequel to the warnings from cyber-security firms. Kryptowire, for instance, has raised concerns over a Chinese firm transmitting cell phone data, including contacts and text, to servers in China. “The company, Shanghai AdUps, by passed Android permission mode, executed remote commands with escalated privileges and was able to re-programme the device,” according to IT ministry officials, who know their onions.
Huawei, ZTE, Apps banned in several countries
Only last week, India excluded Huawei from a group of companies that have been invited to join in trails for the launch of 5G technology in the country.12 Australia has already banned Huawei and ZTE Corp from supplying equipment to 5G telecommunication networks on national security grounds. The Australian action followed British intelligence inputs that core switches installed by Huawei in one of its contracts were behaving suspiciously and were potentially letting data in and out to a third party.13
Australian military has also banned WeChat since April on security grounds, saying “the Chinese messaging and e-payment app was caught sending data to intelligence servers located in Beijing”. “About 30 gigabytes of data was stolen in a cyber-attack, including details of Joint Strike Fighter warplane and P-8 Poseidon surveillance plane,” according to Mitchell Clarke from the Australian Signals Directorate intelligence.14 He did not identify the source and time of attack but an Australian newspaper reported “the hacker was based in China.”15
A month after the Australian action, the US Dept. of Defense ordered a halt to sale of Huawei and ZTE phones at its military bases across the world.16 This is a sequel to concerns that Beijing could “order Chinese manufacturers to hack into products they make to spy on or disable communications.” Earlier in February, US intelligence chiefs cautioned even ordinary Americans against buying Huawei products. Pentagon banned Huawei telecom products like routers since 2014 on espionage concerns.
Expectedly, most of the detected Chinese cyber-operations against US industry focused on defense contractors or tech firms supporting government networks. Early this year, China hacked a US Navy contractor and secured a trove of highly sensitive details on submarine warfare. They have stolen 614 gigabytes of material relating to a closely held project, Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and Navy submarine development unit’s electronic warfare library.17
Over the years, the Chinese have stolen designs of the F-35 Joint Strike Fighter, the advanced Patriot PAC-3 missile system; the Army system for shooting down ballistic missiles known as Terminal High Altitude Area Defense and the Navy’s new Littoral Combat Ship amongst other prized possessions.
Most of these hackings were carried out by the Chinese Ministry of State Security, (MSS), a civilian spy agency, US investigations show. The hackers operated out of an MSS division in the province of Guangdong, which houses a major foreign hacking department.18
The Chinese were behind the theft in 2015 of more than 22 million American records on federal workers, including extremely sensitive data on security clearance holders that can be used by China for intelligence recruitment and future cyber-attacks. Following this disclosure, CIA had to recall many of its officials operating from China. Many of CIA agents, who are Chinese citizens, were arrested.
The Chinese hackers broke into the electronic system of US Securities and Exchange Commission (SEC) last year and gained access to public-company filings. They exploited a software vulnerability in a part of the agency’s data base may have traded on the information stolen. SEC has since sued three Chinese traders, who allegedly earned more than $4 million using stolen data of Cravath, Swaine & Moore LLP and Weil, Gotshal & Manges LLP, which represent Wall Street banks and Fortune 500 companies.19
US Immigration and Customs Enforcement Bureau also has raised red flag about the Chinese drones. The American and Canadian markets are dominated by drones made by Da Jiang Innovations Science and Technology Company, (DJI). In a memo the Bureau said, they have moderate confidence that DJI’s commercial drones and software are “providing US critical infrastructure and law enforcement data to the Chinese Government.”20
Symantec, FireEye, and several other net vigilantes have noticed in recent days revival of some old Chinese hacking groups like Thrip and Temp.Periscope with upgraded capabilities. Their target: defense and shipping companies. Symantec Corp has warned as early as June that a sophisticated hacking campaign launched from China burrowed deeply into satellite operators, defence contractors and telecommunication companies in the US and South-east Asia.21
Chinese `lobby’ in Washington DC managed to lull any punitive reaction
Washington DC has always been in know of Beijing’s cyber exploits into the networks of the US military and technical research institutions. However, Chinese `lobbies’ in the US managed to lull both the Democratic and Republican administrations to believe that `positive engagement’ with Peoples’ Liberation Army and other institutions would bring desired change in Chinese behavior.
Alas! Contrary to desired change, that has given much greater access to the Chinese leading to heavy monetary losses and military compromise. “Since the early 2000s, cyber espionage issues have increasingly strained U.S.-China relations… By 2011, the eye-popping scope of China-based cyber espionage catapulted the issue to center stage, as new intrusions into U.S. corporate and government networks were reported on a regular basis.”
