China denies Mekong hacking
As the US and its allies joined hands last week to expose what they allege to be China’s Ministry of State Security’s malicious cyber activities around the world, the attention also turned to Cambodia with the US Department of Justice claiming that four Chinese hackers stole data concerning the Mekong River from a Cambodian ministry in January of 2018.
The US justice department issued a press statement on July 19 accusing four Chinese nationals of involvement in a “global computer intrusion campaign targeting intellectual property and confidential business information, including infectious disease research”.
According to the prosecutor’s indictment filed with the court in the southern district of California, the four members of the conspiracy had infiltrated the network of a “Cambodian government ministry” in January 2018 and stole data pertaining to discussions between the Chinese government and Cambodia over use of the Mekong River.
The document states: “On or about January 10, 2018, the same day that the PRC [People Republic of China] was engaged in discussions with multiple countries, including Cambodia, concerning use of the Mekong River, members of the conspiracy stole data from a system operated by ‘Cambodian Government Ministry A’ pertaining to those discussions, and stored that data at DOMAIN 6, where it was protected with the password “goodperson”.
Although the indictment said the conspiracy also recruited Cambodian linguists to translate the data, it did not elaborate on what the stolen data was specifically about.
On January 10, 2018, Cambodia hosted the second Mekong-Lancang Cooperation (LMC) meeting in Phnom Penh under the theme Our River of Peace and Sustainable Development.
The meeting was co-chaired by Prime Minister Hun Sen and Chinese Premier Li Keqiang and attended by the leaders of the Mekong countries including Lao Prime Minister Thongloun Sisoulith, Thai Prime Minister Prayut Chan-o-cha, Vietnamese Prime Minister Nguyen Xuan Phuc and Myanmar’s Vice President Myint Swe.
On July 22, wire service Reuters reported the indictment and quoted unnamed sources who claimed that the hackers had stolen data from the Ministry of Foreign Affairs and International Cooperation.
Reached on July 25, foreign ministry spokesperson Koy Kuong said the ministry was looking into what was being reported.
Ministry of Posts and Telecommunications secretary of state So Visothy said on July 23 that his ministry has no comment regarding whether the hacking took place, what data was stolen and whether it had any importance.
Ministry of Water Resources and Meteorology spokesman Chan Yutha could not be reached for comment on July 25.
US embassy spokesman Chad Roedemeier declined to comment on the matter, referring reporter to the US court indictment and the press release issued by the White House.
The Chinese embassy in Phnom Penh on July 22 firmly denied the accusation that four Chinese hackers from the Ministry of State Security had hacked and stolen Mekong data from a Cambodian ministry.
“China has been solidly opposing and combating cyber attacks of all forms. China never does [these attacks] nor will it encourage, support or condone cyber attacks. As a matter of fact, the United States is the largest source of cyber attacks in the world.
“US wiretapping and surveillance know no bounds, not even its ‘allies’. On the issue of cybersecurity, the US has long forfeited the last shred of credibility. Trumping-up charges, projecting their guilty conscience onto others, and sowing discord everywhere is nothing but a case of ‘the emperor’s new clothes’ – [it is] worthless misinformation and self-deceit,” the embassy said.
The Chinese embassy also took aim at Reuters for reporting what it called the “unwarranted accusations of the US Justice Department”. The Reuters’ article, the embassy said, is based entirely on fabrications and falsehoods by the US and it is replete with factual and logical inconsistencies.
The Chinese embassy said it never received any request for comment from Reuters regarding the matter prior to the story’s publication.
The Mekong River Commission (MRC) said they were aware of the situation from news reports, but had no further information as the hacking was not targeted at the MRC Secretariat.
“It’s not immediately clear as to what type of data that the hackers have stolen, and we don’t know why they made this attempt. But there must be something interesting or important that motivated them to do so,” the Secretariat said.
It said most data at MRC is publicly available and hosted on a data portal. The portal represents a storehouse of data where at least 10,333 datasets are currently available. The datasets include current and historical hydro-meteorological and climate time-series, spatial maps, atlases, photographs and sectorial datasets that can all be easily accessed.
“While the data sets are important, nothing is confidential on our platform, and it is meant for everyone who is interested in Mekong development and status,” it said.
Digital security consultant Nget Mose said on July 25 that there was no information available yet as to what data was stolen or what the motive was.
“This happened in 2018 but we’re just hearing the news now when the US department of justice released it,” he said.
He said if there were meetings that were private or closed-door, then the hackers probably wanted the meeting documents and Chinese hackers would have an interest in these political meetings because the Mekong River flows from China.
“As to why the documents would be important to hackers, it depends on the definition of hackers. Only they know what they wanted the data for. We as victims cannot know its importance. We only know that it was important documents related to meetings between our country and the neighboring countries on the Mekong,” he said.
Kin Phea, director of the Royal Academy of Cambodia’s International Relations Institute, said it was hard to judge whether what the US said was true because both the US and China often accused each other of various misdeeds.
“Only the US, China and Cambodia can say whether it is true or not. What we’ve noted is that accusations by each of these two countries against each other happen very often. Sometimes China accuses the US and vice versa regarding hacking. The US also accused North Korea of hacking various US entities,” he said.
He said it is difficult to determine the veracity of such accusations because it requires technology, independent researchers and investigators with expertise.
Phea said China, the US, Russia and some others are all countries with advanced technology that allows them to easily steal data from other countries.
“We used to hear that the US used to tap the telephone lines of their allies in Europe and Asia, but we didn’t say they hacked them,” he said
He said whatever the truth of the matter might be, it is clear that Cambodia needs to be careful and strengthen its cybersecurity, especially in the national defence and security sectors.