Attribution for cyberattacks is said to be notoriously difficult, but sometimes context and timing are damning evidence.
In July, the Permanent Court of Arbitration in The Hague conducted a hearing on the territorial dispute in the South China Sea between the Philippines and China. On the third day of the hearing, the Court’s website was suddenly knocked offline. The attack, made public by Bloomberg last week, reportedly originated from China and infected the page with malware, leaving anyone interested in the landmark legal case at risk of data theft.
The two countries are in the midst of a decades-long dispute over the Scarborough Shoal and other territories in the South China Sea, which should come as no surprise to readers of The Diplomat. Just in case, here’s the backstory: In a precedent-setting turn this summer, when the Permanent Court of Arbitration began hearing a case brought by the Philippines that argues that China’s territorial claims violate international law under the UN Convention on the Law of the Sea.
In an attempt to deter the Chinese expansion, “the Philippines is asking the court to rule on the validity of China’s nine-dash line as a maritime claim; the status of individual features that China occupies; and Beijing’s interference in Philippine activities in the South China Sea.” If successful, the Philippines’ legal challenge might set a precedent for other Southeast Asian countries to non-militarily wrestle China over the disputed waters.
China has continuously dismissed the court case simply as “a blatant grab for territory,” stating that it “would not accept and would not engage” in the case. The country subsequently released a position paper rejecting the court’s jurisdiction over the dispute. Despite China’s strong reluctance to participate in the court hearings, the July hack demonstrates that Beijing’s attention is focused on the hearing and its aftermath.
By infecting the computers of journalists, diplomats, lawyers, and others who are involved or interested in the case, Chinese cyber units may be able to find out the names of people who are following the case and anticipate what their response might be if the court rules against China. For example, if Vietnamese or Japanese diplomats visited the website and their computers were infected, China could have access to internal documents and understand that country’s next moves over the disputed islands.
Based on past Chinese form, the courts in The Hague should also check their internal systems, not just the external facing webserver, for signs of Chinese intrusions. Seven years ago, in the run-up to another important international event critical to China – the 2008 Olympic Games to showcase the new China to the world – Chinese spies intruded into Asian and Western national Olympic Committees, as well as the International Olympic Committee (IOC) and the World Anti-Doping Agency.
Lacking a military alternative, the Philippines’ turning to the courts to challenge China over the maritime dispute has could be been compared to David going after Goliath. For the Philippines and its relatively small neighbors, the recourse to international law serves as a “force equalizer” in deterring perceived Chinese transgressions and China’s “might is right” take on international relations.
As a digital backdrop to the intensifying island-building activities, the growing presence of coastguard vessels, and increasing military flyovers, cyberspace has again emerged as another front for the disputed South China Sea. The hack of the Permanent Court of Arbitration in The Hague adds evidence that China will continue to target its neighbors’ networks to gain the upper hand in the territorial row.
In addition to the idea that “attribution is hard,” a myth of cyberspace is that attacks are difficult to predict or anticipate. Maybe that is true at the level of ones and zeroes, but as history has repeatedly shown, it is certainly not unpredictable at the level of national security conflicts. Cyber adversaries are not “ones and zeroes” but hackers, often driven by outrage over perceived national insult (or actually part of national security services). This makes them far more predictable.
The Philippines (and its U.S. allies) should accordingly start preparing now for a massive digital tantrum by Chinese patriot hackers if the ruling, expected by the end of the year, goes against the Middle Kingdom.
Jason Healey (@Jason_Healey) is Senior Research Scholar at Columbia University’s School of International and Public Affairs. Anni Piiparinen (@AnniPiiparinen) is program assistant for the Cyber Statecraft Initiative of the Brent Scowcroft Center for International Security at the Atlantic Council.