PH wary of Chinese state-backed hackers

The Philippine government is mindful of the security risks brought about by increased Chinese control of its infrastructure and the reported Chinese state-backed hackers’ cyber attacks and other threats around the world.

A security company based in the Netherlands called Fox-IT reported in December that a hacking group with links to the Chinese government remained active –quietly targeting companies and government agencies for the last two years. The hackers, likely belonging to a group known as APT20, were harvesting private data after stealing passwords and circumventing two-factor authentication processes designed to prevent such attacks.

The security company said that the group’s attacks extended to 10 countries including the US, the UK, France, Germany and Italy.  The Chinese hackers carried out their international espionage campaign against industries including aviation, construction, finance, health care, insurance, gambling and energy.  

In the Philippines, the threat level remains high as various industries and military installations are susceptible to Chinese spying and control. Defense Secretary Delfin Lorenzana, for instance, warned last year that Philippine offshore gaming operators which largely employ Chinese nationals may shift their operations to spying.

“It’s very easy for these people to, probably, shift their activities to spying, kung mayroon man mageespiya [if anyone is spying.] So mabilis lang [it’s just fast,]” Lorenzana told reporters in an interview.

This was echoed by National Security Adviser Hermogenes Esperon Jr. who expressed apprehension that the influx of Chinese workers in the country could pose as a national security threat.

“Kung ako ang tatanungin mo bilang [If you ask me as] national security adviser, I have the tendency to look at it as a threat,” National Security Adviser Hermogenes Esperon Jr. said in a media briefing.

The Philippine military’s deal with Dito Telecommunity, allowing the China-backed telco to build cell sites in its camps and bases, also raises the risk of China mining Filipinos’ data—independent experts said.  A military risk analysis of its co-location deal with Dito found that electronic and radio frequency eavesdropping, interception and jamming are among “highly likely” risks.

To add to these, the Philippines’ power grid is said to be under the full control of the Chinese government and could be shut off in time of conflict.  This is according to an internal report prepared for lawmakers and seen by CNN.

China’s State Grid Corp. has a 40-percent stake in the National Grid Corporation of the Philippines, a private consortium that has operated the country’s power lines since 2009. Concerns over potential Chinese interference in the Philippine energy system have persisted since the arrangement was first agreed to a decade ago.

Lawmakers have already called for an urgent review of Chinese influence on and involvement in Philippine gaming, as well as in its telecommunications and power sectors. 

In the US, prosecutors charged two Chinese nationals in December 2018 for stealing volumes of intellectual property, security clearance details and other records from companies.  This operation, allegedly backed by China’s intelligence services, spanned several years and is considered one of the largest corporate espionage efforts ever.  

Hackers gained access to systems through cloud service providers where companies thought data was securely stored.  Investigators first identified traces of the hack, called Cloud Hopper by security researchers, in 2016.

A Wall Street Journal investigation has found that the attack was much bigger than previously thought, going way beyond the 14 unnamed companies listed in the indictment, spanning at least a dozen cloud providers, including CGI Group, one of Canada’s largest cloud companies; Tieto Oyj, a major Finnish IT services company; and International Business Machines.

US government agencies, including the Justice Department, have begun to worry about their own potential exposure, and whether the attacks have positioned the Chinese government to access critical infrastructure, current and former US officials said.