Friendly countries often spy on each other. The United States has been caught spying on its allies in Europe, despite their normally tight, close-knit diplomatic ties. Russians and Chinese, among others, have also built notorious reputations for monitoring and meddling in the affairs of others.
According to a cybersecurity company FireEye, a Chinese espionage group known as TEMP.Periscope has been active at least since 2013, targeting private companies, governments and especially maritime interests in Asia, Europe and North America.
However, TEMP.Periscope is branching out according to a report by FireEye, and has stepped up its attacks on friendly interests in Cambodia in the lead-up to elections on July 29.
Within the cybersecurity industry, that has come as no surprise given the extensive business interests, worth many billions of dollars, that Chinese state-owned-companies (SOEs) have established across Cambodia in recent years.
But what stood out, said Ben Read, one of the report’s authors, was the number of attacks and well as their wide scope.
“We were previously aware of this actor’s interest in maritime affairs, but this compromise gives additional indications that it will target the political system of strategically important countries,” he said.
Read believes a probable further motive was the Malaysian election held two months ago, when Najib Razak, an avid supporter of Chinese financing, was ousted in a shock result.
That put Mahathir Mohamad back in power, and among his first tasks was to order a closer look at Chinese investments, after claims that money laundering might be involved.
FireEye says high profile Cambodian government targets included the National Election Committee, three ministries, diplomats working abroad, and the Cambodian senate.
Media outlets, both independent and pro-government, were also targeted, with their webpages also being used in conjunction with malware, which was sent to intended victims in order to prise open their computer systems.
Webpages from the Phnom Penh Post, previously targeted by hackers in Vietnam, were among those used and among the targets was the prominent non-governmental organization Licadho.
Perhaps ironically, the Phnom Penh Post has banned its reporters from talking to Licadho, according to sources at the newspaper, after it criticized the sale of the paper by Australian miner Bill Clough to Malaysian businessman Sivakumar S. Ganapathy.
Webpages from other government friendly media outlets, including Fresh News and the Khmer Times, were also used in a similar manner, with targets also ranging from human rights activists to opposition politicians who fled Cambodia amid a crackdown on dissent.
Online communications have been under the microscope in Cambodia for some time, in particular users on Facebook who have been arrested for posting what one government official has described as inappropriate criticisms.
The ruling Cambodian People’s Party under Prime Minister Hun Sen has justified its actions, claiming the opposition and foreign forces have been attempting to undermine its government through a “color revolution” and it has plans to establish and Data Management Centre (DMC).
All domestic and international Internet traffic into and out of Cambodia will soon pass through the DMC, to be created by state-owned Telecom Cambodia, sparking fears of a further crackdown on free speech.
The net result is online platforms are no longer being used like they once were, and Cambodians are more and more turning to end-to-end encrypted messaging systems that guarantee privacy between users and can’t be monitored or used against them like Facebook.
The latest shenanigans from China, as documented by FireEye, will only hasten that move among government and opposition supporters alike, while causing a good degree of consternation in a government that has done its best to please its benefactors in Beijing.
Luke Hunt can be followed on twitter @lukeanthonyhunt