Delicate diplomatic dance over hack
It is difficult to see how Christopher Luxon could have handled the China spy challenge any better. Some would have wanted a greater show of baying for blood after it was revealed that hackers (labelled APT40) linked to China’s Ministry of Security had breached New Zealand’s parliamentary network.
But it was an internationally orchestrated response to a persistent problem faced by many countries going back many years. It was not a sudden response to a recent breach.
The response was led by Britain, which revealed last year that its Electoral Commission had been hacked by a China-linked group called APT31, and yesterday that four Members of Parliament critical of China had also been hacked.
And the United States has identified and charged seven individuals connected to the hacking of government officials, politicians and US companies over many years.
Australia applauded the UK move, said the behaviour was unacceptable and had to stop.
New Zealand’s response was proportionate and well explained by the Prime Minister. It required delicate diplomacy and he delivered.
Minister of Defence Judith Collins issued a statement backing the UK and the US and revealing that an attempt had been made on parliamentary computers.
Luxon could have made a bigger deal about it and behaved like a bigger country by making a statement to Parliament or calling a press conference but that would have invited a diplomatic crisis. His response was designed to show that New Zealand will not roll over and have its tummy tickled by China and
Christopher Luxon meets China’s Foreign Minister Wang Yi at the Beehive last week. pretend nothing has happened.
But it was also the response of a small country that is more vulnerable to reprisals by China than its bigger brothers in the Five Eyes intelligence network.
The egregious offence was hacking specifically into the Parliamentary Service network and the Parliamentary Counsel Office back in 2021. It sounds a little more benign than it actually is.
The Parliamentary Service network houses the Government’s computer network as well. So the hack may well have been targeted at the Government, rather than the administrators of Parliament, the Parliamentary Service.
According to New Zealand’s security agencies, the hackers did not get any sensitive information before they were detected. But as Luxon said yesterday, it was the first time one of New Zealand’s democratic institutions had been targeted so it was not nothing.
Of course, the Chinese deny it — they would say that, wouldn’t they?
The statement by a Chinese embassy spokesman implies New Zealand is being manipulated by Five Eyes partners.
The breach happened back in August 2021, not long after Andrew Little, as Minister of New Zealand’s GCSB, had called out a similar intrusion into a private sector entity by a China-linked actor.
Because the stakes were so high, New Zealand needed to be 110 per cent sure of where the hack had come from. And that is definitely information New Zealand would share with Five Eyes partners.
When Britain invited New Zealand to join a co-ordinated response to an ongoing problem, it agreed on the grounds of principle. But it did so in a way that attempted to protect New Zealand’s interests.