somartin - Fotolia

MI5, FBI chiefs warn of Chinese cyber espionage threat

In a joint appearance in London, MI5 director general Ken McCallum and FBI director Chris Wray warn of the growing threat posed by the Chinese government to UK and US interests

Ken McCallum, director general of MI5, and Chris Wray, director of the US’s FBI, have warned of the growing threat posed by the ruling Chinese Communist Party (CCP) to UK and US interests, in an unprecedented joint address in London.

Speaking on 6 July at Thames House, McCallum said the two were speaking out to send “the clearest signal they can” on the challenges posed by an increasingly assertive Chinese regime.

He described this challenge as a planned, professional and strategic geopolitical contest unfolding across decades, with a regime that is “covertly applying pressure across the globe”.

McCallum said the world-leading expertise, technology, research and commercial advantage developed and held by the UK’s academic and business communities was at risk.

“Early in his time as leader, President Xi said that in areas of core technology where it would otherwise be impossible for China to catch up with the West by 2050, they ‘must research asymmetrical steps to catch up and overtake’,” he said. “The scale of ambition is huge. And it’s not really a secret. Any number of public strategic plans, such as Made in China 2025, show the intent plainly.

“This means standing on your shoulders to get ahead of you. It means that if you are involved in cutting-edge tech, AI [artificial intelligence], advanced research or product development, the chances are your know-how is of material interest to the CCP.

“And if you have, or are trying for, a presence in the Chinese market, you’ll be subject to more attention than you might think. It’s been described as ‘the biggest wealth transfer in human history’.”

According to McCallum, the risks are manifold, the most blatant one being in the form of covert theft, using active intelligence officers in the field. But organisations must also be mindful of legitimate intellectual property (IP) transfer through business partnerships and acquisition; the exploitation of academic researchers; the cultivation and flattery of individuals of interest, often using social networks such as LinkedIn; and of course the CCP’s use of advanced persistent threat (APT) groups to conduct targeted cyber attacks.

Wray said: “The Chinese government sees cyber as the pathway to cheat and steal on a massive scale.

“Last spring, for instance, Microsoft disclosed some previously unknown vulnerabilities targeting Microsoft Exchange Server software [ProxyLogon]. Chinese hackers had leveraged these vulnerabilities to install more than 10,000 web shells, or backdoors, on US networks, giving them persistent access to data on those systems. That is just one example of the Chinese government finding and exploiting vulnerabilities, albeit a big one.”

Wray added: “Over the last few years, we’ve seen Chinese state-sponsored hackers relentlessly looking for ways to compromise unpatched network devices and infrastructure. And Chinese hackers are consistently evolving and adapting their tactics to bypass defences. They even monitor network defender accounts and then modify their campaign, as needed, to remain undetected. They merge their customised hacking toolset with publicly available tools native to the network environment – to obscure their activity by blending into the ‘noise’ and normal activity of a network.”

McCallum and Wray urged organisations to work with their two agencies to guard against CCP-backed espionage.

“We can arm you with intelligence that bears on just what it is you’re facing,” said Wray. “For example, when it comes to the cyber threat, everything from details about how Chinese government hackers are operating to what they are targeting. And when incidents do occur, we can work together – our agencies and you – to degrade the threat.”

McCallum set out a series of questions that organisations’ leadership should be asking, preferably involving IT security leadership:

  • Does the organisation have a strategic approach to managing risks, and discuss those risks round the board table, or is it a subject that the board never quite gets to?
  • Does the organisation have a thoughtful security culture at all levels, or is it left to an arm’s-length security department that is contacted only in an emergency?
  • Does the organisation know what its crown jewels are, which, if stolen, would compromise its future?
  • And has the organisation put the right controls in place to assess risks related to funding sources and partners, and to protect its supply chain?

McCallum added: “The aim here is not to cut off from China – one-fifth of humanity, with immense talent. The UK wants to engage with China wherever it is consistent with our national security and our values.

“We are also not talking about Chinese people – in whom there is so much to admire. We wholeheartedly welcome the Chinese diaspora’s hugely positive contribution to UK life. Responding confidently to specific covert activities is just us doing our job. If my remarks today elicit accusations of sinophobia, from an authoritarian CCP, I trust you’ll see the irony.”

Read more on Hackers and cybercrime prevention