Beware state-based actors looking to kick down digital doors
The digital environment has created a new front for espionage, and foreign jurisdictions have been busy trying to kick down the digital doors of Australian government institutions, private businesses and universities.
Cybersecurity threats from state-based actors are at the forefront of security agencies’ activities. They also surface in public statements from political leaders, who warn corporations and other institutions to improve their security or they could find some clever digital pickpockets taking a look at secrets.
A prominent series of attacks received media attention in June 2020 when prime minister Scott Morrison noted a spate of coordinated and sustained attacks on government and corporate systems by a sophisticated state actor.
“Based on advice provided to the government by our cyber experts, the Australian Cyber Security Centre (ACSC), Australian organisations are currently being targeted by a sophisticated state-based cyber actor,” the prime minister said. “This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.”
Cyberattacks are commonly understood to be how countries might seek to gain leverage over other jurisdictions. Professor John Blaxland from the Australian National University says it highlights the danger of governments, universities, companies and individuals becoming more web-dependent and vulnerable.
Blaxland says the old techniques of interference or subversion used by countries to spy on others during the analogue era of the Cold War had been super-enabled by the internet and digital technology. “The field of opportunities has just grown exponentially for malevolent actors to behave in a way that is inimical with the interests of individuals, of public entities, of corporations, and of small, medium and large enterprises, and of nations,” Blaxland says.
We also need to adopt a more nuanced term than ‘Cold War’ in the current context, he says. A better way of looking at the current global climate is understanding how countries cooperate, compete, participate in contestation, coerce and conflict.
“We cooperate on a range of issues internationally with China and Russia and other countries with whom we’re in conflict in some respects,” Blaxland says. “We cooperate on internet protocols, international communication standards, procedures and protocols.”
He says there are many areas in which countries compete, contest territory, coerce other nations and engage in conflict. Each factor needs to be carefully thought about rather than assessed through past simplistic narratives. “There is limited utility in harking back to the Cold War model when we’re thinking about problem-solving for the present and the future, particularly in the digital domain,” he says.
Using social media to influence and attack
Attempts by state-based actors to pick digital locks and enter national government infrastructure and corporate systems are one way to disrupt another jurisdiction. A more visible approach is the way certain countries use web-based platforms to launch political attacks.
The Oxford Internet Institute has looked at the overt way China uses online platforms to attack countries as a part of its ‘wolf warrior’ approach to international affairs. It reviewed Twitter and Facebook posts published between June 2020 and February 2021 and found Chinese diplomats tweeted 201,382 times over nine months – an average of 778 tweets each day.
Tweets from this diplomatic cohort received almost 7 million likes, a million comments and approximately 1.3 million retweets. Chinese diplomats posted 34,041 times on Facebook during the same period.
Ten state-controlled media outlets were also monitored for this study, and they managed about 176 accounts on Twitter and Facebook.
Researchers also found that accounts used by Chinese diplomats or state-controlled media aren’t labelled consistently. “Many social networking firms have introduced transparency labelling for foreign government officials and state-controlled media organisations. Yet, we find that these labels are used inconsistently,” the report says. “For example, on Twitter, only 14% of PRC diplomat Twitter accounts are labelled as government-affiliated.”
More than one in 10 retweets of Twitter posts by Chinese diplomats were carried out by accounts that were later suspended, the researchers found.
US-based think tank RAND Corporation published a report in July 2021 that outlined the tactics used by China to develop its use of disinformation on social media for military purposes. Key recommendations include raising awareness of how countries such as China use social media disinformation and for the US Air Force to incorporate adversary social media disinformation in wargaming.
There are circumstances where foreign countries seek to insert themselves into domestic debates. An example is the intervention of China and Russia in the QAnon conspiracy discourse in the US.
A study published in April 2021 by The Soufan Center and content analysis firm Limbik found that China, Russia, Saudi Arabia and Iran sought to participate in internal American debates as a way of widening the rifts between different political and social movements. There were 166,820 Facebook posts analysed as a part of this study, and an average of 19% of the posts originated from jurisdictions other than the US.
Russia is usually considered the most likely state actor to use online tools to stoke disquiet in other jurisdictions. Analysis of posts from 2020 showed Russia accounted for 44% of posts from a foreign player while 42% were traced to China. Iran pushed out 13 per cent of those posts traced to foreign parties and 1% came from Saudi Arabia. The Soufan-Limbik team gathered evidence that showed China had begun to gain ground and was more prolific than Russia in the latter part of 2020.
The Soufan Center recommended that the social media platforms review their de-platforming policies, given the evidence that state-based actors are more involved in seeking to influence the political climate in other countries.
The struggle to maintain Australia’s cybersecurity
- How well is Australia prepared for cyber threats in 2022 and beyond?
- Cat and mouse: why ransomware is an evolving organisational threat
- How we’re losing the arms race against deepfake technology
- Beware state-based actors looking to kick down digital doors
- Cybercrime’s shifting sands: which industries are most vulnerable?
- Digital tools allowing extremism to flourish around the world
- What skills do we need on the cybersecurity front line?
- Clear and present dangers: understanding and preparing for cyber threats
- Time for government to put its foot on the cloud accelerator
- Two common tech myths holding back public sector innovation