The seriousness of American resolve to punish China for these activities convinced President Xi Jinping to sign an agreement in September 2015 with President Barak Obama to refrain from commercial cyber-espionage against the US. Thus, averted any punitive action. China signed similar agreements, soon after, with the UK and Canada as well, indicating the extent of Beijing’s cyber penetration operations in Americas and Europe.
Curtains down on Sino-American Bonhomie
Against this backdrop, President Donald Trump’s anti- China tirade makes sense. You can find fault with his methods but not with the assertion that Beijing is taking undue advantage of American institutions, both economically and militarily. US Congress too has applied close scrutiny of American companies partnering with Chinese telecom and technology firms. As a result, Facebook wound down its Huawei deal and it assured that no user data was stored on Huawei’s servers. AT&T too backed out of a deal to buy smartphones from Huawei.22
Google and Twitter are also questioned about their partnerships with Chinese phone maker Xiaomi, and tech giant, Tencent Holdings Ltd. Google has partnered with Xiaomi on several products, including phones in India. Google joined with Huawei earlier this year in a deal allowing devices made by the latter to use Google’s Android Messages service to send texts, photos and other media.
In a series of moves, Trump administration and lawmakers have largely restricted the footprint of Huawei, ZTE and other Chinese companies in the US.
What lies ahead
This Great Game of `Informatized Warfare’ is not going to end; it will become more and more sophisticated and even fierce. Agreed as of now, it is beneath a threshold to prevent punitive counter-measures; it will become a no-bar fight to finish in the event of military clashes. The one with better cyber-warfare capabilities wins the battle without a shot to fire.
The only way a nation safeguards itself from informatized warfare is to build its own capabilities without becoming dependent on others. Countries like the US are placed at an advantageous position primarily because of their technical muscle. India is sadly nowhere in these sweepstakes.
In fact, different wings of the government are working at cross purposes in matters relating to China. The business class is no exception. Motivated as they are of quick profits, the business class has allowed the Chinese to dump their low end products at throw away prices and thus kill India’s very own small and medium scale industries, which are the real job creators in the country. While Chinese products cannot be entirely eliminated from Indian market because of their cost-effectiveness and technology, India should be in a position to advise its people if these products are trust-worthy.
This flip-side notwithstanding, there is no denying that as a software power, India has the capability in terms of human resources; it has edge in terms of technology. Domain expertise is spread over some security agencies and private corporations in the country as well. But, what India is lacking is unity of purpose, effective leadership, large and purposeful governmental investments in R&D, and better utilization of expertise. It will do well to put together a coordinated program for a `strategized information warfare’ by co-opting selective private corporations, which individually have neither the vision, financial capability nor the motivation to think beyond quick profits.
Put simply, the government must be the real driving force both for near term and long term requirements since the highly digitalized society has become an open play ground for China’s state-sponsored hacking groups, and spies alike.
1. Author’s personal observations
2. Author’s discussions with former Telecom officials and technical experts
3. Author’s conversations with IT experts whose friends worked in Chinese companies during 2000-2003 period.
COLD WAR-2 HAS BEGUN, UGLY SHOWDOWN EXPECTED ANYTIME
The US Administration has opened up a no-holds barred offensive against China and Russia as the two dared to challenge American supremacy in cyber space. It has now decided to aggressively project its power and `name and shame’ the nation-states allegedly involved in influencing elections and other sabotage activities in the US and allied countries.
President Donald Trump himself set the tone to this aggressive approach when he accused China, at his recent UN address, of launching an `information and propaganda warfare’ aimed at tarnishing his image and thus affect his and his party’s poll prospects in the upcoming elections. “China is trying to meddle in our elections…we’re not going to let that happen, just as we’re not going to let that happen with Russia, “the maverick demagogue thundered.”
The charges were elaborated by Vice President Mike Pence in his acerbic speech at the Hudson Institute in Washington, DC last week. He said that China has initiated an unprecedented effort to influence American public opinion, the 2018 elections, and the environment leading into the 2020 presidential elections. “To put it bluntly, China wants a different American President,” he told the audience.
“Beijing has mobilized covert actors, front groups, and propaganda outlets to shift Americans’ perception of Chinese policy,” he said and went on to quote a senior intelligence official: “what the Russians are doing pales in comparison to what China is doing across this country.”
