Pushback against cyber theft
A Chinese state-sponsored cyber attack has targeted sensitive intellectual property and commercial data of global technology companies, some within New Zealand.
The Government Communications Security Bureau (GCSB) has joined its American and British counterparts in announcing established links between the Chinese Ministry of State Security and a global campaign of cyber-enabled commercial intellectual property theft.
‘‘This long-running campaign targeted the intellectual property and commercial data of a number of global managed service providers, some operating in New Zealand,’’ the director-general of the GCSB, Andrew Hampton, said.
Targeted companies, known as ‘‘managed service providers’’, provide clients with telephone, internet and emailing services.
There were fears the statesponsored hackers may have ‘‘high level access’’ to their client’s networks, the bureau said.
Hampton said the GCSB became aware of the prolonged campaign in early 2017, and the National Cyber Security Centre had been working with the targeted New Zealand companies for some time.
The cyber security centre – a branch of the GCSB designated to work with New Zealand’s nationally significant public and private sector companies – had been providing advice to protect those networks since the campaign was detected.
‘‘We also engaged with New Zealand subsidiaries of the targeted managed service providers to assist in their response,’’ Hampton said.
Meanwhile, British officials have labelled it one of the most advanced and aggressive cyber incursions to date, which has targeted economies, trade secrets and defence organisations across a number of countries.
Two Chinese nationals have reportedly been charged in the United States over it.
A US indictment has accused Chinese hackers of obtaining unauthorised access to the computers of at least 45 entities, including commercial and defence technology companies and US government agencies such as Nasa and the US Navy.
Given the difficulties in locating the exact origins of any cyber attack, it was relatively rare for a spy agency to attribute an attack to another country. However this comes as increasing pressure is applied against China from the Five Eyes intelligence nations, which includes New Zealand.
The other Five Eyes nations are the US, Canada, Britain and Australia. It was recently revealed that the Five Eyes intelligence sharing network had worked up a campaign to foil Chinese tech company Huawei, which has long been suspected of being under the thumb of the Chinese Government.
The GCSB recently announced its decision to block Huawei from providing its hardware to New Zealand company Spark to build a planned 5G network.
Canadian authorities have also arrested Huawei’s chief financial officer Meng Wanzou, on the request of the US, over alleged breaches of Iran sanctions. That has sparked a tit-for-tat retaliation, with three Canadians so far detained by Chinese authorities.
Hampton said the Chinese hacking activity was ‘‘counter to the commitment all Apec economies, including China, made in November 2016’’. ‘‘Apec economies agreed they should not conduct or support ICTenabled theft of intellectual property or other confidential business information, for commercial advantage. New Zealand is committed to upholding the rules-based international order, and today joins likeminded partners in expressing that such cyber campaigns are unacceptable. The GCSB has worked through a robust attribution process in relation to this campaign.
‘‘Around a third of the serious incidents recorded by the cyber security centre can be linked to state-sponsored actors. This ongoing activity reinforces the importance of organisations having strong cyber security measures across their supply chain,’’ Hampton said.
‘‘New Zealand is committed to upholding the rulesbased international order.’’ GCSB directorgeneral Andrew Hampton