Text size: A A A

Beware state-based actors looking to kick down digital doors

The digital environment has created a new front for espionage, and foreign jurisdictions have been busy trying to kick down the digital doors of Australian government institutions, private businesses and universities.

Cybersecurity threats from state-based actors are at the forefront of security agencies’ activities. They also surface in public statements from political leaders, who warn corporations and other institutions to improve their security or they could find some clever digital pickpockets taking a look at secrets.

A prominent series of attacks received media attention in June 2020 when prime minister Scott Morrison noted a spate of coordinated and sustained attacks on government and corporate systems by a sophisticated state actor.

“Based on advice provided to the government by our cyber experts, the Australian Cyber Security Centre (ACSC), Australian organisations are currently being targeted by a sophisticated state-based cyber actor,” the prime minister said. “This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.”

Cyberattacks are commonly understood to be how countries might seek to gain leverage over other jurisdictions. Professor John Blaxland from the Australian National University says it highlights the danger of governments, universities, companies and individuals becoming more web-dependent and vulnerable.

Blaxland says the old techniques of interference or subversion used by countries to spy on others during the analogue era of the Cold War had been super-enabled by the internet and digital technology. “The field of opportunities has just grown exponentially for malevolent actors to behave in a way that is inimical with the interests of individuals, of public entities, of corporations, and of small, medium and large enterprises, and of nations,” Blaxland says.

We also need to adopt a more nuanced term than ‘Cold War’ in the current context, he says. A better way of looking at the current global climate is understanding how countries cooperate, compete, participate in contestation, coerce and conflict.

“We cooperate on a range of issues internationally with China and Russia and other countries with whom we’re in conflict in some respects,” Blaxland says. “We cooperate on internet protocols, international communication standards, procedures and protocols.”

He says there are many areas in which countries compete, contest territory, coerce other nations and engage in conflict. Each factor needs to be carefully thought about rather than assessed through past simplistic narratives. “There is limited utility in harking back to the Cold War model when we’re thinking about problem-solving for the present and the future, particularly in the digital domain,” he says.

Using social media to influence and attack

Attempts by state-based actors to pick digital locks and enter national government infrastructure and corporate systems are one way to disrupt another jurisdiction. A more visible approach is the way certain countries use web-based platforms to launch political attacks.

The Oxford Internet Institute has looked at the overt way China uses online platforms to attack countries as a part of its ‘wolf warrior’ approach to international affairs. It reviewed Twitter and Facebook posts published between June 2020 and February 2021 and found Chinese diplomats tweeted 201,382 times over nine months – an average of 778 tweets each day.

Tweets from this diplomatic cohort received almost 7 million likes, a million comments and approximately 1.3 million retweets. Chinese diplomats posted 34,041 times on Facebook during the same period.

Ten state-controlled media outlets were also monitored for this study, and they managed about 176 accounts on Twitter and Facebook.

Researchers also found that accounts used by Chinese diplomats or state-controlled media aren’t labelled consistently. “Many social networking firms have introduced transparency labelling for foreign government officials and state-controlled media organisations. Yet, we find that these labels are used inconsistently,” the report says. “For example, on Twitter, only 14% of PRC diplomat Twitter accounts are labelled as government-affiliated.”

More than one in 10 retweets of Twitter posts by Chinese diplomats were carried out by accounts that were later suspended, the researchers found.

US-based think tank RAND Corporation published a report in July 2021 that outlined the tactics used by China to develop its use of disinformation on social media for military purposes. Key recommendations include raising awareness of how countries such as China use social media disinformation and for the US Air Force to incorporate adversary social media disinformation in wargaming.

There are circumstances where foreign countries seek to insert themselves into domestic debates. An example is the intervention of China and Russia in the QAnon conspiracy discourse in the US.

A study published in April 2021 by The Soufan Center and content analysis firm Limbik found that China, Russia, Saudi Arabia and Iran sought to participate in internal American debates as a way of widening the rifts between different political and social movements. There were 166,820 Facebook posts analysed as a part of this study, and an average of 19% of the posts originated from jurisdictions other than the US.

Russia is usually considered the most likely state actor to use online tools to stoke disquiet in other jurisdictions. Analysis of posts from 2020 showed Russia accounted for 44% of posts from a foreign player while 42% were traced to China. Iran pushed out 13 per cent of those posts traced to foreign parties and 1% came from Saudi Arabia. The Soufan-Limbik team gathered evidence that showed China had begun to gain ground and was more prolific than Russia in the latter part of 2020.

The Soufan Center recommended that the social media platforms review their de-platforming policies, given the evidence that state-based actors are more involved in seeking to influence the political climate in other countries.

The struggle to maintain Australia’s cybersecurity

The Australian Cyber Security Centre received more than 67,500 cyberattack reports during 2020-21. That's one every eight minutes.
Not only are ransomware attacks more sophisticated and frequent, they’re becoming more targeted and personal.
As synthetic media technology — deepfakes — continues to improve, detection becomes even more difficult.
With the digital environment a new front for espionage, foreign jurisdictions have been busy trying to kick down Australia's digital doors.
During the pandemic, cybercriminals swooped on unsuspecting organisations to probe for IT vulnerabilities, especially all government levels.
QAnon adherents, anti-government militias, sovereign citizens and jihadist and white supremacist groups have co-opted emerging communication technologies in a way that has security agencies such…
Professor Chris Leckie and his colleagues rarely find themselves struggling for inspiration when it comes to research projects. “I often joke that cybersecurity is a…
We've gone remote very, very quickly. Digital security takes a long time to implement securely but we've been forced to do it quickly.
The COVID-19 pandemic accelerated demand for cloud technologies as the private and public sectors rushed to update the delivery of urgent services and ensure continuity.
Government adoption of cloud services has historically moved slowly. That’s changing as agencies look to adopt more digital-first agendas.