Vietnam has no choice but to counter China’s cyber thuggery

By Duong Ngoc Thai   June 2, 2020 | 07:12 am GMT+7

In May 2011, international hackers’ forums heated up when the essential cable system of Vietnamese hydrographic research vessel, Binh Minh 2, was wrecked in our waters by Chinese vessels.

Duong Ngoc Thai

Duong Ngoc Thai

It marked an important milestone in the Vietnam-China dispute over territorial waters.

In the event’s aftermath, unofficial, capricious Internet-based attacks of both sides were launched, aiming to hack the other nation’s important websites, which provoked heated online debates among the Vietnamese public on its pros and cons.

These debates, despite having conflicting arguments, were all dense with concern about Vietnamese national interests.

After a few weeks of cross firing between Vietnamese and Chinese hackers, both the cyberspace warfare and the wrecked-cable incident cooled down, but not without casualties on Vietnam's side.

Among the Vietnamese casualties, the two most significant ones were the database deletion of one major news agency and the display of the Chinese national flag on one Vietnamese governmental website.

This online hacking, despite its whimsical nature, indicated a possible paradigm shift in the fight to protect national sovereignty from physical conflicts to cyberspace wars. In other words, cyberspace would be a major battlefield in Vietnam-China territorial disputes.

The cyberspace battlefield, in my opinion, would not be flashy and whimsical anymore, but would become cold and relentless. Joining forces would not only be the unofficial tech-whiz youngsters, but also the professional hacking army keeping its cool and focus on for long-term strategic intents.

High stakes

With this possible increase in online combatants' size and severity, casualties would rise over the website-crashing level. Instead, damage would be measured by the amount of valuable espionage achieved - stolen information on political, economical and defense issues, which would create tremendous leverage in bilateral diplomatic relations and conflicts.

Despite the lack of official governmental acknowledgement, there was proof of existence, from the early 2000s, of a Chinese cyberspace task force, identified as the 61398 Unit by U.S. government agencies and many independent researchers. It allegedly operates from a building in Pudong, Shanghai, infiltrating other nations’ governmental, defense contractors and private technological corporations for Chinese espionage.

In a 2013 76-page report on an APT1-coded group of hackers, also known as Comment Panda, American cybersecurity firm Mandiant concluded that APT1 hackers were a part of the Chinese cyberspace unit. The report also pointed out that from 2006, ATP1 hackers had infiltrated at least 141 companies from 20 different industries to steal technological patents.

Despite the hardship of tracking Internet-based attacks, Mandiant managed to trace 97 percent of APT1 connections back to Internet IP addresses in Shanghai, with systems designed using Mandarin. The investigation even managed to bypass APT1's security system to film one working session of the hackers.

Furthermore, Mandiant shared the image of 61398 building and publicly identified a few of APT1 hackers, with five suspects prosecuted by a U.S. court in absentia for stealing trade and industry secrets from U.S. companies and organizations. The FBI then issued arrest warrants against the five, also provided pictures of the suspects, with two wearing Chinese military uniforms.

Similarly, in 2015, a top-secret document about the 2009 Operation Byzantine Hades of U.S. National Security Agency (NSA), released by Germany’s Der Spiegel news agency, thanks to information from Edward Snowden, provided links between APT1 and 3PLA, the Third Department of the General Staff Department of Chinese People’s Liberation Army. 3PLA is the national signals intelligence authority, roughly comparable to the U.S. NSA.

The findings were seconded by many other Internet-security providers’ private research on the Chinese cyberattack unit, whose targets, besides many Western nations, included Vietnam, especially at sensitive moments regarding the Vietnam-China maritime territorial dispute.

A developer works on a laptop and a computer. Photo by Shutterstock/ProStockStudio

A developer works on a laptop and a computer. Photo by Shutterstock/ProStockStudio.

This Chinese cyber aggressiveness was most clearly displayed in a July 2016 incident in which the operating systems of HCMC’s Tan Son Nhat Airport, Hanoi’s Noi Bai Airport and Vietnam Airlines were hacked by a small group called "1973cn", showing messages propagating China’s claims with the infamous "nine-dash line", while publishing online the private information of over 41,000 Vietnam Airlines’ customers.

The China-sourced cyber attacks against Vietnam could be traced back to 2012 against many governmental agencies, including PetroVietnam, Vietnam News Agency and Vietnam Posts and Telecommunication Group, with proof provided by ThreatConnect and Dell SecureWorks, confirming the link to Chinese hackers.

In 2014, when China sent the HD-981 oil rig into Vietnamese waters, Vietnam governmental agencies were again attacked by "unconfirmed" hackers, as recorded by ThreatConnect and ESET. The attack was launched specifically at the Vietnamese Ministry of Natural Resources and Environment, possibly targeting the ministry’s maritime reports.

In late 2018 and 2019, two separate Internet security providers, CrowdStrike and Anomali, provided proof of attacks against Vietnamese border offices by Chinese "Mustang Panda" hackers.

These attacks showed worrying signs of Vietnam’s lack of cybersecurity preparedness. It also made a simple fact clear: Vietnam cannot be a cybersecurity strong nation, if it cannot engage in and protect itself in cyber warfare.

In response, OceanLotus, a Vietnamese group of hackers, launched many espionage activities to promote Vietnamese interests. Such retaliation from Vietnam, in my view, is necessary, given the context of all nations engaging in espionage activities.

However, Vietnam should draw a clear line between different espionage activities, from political information-gathering to industrial theft.

We should not copy the rogue cyberspace behavior of our neighbor China, which is believed to have accumulated wealth rapidly by stealing intellectual patents from the U.S., worth up to $400 billion per year according to a former NSA director. China also uses cyber weapons to enforce authoritarian control domestically.

Cyberspace will be the 21st-century battlefield, with hackers being both the weapons and the soldiers. Using these resources efficiently to develop the economy and protect the nation’s sovereignty while maintaining its moral integrity is going to be a vital challenge for Vietnam.

*Duong Ngoc Thai is cybersecurity engineer at Google. The opinions expressed are his own.

 
 
go to top