China, an authoritarian regime under one-party rule, is flexing its cyberespionage prowess to meddle in the elections of democratic nations.
Monovithya Kem, a Cambodian political activist living in the United States, alerted U.S. cybersecurity firm FireEye, after she realized that an email she received—purportedly from a human-rights group expressing sympathy for her father’s jailing in Cambodia—was sent from a free account, according to an Aug. 18 report by Japanese newspaper Nikkei.
China considers the hacking experience gained in Cambodia as a “trial run” for influencing politics in neighboring countries in the future, according to the Nikkei report.
Kem is the daughter of Kem Sokha, former head of the now-dissolved Cambodia National Rescue Party (CNRP), who has been imprisoned on treason charges since September 2017. Two months after his arrest, CNRP was dissolved.
The charge was based on allegations that Sokha had orchestrated a street protest in 2014. The nonprofit Human Rights Watch (HRW), in a report published Aug. 21, said the charge against Sokha was preposterous, and that he was jailed because he had “the audacity to lead an opposition party.” HRW called for his immediate release.
A report issued in July by FireEye concluded that an attached document in Kem’s email was malware that could steal Kem’s personal information if she were to download it. FireEye identified that the email to Kem originated from an IP address in Hainan, a province in southern China.
The sender turned out to be a China-based hacking group, Temp. Periscope, that FireEye has tracked since 2013. And Kem wasn’t the only target: Temp. Periscope had an extensive interest in Cambodia politics ahead of the country’s July 29 general elections for parliament seats.
FireEye compiled a long list of government organizations and individuals in Cambodia to have been compromised by Temp. Periscope, including the National Election Commission, Ministry of the Interior, two Cambodian diplomats, and multiple Cambodian media entities.
The group’s motivation is to keep Hun Sen, the pro-Beijing prime minister, and leader of the ruling Cambodian People’s Party (CPP), in power, according to Nikkei. He has served as prime minister since 1985.
On Aug. 15, electoral authorities in Cambodia announced that the CPP won all 125 parliamentary seats in the July election, which guaranteed that, as the leader of the CPP, Hun Sen would stay in power.
Exporting Election Meddling
The United States is also worried about possible election meddling. President Donald Trump indicated in an Aug. 18 Twitter post that there could be cybersecurity threats from China.
“All of the fools that are so focused on looking only at Russia should start also looking in another direction, China,” he wrote.
Echoing Trump’s remark, national security adviser John Bolton expressed concerns about foreign influences, including China, on the 2018 U.S. midterm elections in November, during an interview with ABC that aired on Aug. 19.
Meanwhile, the democracy that would most likely come under threat of Chinese cyber-meddling is undoubtedly Taiwan. China regards Taiwan, a full-fledged democracy with its own constitution and military, as a renegade province that must be united with the mainland, by military force if necessary.
In July, the website of Taiwan’s ruling party, the Democratic Progressive Party, was hacked. Taiwanese investigators believe the cyber-attack came from China, according to a report by the Financial Times.
“We anticipate in the run-up to elections at the end of this year and continuing until the 2020 presidential elections, Taiwan will become a global hotspot for cyber attacks and fake news,” a spokesperson for Taiwanese President Tsai Ing-wen has said.
Influencing election results isn’t the only thing on China’s cyber agenda—the regime is interested in obtaining intelligence on the future of its One Belt, One Road (OBOR, also known as Belt and Road) projects throughout Southeast Asia, according to an Aug. 15 report by Reuters.
Under OBOR, more than 60 countries across Asia, Europe, and Africa have partnered with China on infrastructure projects.
Citing information from FireEye, Reuters reported that Malaysia would become a “typical target of Chinese state-sponsored cyber activity.” Chinese cyber scrutiny was to be expected, especially after Malaysian Prime Minister Mahathir Mohamad halted several OBOR projects that were authorized by his predecessor, Najib Razak.
Mohamad ordered the postponements after a state investigation revealed that funds for the projects were used to repay dues to the Malaysian state investment fund 1Malaysia Development Berhad (1MDB). Razak is currently under investigation for his alleged role in the misappropriation of those funds.
On Aug. 21, Mohamad, while on a diplomatic visit to Beijing, announced that he had canceled two OBOR projects: a proposed railway and gas pipeline, after speaking with Chinese leader Xi Jinping and Premier Li Keqiang, according to the New Straits Times, an English-language newspaper in Malaysia.