Despite China’s great power aspirations, its cyber warriors threw a fit after losing a legal battle to the Philippines in The Hague. Within hours of the Permanent Court of Arbitration’s unanimous rebuke of China’s territorial claims in the South China Sea last week, at least 68 national and local government websites in the Philippines were knocked offline in a massive distributed denial of service (DDoS) attack. This is not the first time the landmark legal dispute over the South China Sea has flared up in cyberspace. Last summer, Chinese hackers allegedly breached the court’s servers during a hearing on the territorial dispute, leaving anyone interested in the landmark legal case at risk of data theft. Last fall, Jason Healey and I predicted that “the Philippines (and its U.S. allies) should […] start preparing now for a massive digital tantrum by Chinese patriot hackers if the ruling […] goes against the Middle Kingdom.” And while the Philippine government has not yet publicly assigned blame for the most recent attacks, context and timing serve as damning evidence.
The crippling DDoS attacks against Filipino government networks began in the afternoon of July 12, as the court in The Hague announced its sweeping ruling rejecting China’s historic territorial claims in the case brought by the Philippines. The attacks that ensued spanned over several days and targeted key government agencies, including the Department of Foreign Affairs, the Department of National Defense, the Central Bank, and the Presidential Management Staff, along with a medical center and smaller local government units. In addition, some local government portals were defaced with popular Anonymous insignia and a message signed by “the Chinese Government.”
The breach of these networks follows a string of Chinese cyber attacks targeting Southeast Asian claimants to the disputed waters, coinciding with times of heightened geopolitical tensions. The first major cyber campaign against the Philippines in connection to the territorial dispute occurred in April 2012, following a tense standoff between Chinese and Filipino vessels at the Philippine-claimed Scarborough Shoal. A Chinese cyber unit breached government and military networks in the island nation, stealing military documents and other highly sensitive communications related to the conflict.
In addition to the Philippines, Vietnam has been a popular target for Chinese cyber units; in 2014 it became the most targeted country in cyberspace. That year, two notable upticks occurred in Chinese cyber attacks: In May, following an international incident surrounding a Chinese oil rig in Vietnam-claimed waters that escalated into deadly anti-China protests around the country, Chinese hackers gained access to sensitive information about Vietnam’s diplomatic and military strategy by compromising an intelligence agency network. In October the same year, similar attacks were observed, a likely response to Vietnamese arms acquisitions boosting the country’s maritime security capabilities.
While the most recent cyber attacks against the Philippines were certainly not difficult to anticipate or predict, it remains unclear to what extent they were directed, encouraged, or merely tolerated by the Chinese government. During territorial disputes, patriotic hackers often engage in attacks that are almost indistinguishable from organized government cyber units. In this case, the use of Anonymous’ trademarks further blurs the line between government and independent action: it may point toward an independent attack by the group to accompany the DDoS campaign, overlap between members of Anonymous and hackers on the government’s payroll, or simply a false flag planted by the perpetrators. Patriotic hackers on both sides of the Filipino-Chinese territorial conflict have a long history of launching attacks against each other. With nationalist sentiments running high in the Philippines in celebration of the “David vs. Goliath” victory in court, and with local branches of Anonymous, LulzSec, and others highly active in the country, retaliation originating from the island nation is to be expected.
Last week’s DDoS attacks show that while reports by the U.S. government and private sector have recently noted a staggering drop in cyber attacks by Chinese-linked groups in the United States, China’s Southeast Asian neighbors should do anything but rest easy. The countries with competing claims to the disputed waters – the Philippines, Vietnam, Taiwan, Malaysia, and Brunei – remain willfully unprepared to counter Chinese cyber units, and need to begin seriously investing in sophisticated cyber defenses through increased national investments, regional initiatives, and strengthened international alliances.
With China dismissing the arbitration ruling, the Philippines turning down bilateral talks, and the newly-elected Philippine President Rodrigo Duterte yet to offer more than offhanded comments or puzzlingly conflicting policy proposals on the dispute, the situation in the region will remain inflammatory for the foreseeable future. Regardless of the level of the Chinese government’s involvement in last week’s cyber attacks, the fallout from The Hague tribunal’s decision is unlikely to end here.
Anni Piiparinen is assistant director of the Atlantic Council’s Cyber Statecraft Initiative.