Microsoft Exchange hack helps to bring cyberfighters together
• But the worry is that even if the global watchdog is getting bigger it is still toothless — for now
The last app I check before bed — no matter how bad I know the habit is for me — is almost always a news app. This is part of the downside to being an occasional news junkie, and I highly recommend not following my example.
Nonetheless, I seem to like to throw the dice on matters such as, “Should I sleep or should I lie here fretting for the next five hours?” And, I confess, it’ sa habit that has become much worse in the past year or so for all of the obvious reasons.
So I was in bed and checked out for the day when I saw the BBC’s top headline on the evening of July 19: “China accused of cyberattack on Microsoft Exchange servers”.
I mention the setting so I can blame my sleepiness for my first thought, which was, “How is that news?” Needless to say, I lost no time to fretting about this that evening.
It was only in the clear light of day that I had the wherewithal to remind myself of what we did and didn’t know when news of this Exchange hack was reported back in March 2021. At the time, Microsoft’s Threat Intelligence Center claimed “with a high degree of confidence” that a Chinese hacking group — called Hafnium — was behind this major breach, but US government statements were more circumspect, promising the ubiquitous further investigations.
Still, the attack was big news for a lot of reasons, chief among them the sheer reach of Microsoft’s Exchange service. By exploiting its vulnerabilities, the group not only lays claim to millions of employee data points as hundreds of thousands of enterprises use this tool, but also opened the gates for more nefarious actors to follow. The BBC’s sources termed it “a shift from a targeted espionage campaign to a smash-and-grab raid”. That’s probably a very accurate description, but — ouch — it’s harder to write after the week SA has had, facing down real-world raids armed with little more than cooking oil.
Speaking on Kiwi radio Newstalk ZB, strategic analyst Paul Buchanan used the analogy of “a ram-raid or smash-andgrab operation where Chinese state hackers shared the vulnerability with criminal entities, much like the Russians do”. These claims were disputed by Chinese sources, who said that the country “firmly opposes and combats cyberattacks and cyber theft in all forms”, and this latest claim has been just as swiftly denied.
What is interesting, though, is the escalation in global cooperation on this front. I can’t think of another instance of cybercrime that saw statements from Nato, the EU and others, all co-ordinated for release alongside the statement from the Biden administration. Also jumping in as heavyweight backup are Australia, New Zealand, Canada and Japan.
The White House statement specifically calls out the People’s Republic of China’s “pattern of irresponsible behaviour in cyberspace”, arguing this is “inconsistent with its stated objective of being seen as a responsible leader in the world”.
On the matter of who hacked whom, and with whose tacit backing, these statements really don’t go much further than what was already widely claimed in March. And it is noted that the parties stopped short of imposing sanctions or expelling Chinese diplomats, which were among recent retaliations against Russianstate sponsored hacks.
They haven’t ruled out the possibility of action, of course, but the worry here is that even if the watchdog is bigger, he’s still toothless for now. Several analysts have suggested the lack of sanctions reflects the extent of the economic and trade power China has amassed around the world, making it hard for any single state to wage the battle alone. It also makes it harder for the Biden administration to demand collaboration from China on matters of climate change and curbing emissions while remaining “tough” on cyberespionage and campaigns. However, the language used by these global alliances and powerhouse states is making it clear that the stakes of cybercrime and cyber-based interference campaigns is escalating. Nato has, in fact, included cyber defence as part of its “core task of collective defence”.
The implications of the joint condemnation must surely be, “Don’t mess with us, we have the numbers ”— and the implied threat of using those numbers in co-ordinated exclusions of China from the global playground in the future.
CHINESE STATE HACKERS SHARED THE VULNERABILITY WITH CRIMINAL ENTITIES, MUCH LIKE THE RUSSIANS DO
IT IS NOTED THAT THE PARTIES STOPPED SHORT OF IMPOSING SANCTIONS OR EXPELLING CHINESE DIPLOMATS