Once again Chinese hackers attack a foreign trade delegation in an attempt to unlock trade secrets and other confidential information. This time they did not target the US or the UK, but one of their NATO allies, Belgium.
When in China…
Western countries have long accused China of cyber-espionage. In an attempt to gain a competitive and strategic advantage in the lead up to, during and post trade missions, Chinese attackers typically probe both companies of interest and government departments.
Prior to the start of the trade mission, the China Daily commented that “Belgium was looking for closer economic ties with China given the upcoming largest-ever business mission which will visit the country as Europe and China make headway in trade relations.”
While cyber-espionage is certainly not new, the question remains as to how substantial the level of governmental involvement is. The size of China’s “hacker army” is estimated to be anywhere from 50,000 to 100,000 individuals. All the same, the Chinese government routinely denies accusations. The recent attack on the Belgian trade mission, however, may say otherwise.
135 Cyber-Attacks per Hour
European cyber security expert Secutec, who advises the Belgian authorities on cyber security and traveled to China with the delegation, recorded 135 attacks per hour on Monday afternoon alone. The attacks were carried out using botnets. This is not an unusual technique, but the sheer number of attempts took the expert and Belgian delegates by surprise.
Both Secutec and Belgian Foreign Affairs confirmed that they were well prepared. In anticipation of the trade visit, the Belgian State Security also released a Security Passport for Belgians travelling abroad for business. Recommendations included being cyber aware and taking cyber safety measures when abroad, such as using a VPN connection and encryption.
Precautions Part of Every Trade Mission
“We are aware of the problem”, a Belgian Foreign Affairs spokesperson commented on Saturday in the Belgian press. “It’s part of every mission now. We take precautions in consultation with security services and security companies.”
Ministers and Princess Astrid of Belgium, who was leading the Belgian trade mission to China, had been briefed. Burner phones were used. Participating businesses were notified through regional trade agencies and business federations.
These measures are not being taken just for China but are also being used with other missions. The advantage this time, was that the Belgian delegation only stayed in the country for a few days. Hackers had no time to hide behind complicated constructions and had to go full steam ahead.
Honey Pot Method
During the journey, Secutec employed the honey pot method, using a number of laptops – some heavily protected, others less so– to identify the nature of the attacks. The company soon noticed that several servers were systematically attempting to break in.
The fact that there were mobile masts around the hotel in Beijing where the delegation was staying, and that all mobile traffic went through exactly the same network, also raised alarm bells.
“It is difficult to find out exactly who is behind the attacks”, Secutec shared. IP addresses are pointing in certain directions, possibly Chinese state security. Secutec fears some of the participating companies may have underestimated the potential risk and advices everyone to reset their devices upon return and to change and use secure passwords.
Emerging Technologies Pose an Even Bigger Threat
In its report “Cyber-Threat Predictions for 2020”, cyber security company Cyfirma revealed that trade wars would fuel cyber-attacks, with more nations adopting cyber warfare capabilities.
The company also predicted that emerging technologies like 5G and AI, the Internet of Things (IoT), autonomous critical infrastructure, cryptocurrency, the Cloud, Virtual and Augmented Reality and drones would subject government and businesses to greater cyber risks.
In line with these developments, government and businesses must adopt a much more proactive approach.