The investigative exposé by The Indian Express (IE) team on its lead story of 14 September 2020, regarding a Chinese company hacking into the digital space of over 10,000 Indians including all our decision-makers and leading players in the political, economic, social and cultural (including sports) sphere of the country, should indeed be a wake-up call to our Intelligence and Security agencies.
Coming as it does in the backdrop of skirmishes and continued tension on the India- China border this should be alarming, as the purpose of this exercise is clearly malevolent and portends a planned ‘war on multiple fronts’. This exposes not the amorphous and thinly-defended physical border, but the sacred private space that’s so jealously guarded from surveillance by our own agencies.
Targeting Of China Watchers In Washington & Surveilling US Navy Among Others
On the same day, The Washington Post carried a story that a small company called Shenzen Zhenhua Data Technology had been systematically collecting data since 2017 of more than 2 million people, including at least 50,000 Americans and tens of thousands of people who hold prominent public positions.
The data included biographies and service records of aircraft carrier captains and up-and coming officers in the US Navy, real-time tweets originating from overseas US military installations, profiles and family maps of foreign leaders, including their relatives and children.
Records of social media chatter among China watchers in Washington too were targeted.
These digital crumbs, along with millions of other scraps of social media and online data, were left unsecured on the Internet and retrieved by an Australian cybersecurity consultancy. The cache called the Overseas Key Information Database or OKIDB purports to offer insights into foreign political, military and business figures, details about countries’ infrastructure and military deployments and public opinion analysis, wrote the Post.
- Zhenhua Data Information Technology Co is an outsourced private company working as a proxy for the Chinese Intelligence and Security agencies.
- Outsourcing such sensitive tasks gives two great advantages: a) one of deniability of links to the State; b) an enormous flexibility in autonomy of operation and ownership.
- Such firms like Zhenhua legitimise themselves by providing employment to locals and offering skill development to the youth in under-developed eco-systems.
- We are all aware that in the past, the Chinese State agencies targeted our topmost government offices such as the PMO, NSA’s office, R&AW Headquarters, IB Headquarters, Military Headquarters, etc.
- But the scale of operations of this so-called ‘private’ company, namely, Zhenhua, is truly mind-boggling, and reveals an entirely different strategy.
How Do Companies Like Zhenhua Operate?
From a reading of both the news stories, the following points emerge:
- Firstly, this company, called the Zhenhua Data Information Technology Co, is an outsourced private company working as a proxy for the Chinese Intelligence and Security agencies. Outsourcing such sensitive tasks gives two great advantages: a) one of deniability of links to the State; b) an enormous flexibility in autonomy of operation and ownership. Funds though may still be coming in from the State, routed through disguised channels.
- Secondly, it is based in 20 different countries, again with several front companies innocuously known as ‘data collection centres’. Since the registration of a company does not normally require as to what kind of data is collected and the purpose of its intended use (and this can always be masked), it is hardly difficult to set up ‘data centres’. Think-tanks and NGOs are the best front companies for such use, though one should not draw all think-tanks and NGOs with a broad brush and delegitimise their activities.
- Thirdly, setting up such centres within the host country gives enormous advantages as it escapes the need to go through ‘gateways’ and ‘firewalls’ that are normally set-up at entry points in the cyber space of a country. Once a company is inside, it uses local service providers which makes detection of its functioning all the more difficult.
- Fourthly, such firms legitimise themselves by providing employment to locals and offering skill development to the youth in under-developed eco-systems. As their tasks are atomised and fragmented, the rank and file workers may be completely unaware of what they are doing. Clearly we have no idea how many Chinese companies presently operating in India are involved in this kind of data collection.
- Fifthly, the potential power of big data has been a long-standing concern for privacy advocates and governments alike. Large-scale open-source collection is routinely undertaken by most government agencies, ‘but open-liberal democracies must consider how best to deal with very real threats by Chinese monitoring foreign individuals outside established legal limits’ as one Australian analyst puts it.
Chinese Surveillance & Its Widespread, Devastating Effects
We are all aware that in the past, the Chinese State agencies targeted our topmost government offices such as the PMO, NSA’s office, R&AW Headquarters, IB Headquarters, Military Headquarters, etc.
But the scale of operations of this so-called private company is truly mind-boggling, and reveals an entirely different strategy.
In the earlier scheme of things, they directly hacked our policy-making bodies, hoping to secure operational and actionable intelligence. Today, by targeting retired NSAs, nuclear scientists, generals, civil servants, businessmen, industrialists, editors, journalists, NGOs and think-tanks, they have spread the net so far and wide that they would be able to know the entire gamut of thinking of our elite, the chatter in their mail box, in their WhatsApp groups with friends and relatives that would certainly not be available in the open media space.
This is far more pernicious and could be used with devastating effect, especially because if they can listen in, they can also mute you and distort your thoughts and purvey them to others.
This elite are the custodians of the ‘Mood of the Nation’. They are the consensus-builders around policies or the builders of opposition to it. To know their minds would be so useful to enemy agents for they can then twist the consensus and polarise our society. Spreading disaffection in enemy country is as old as Chanakya Niti. Only now the most effective tools are available for the State.
We are aware of the enormous advances made by China in tools of surveillance but quite complacently thought it was only meant to control its own population.
Most countries, including liberal democracies, took its wanton disregard of human rights of its citizens and the ‘Gulag’ of Uighurs as part of its system of governance. The totalitarian state was not considered an existential threat outside its borders but now the world has changed. If it can do to its citizens, it can do the same to your citizens as well.
How To Fight Chinese Surveillance?
With the pervasiveness of the digital media around us, one may be driven to despair at its omnipotence. Nevertheless, there are three ways to fight it:
- Firstly, we must put in place a robust Data Protection Policy, presently in the draft stage, to ensure regulation and supervision on the functioning of data centres.
- Secondly, minimise enemy’s reach and extent by detecting and disabling it. This is easier said than done. It requires deployment of enormous trained manpower and education of all of our elite not to use certain apps (the banning of 100 Chinese Apps does not seem to have blunted this enterprise at all), and not to discuss sensitive subjects on social media. The good old system of talking face-to-face, or sending handwritten messages without the medium of an electronic interface, seems the best option. This is what Osama bin Laden relied upon when he was under constant surveillance by the US forces. But that is becoming more and more difficult due to COVID-19, and as the world turns to Zoom and Google meetings and WhatsApp chats.
- The third option is to build similar counter-attack capabilities. This requires lots of funding and trained manpower again. We do have some capabilities, but certainly nothing on the scale of Zhenhua Data Technology Co. Here, we must note that democracies have a distinct disadvantage compared to totalitarian systems.
Or we can shrug and simply say, ‘what’s the big deal if the Chinese come to know of our chatter? Our policies are made by TV anchor men on news channels anyway.’
(Ravi Joshi was formerly with the Cabinet Secretariat and is now a Visiting Fellow at the Observer Research Foundation. This is an opinion piece and the views expressed above are the author’s own. The Quint neither endorses nor is responsible for the same.)