Hackers for hire: How the Chinese Communist Party is trying to monitor the entire world
The Chinese Communist Party appears to have an ambition to monitor the whole world, using all the manpower at its disposal, as ITV News Asia Editor Debi Edward reports
In February, a leak from an anonymous source lifted the lid on China’s network of state-affiliated hackers.
Hundreds of chatlogs and files from a company called iSoon (AnXun) were uploaded to an open-source code database.
The documents gave a rare insight into an inherently clandestine industry, so analysts and journalists pored over the details.
The cache of documents showed professional hackers were paid to infiltrate national databases in more than 20 countries. The company’s website presents an array of cyber-attack services it can provide.
It was clear work was being done on behalf of China’s public security bureaus and even its military, indicating the Chinese state operates a hackers-for-hire industry.
There were several references to the UK: In one log we found what looked like a shopping list of British government agencies and organisations.
It named Chatham House and the charity Amnesty International as targets of interest. And the Foreign Office was mentioned as being of particular value.
In the months since the British government has named and shamed Chinese state-affiliated actors as being behind several cyber-attacks on the UK, it has sanctioned two individuals and one company.
Last month, Chinese hackers were linked to an attack on the private contractor that runs the Military of Defense (MoD) payroll.
At the start of the general election campaign, MI5 and MI6 said the country should be on high alert for cyber-attacks from hostile states mentioning China, along with Russia and North Korea.
A group of Russian hackers is demanding a ransom after infiltrating NHS computer systems last week, and on Friday started to publish allegedly sensitive data online.
We set out to track down the Chinese entities named by the British government for cyber campaigns against our MPs, the MoD and the electoral commission.
In Wuhan, at the official headquarters of Xiaoruizhi, a company sanctioned by the UK there has no physical evidence that it even exists.
At its registered address, we found a company with a completely different name.
We asked at the security gate but the guard couldn’t or wouldn’t tell us anything about Xiaoruizhi.
At a human resources company in the city from where Xiaoruizhi workers are known to have been recruited, we were invited in for tea while they checked out the details we had given them.
A woman who at first appeared willing to help came back to tell us that her boss was travelling and so she couldn’t help us at that time.
The change in her demeanour suggested she’d been told to send us away.
Naturally, it ended up being online where we picked up a trail, leading us into China’s shady network of hackers.
On the dark web, we gained access to sites where one hacker claimed to be selling data from register to vote UK. The sales sample also included usernames, emails and passwords, with references to the Universal Credit and immigration systems.
Several pages showed the financial information of British citizens and one from a casino company showed the credit details of almost half a million people.
It was shocking to see such sensitive information traded by sinister actors on the Chinese dark web.
On the dark web forums, it appeared that many Chinese hackers were vying for assignments in foreign countries, suggesting there is a growing marketplace for datasets from countries around the world.
This backs up what we saw in the i-Soon leak, where it looked like foreign intel was being hacked anticipating there would be interest in it from clandestine services in China.
Nigel Inkster a former Deputy Director of MI6 believes both private and public datasets are being weaponised. He is now the Senior Advisor for the International Institute for Strategic Studies (IISS) on Cyber Security and China.
He told us there has been too much naivete in dealing with China, saying: “China is uniquely, promiscuous and voracious in terms of the kinds of information it is, seeking to collect.
"And this means governments need to rethink, what it is that requires, protection because, the reality in today's world is that, data sets that we hitherto have not considered very, important may actually be more important than we think and make us more vulnerable.”
Bringing together publicly available information, a rare bank of leaked data and expert analysis, we built a picture of China’s giant cybersecurity industry.
At its roots are hackers who are being trained at what we assess are hundreds of specialist facilities.
Graduates are given the guarantee of a job in a complex web of private and state-owned enterprises.
They operate directly, or indirectly with domestic public security bureaus or for the mighty Ministry of State Security which runs foreign intelligence. The MSS acts on the orders of the Chinese communist government.
There are almost 4,000 cyber security companies operating in China, in a market worth £5 billion a year, and growing.
Many of those companies are private cyber security contractors, like i-Soon, who are helping the Chinese government scale up their cyber operation capability, offering the country a major manpower advantage and potential scope, compared to Western rivals.
Want a quick and expert briefing on the biggest news stories? Listen to our latest podcast episode to find out What You Need To Know...
It has already given China the edge when it comes to data collection through hacking means.
We travelled to Taiwan to meet with experts from Team T5, a cyber security company.
In Taiwan, cyber-attacks from China are a persistent threat and we had spoken to Team T5 earlier in the year when they were tracking Chinese cyber threats during the Taiwanese elections.
One of their lead analysts, Charles Li believes too many people just see one-off cyber-attacks that don’t appear to achieve much.
But he says it is all part of a wider, long-term strategy to know the enemy and build a data bank that can be used against them.
“They realised, it is very hard for China to fight with us in traditional areas like, land, sea or airspace. And so if they can dominate the cyber war, it means, they have this, chance to fight with these Western countries. So that's their long-term strategy.”
We asked Team T5 to show us an example of one of the most common methods used by hackers to target individuals, like members of parliament.
They ran me through a mock email phishing exercise whereby I received an email which looked like it had been sent by an economic think-tank in Taipei, following up on my interest in the Taiwanese election.
The email was formal and polite, and those writing it had clearly been monitoring my reporting to be able to mention specific details which made it look more legitimate. It contained a link to a PDF with the economic information which they said might be of interest.
When I clicked on the PDF, sure enough, it had articles with useful information, and there was no sign to be that in the background all the data on my computer was being transferred to my (in this case fake) cyber attacker.
With the information they could get from my computer, they could easily access my company and anyone I’d been in communication with.
It's a very common tactic but Chinese hackers have made it more sophisticated by selecting and monitoring targets very carefully so that when they strike it has a greater chance of success.
There was no response to our requests for interviews or a statement from the relevant Chinese government departments.
In the past, the Foreign Ministry has condemned the UK for politicising the issue of cyber security and dismissed any hacking accusations as lies.
The Chinese Communist Party appears to have an ambition to monitor the whole world, using all the manpower at its disposal.
Have you heard our podcast Talking Politics? Every day in the run-up to the election Tom, Robert and Anushka dig into the biggest issues dominating the political agenda…