“China is targeting the US state and local governments and officials to exploit any divisions between federal and local levels on policy. It’s using wedge issues, like trade tariffs, to advance Beijing’s political influence.” He referred to a sensitive document circulated by China in June, which laid out its strategy: “strike accurately and carefully, splitting apart different groups” in the United States of America.
The Chinese tariffs “specifically targeted industries and states that would play an important role in the 2018 election,” he said. “By one estimate, more than 80 percent of US counties targeted by China voted for President Trump and I in 2016; now China wants to turn these voters against our administration.”
In a further blow to China, Bloomberg business weekly published last week an investigative report which exposed a major supply-chain hack that compromised Amazon and Apple amongst 30 American companies, and thus gave Beijing access to sensitive networks. A unit of the Peoples’ Liberation Army (PLA) reportedly inserted a tiny malicious chip in mother boards, the manufacture of which was sub-contracted to Chinese companies by the California-based Supermicro.
Servers, equipped with such mother boards, were found in Department of Defense’s data centers, the CIA’s drone operations and onboard networks of Navy warships. The chips allowed the attackers to create a stealth doorway into any network that included the altered machines.
Beijing is believed to have gained tremendous access to international systems as 75 percent of the world’s mobile phones and 90 percent of PCs are of Chinese-origin.
Both Apple and Amazon denied the reports, but six current and former senior national security officials confirmed the discovery of the chips and investigations that followed. One of the officials stated, “China’s goal was long-term access to high-value corporate secrets and sensitive government networks.”
Faced with such onslaught, Trump administration has rescinded the Obama-era presidential directive and issued a new national Cyber strategy last month. It provides for a more aggressive approach to deploy offensive operations against nation-states and criminal groups in the digital domain. It envisions a robust role for the Pentagon and US Cyber command in protecting elections, defending US critical infrastructure and coordinating and sharing cyber threat data with the private sector.
The Department of Defense (DOD) rolled out its own cyber strategy in line with the national cyber strategy. Announced last month, it decreed that `deterrence is no longer the prominent pillar of its cyber defense strategy and declared that the US has moved past preparations for defense and will now confront the adversary on its home turf.
Former senior intelligence officials from the CIA and NSA are unanimous on the need for a more robust deterrence to counter nation-states. The threat of counter-attacks in the digital domain has not been effective against these adversaries as it is very difficult, if not impossible, to attribute the source of attack, they aver.
Michael Morell, former Acting Director of CIA, Michele Flourney, former Under Secretary of Defense Policy and Rick Ledgett, former Deputy Director of NSA attribute the Chinese cyber aggression to the US failure to deter Russia from interfering in American elections. “As the US did not deter Russia from interfering in American elections, China is now encouraged to follow suit in a much more clinical way”, these intelligence Tsars told a panel discussion at Georgia Tech last week. They said that deterrence only works when a cyber-attack is responded to by a coordinated strategy that includes not only a counter-attack in cyber space but also other non-digital means such as economic sanctions, diplomatic, military and propaganda means.
In such a coordinated approach with allies Britain and the Netherlands, the US indicted last week seven agents of Russia’s military intelligence, GRU, for plots against American and European targets. The indictments include charges of money laundering, using virtual currencies like bitcoin, wire fraud and identify theft. Dutch security services said they had thwarted a Russian cyber-attack on the global chemical weapons watchdog, the OPCW.
British Foreign Secretary Jeremy Hunt declared that GRU was almost certainly behind the BadRabbit and World Anti-Doping Agency attacks last year, the hack of the Democratic National Committee (DNC) in 2016 and the theft of emails from a UK-based TV station in 2015. Suggesting photographic evidence of the involvement of GRU agents in the chemical attack against former Russian secret agents in Salisbury, the British government decided to go on the offensive and broaden the case against the Russian military intelligence.
While the Chinese and Russian governments have vehemently denied the allegations, it is a fact beyond doubt that Beijing marched much ahead of Moscow in perfecting its technical prowess to access world systems and manipulate them in a way that benefits its foreign, military and domestic agenda.
Neither the US nor the UK is an angel. After the exposures made by estranged US defense contractor Edward Snowden on the extent of covert cyber operations of the NSA and CIA, the pretensions of Washington DC to take a high moral pedestal is not tenable, anyhow.
The truth is that the US and its allies on one side and China and Russia on the other are battling for supremacy and power projection. It is difficult to predict the outcome of this `Cold War – 2’, but it does not portend well. There is thus an urgent need to nudge these powers to reach an international agreement setting the rules of the game, on the lines of nuclear or space accords. Countries like India will do well to take the lead in their own interest.