In an effort to enable the emperor to experience the grandeur of his kingdom and the world without ever having to leave his palace, an extensive living theatre spanning 800 acres was meticulously crafted. The Garden of Eternal Brightness boasted an array of stunning features, including the temples of Tibet and Mongolia, the serene gardens of Hangzhou, and a bustling street scene brought to life by actors portraying shopkeepers, entertainers, and beggars. The Western gardens, created by Jesuit missionaries, showcased opulent faux-baroque palaces and monuments modeled after some of Europe's most magnificent architectural marvels.
However, in 1860, the tranquility of the Garden of Eternal Brightness was shattered when French and British armies invaded Beijing and ransacked the imperial grounds, making off with invaluable treasures and even a beloved Pekinese dog they dubbed "Looty." More than a decade ago, in 2013, Chinese President Xi Jinping, upon assuming power, led a group of top officials on a museum tour that chronicled these events, highlighting the Communist Party's unique ability to safeguard China's independence.
In the summer of 2018, Ding Xiaoyang received a medal at the Ministry of State Security's headquarters, located on the western ruins of the once magnificent Garden of Eternal Brightness. Ding was being honoured for her contributions as an intelligence officer. According to US prosecutors, Ding had recruited and employed skilled computer hackers through a front company called Hainan Technology to infiltrate foreign entities and steal sensitive information, including trade secrets and proprietary research.
The Ministry of State Security, China's principal intelligence agency, directed its efforts towards obtaining cutting-edge research in biotechnology, robotics, and applied physics from universities and industrial conglomerates, among other targets. These covert operations were authorised by Xi Jinping, who was determined to ensure China's "great national revival."
Not The Roses You Want
The All India Institute of Medical Sciences (AIIMS) has been struggling to recover from a devastating ransomware attack for over two weeks now. According to reports, the attack was perpetrated by a sophisticated malware developed by Chinese intelligence-controlled hacking networks. The identity and motives of the attackers remain unclear, but it's suspected that they could be driven by financial gain, political signalling, or even blackmail. Nevertheless, the incident underscores the glaring vulnerability of India's digital infrastructure to cyber threats.
The attack is believed to have originated from a nondescript one-room tenement in Sichuan province, where Tan Dailin, also known as 'Wicked Rose,' and his group of technically-savvy friends, including Tiang 'Blackfox' Lizhi, Qian 'Squall' Chuan, Fu 'StandNY' Qiang, and Zhang Haoran, an independent hacker, began targeting computer networks worldwide. Driven by a desire for adventure and profit, the group exploited vulnerabilities in computer systems with ease, wreaking havoc on their unsuspecting victims.
As US prosecutors noted in 2019, the hacking network expanded its operations to target over 100 companies worldwide in the coming years. They employed various tactics such as demanding ransom, selling stolen data to competitors, and even engaging in ‘cryptojacking’ by hijacking networks to mine cryptocurrencies.
Tiang and his friends formed Chengdu 404, a company that specialised in network security tools, data analytics, and mobile phone forensics. Chengdu 404's product, SonarX, was highly popular among its clients as it enabled them to gather and analyze open-source data sourced from social media posts. However, Chengdu 404 kept their star product, Advanced Persistent Threat 41 (APT41), under wraps. This hacking group enabled them to exploit vulnerabilities in targeted networks, making it a highly valuable asset.
Chengdu 404, like many of its peers, boasted about its partnerships with public security agencies, the military, and military enterprises, all while proclaiming its commitment to the patriotic cause. Tiang, one of its key members, even went as far as to reassure a freelance hacker that Chengdu 404 had excellent ties to China's intelligence services, which would ensure protection from any legal consequences.
Investigators from the Federal Bureau of Investigation (FBI) discovered that Advanced Persistent Threat 41 (APT41), Chengdu 404's hacking group, was responsible for compromising foreign government computer networks in India and Vietnam. However, the target of the attack on India has never been disclosed.
The vulnerability of India's digital infrastructure to foreign cyber-attacks was once again laid bare in 2021 when a cyber-espionage ring, dubbed RedEcho by cyber-research firm Recorded Futures, targeted Indian power infrastructure during a crisis. While the government claimed to have detected the attacks and prevented any damage to critical infrastructure, subsequent attacks have continued, expanding to include power-sector targets across northern India.
The Universal Race
Throughout history, nation-states have engaged in espionage to gather secrets from other countries. The US and the United Kingdom pioneered electronic intelligence-gathering in the computer era, carrying out 231 offensive cyber-operations in 2011 alone, according to documents leaked by former National Security Agency (NSA) official Edward Snowden. Similarly, the Stuxnet attack on Iranian nuclear centrifuges in 2010, attributed to Israel, significantly delayed the country's nuclear programme without resorting to military action.
Despite the FBI's exposure of Chengdu 404, the Ministry of State Security continued its attempts to penetrate key institutions in the US using custom malware codes like Murkytop and Baldflick. Investigation records suggest that in most cases, the attackers used simple methods such as phishing emails to lure unsuspecting users into installing malware.
Less powerful nations can benefit greatly from an offensive and aggressive cyber-capability, as scholar Magnus Hjortdal has noted. China's cyber deterrence is a strategically intelligent solution that is relatively cheap compared to a full-scale conventional military. Russia also works closely with cybercriminals, offering impunity in return for intelligence cooperation.
In 2019, North Korean hackers were discovered to have targeted Indian nuclear secrets. The hackers specifically targeted laptops belonging to Anil Kakodkar, the former chief of the Bhabha Atomic Research Centre, and S.A. Bhardwaj, the former head of the Atomic Energy Regulatory Board. Before launching the attack, the North Korean hackers conducted extensive digital surveillance to identify the two laptops with internet and internal system access.
However, India is not a passive victim in the ongoing cyber war. According to IT security company Trend Micro, an Indian hacking network named Sidewinder has launched multiple attacks on military and government targets in China, Pakistan, Nepal, and Bangladesh. Another research firm, Lookout, has claimed that Indian hackers used a new Android tool to infiltrate networks in China and Pakistan.
We Stand Unprepared
The attack on AIIMS in India highlights a concerning gap in the implementation of India's cybersecurity measures, despite long-standing awareness of the country's vulnerabilities to offensive cyber operations. Earlier this year, there were attacks on petrochemical infrastructure, which led to the National Security Council Secretariat hosting a boot camp aimed at simulating a full-scale cyber assault on critical infrastructure. However, the exercise in April failed to effectively convey the message throughout government institutions, leaving India exposed to cyber threats.
The vulnerabilities of computer networks are not a new phenomenon. As early as 1994, teenager Richard 'Data-stream Cowboy' Pryce broke into NASA's database, and in 1998, two California schoolchildren succeeded in penetrating the US Department of Defense computer networks. Addressing these vulnerabilities requires significant resources, as China has demonstrated by planning to set up at least four full-scale cybersecurity institutions to train its personnel. However, India continues to struggle with a shortage of cybersecurity experts, and the structure of public-sector organisations does not lend itself to attracting top talent.
India's reliance on networks for its progress is growing rapidly, and the potential damage caused by successful cyber attacks is escalating. The attack on AIIMS serves as a warning of the future costs of neglecting the necessary investments in cybersecurity today. As technology advances, cyber threats will continue to become more sophisticated, and the consequences of a successful attack could be devastating. It is imperative for India to prioritize cybersecurity measures and allocate sufficient resources to address this pressing issue before it's too late.
(Views expressed are the author's own and do not reflect the editorial stance of Mission Victory India)
For more defence related content, follow us on Twitter: @MVictoryIndia and Facebook: @MissionVictoryIndia
