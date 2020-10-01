To many Hong Kongers, the city we call home is increasingly being shattered. At a time when our will to fight for democracy is badly crushed, many of our time-honored systems and traditions left behind from the colonial era have also been demolished to levels far worse than those in the Third World. Few would realize that much of the city’s speedy degradation might have been caused by a series of coordinated subversive attacks, loosely known as hybrid warfare, launched unnoticeably by the Chinese Communist Party (CCP).

Unlike formally declared warfare involving armed forces, hybrid warfare advances a nation’s domination over its enemies by deceiving them with nonmilitary means such as manipulating public opinion, undermining the credibility of prominent political figures and compromising cyber security. For many years, the CCP has been obsessed with the idea of “winning by fighting with deception,” a military strategy taught by Sun Tze during the Warring States period. In doing so nowadays, the CCP makes use of sophisticated civilian technologies aimed at degrading the core capability of its enemies, typically by exerting psychological pressure on them through deceptive means, often with no limits. Taken straight out of CCP’s playbook, hybrid warfare is now being used as a tactic to achieve Xi Jinping’s goal of the great rejuvenation of the Chinese nation. For Hong Kong, the tactic is seemingly for upholding Xi’s leadership in asserting comprehensive governance over the supposedly highly autonomous region.

Data scraping for surveillance

A case in point is Zhenhua Data Information Technology, a big data analytics company said to archive a trove of personal profiles amassed from 2.4 million people worldwide. Clientele of the Shenzhen-based company reportedly includes the People’s Liberation Army (PLA) and the Ministry of State Security. It is no coincidence that Zhenhua itself is a subsidiary of another company whose parent is China Electronic Technology Corporation, a state-owned military firm specialized in developing technologies to surveil Uighurs in Xinjiang. To put it more accurately, Zhenhua is a de facto PLA unit whose primary business is to serve CCP’s organs.

From the leaked Overseas Key Information Database (OKIDB) curated by Zhenhua, security experts were able to recover some 250,000 records representing government officials, politicians, celebrities, convicted felons and corporate leaders in strategic industries. These individuals mainly come from the United States (52,000), Australia (35,000), India (10,000), Britain (9,700) and Canada (5,000). Notably, names associated with Hong Kong’s democratic movement also show up in the OKIDB. According to ShadowMap, a data security firm that had analyzed the leaked database, Zhenhua used keywords to track at least 100 local political organizations (e.g., “New Democratic League”, “Tianshui Connection” and “DAB Shatin Branch”) and individuals (e.g., “Dai Yaoting”, “Tan Dezhi” and “Jasper Tsang”). These entities span across a broad political spectrum to include both the pro-Beijing and pro-democracy camps. The targeted individuals are subject to Zhenhua’s social media relationship query, a tool that explores their interpersonal networks by scraping publicly available social media contents as well as privately-held data repositories of questionable origin.

In this connection, it is worth recalling that in 2017 two laptops harboring the personal data of 3.78 million registered voters went missing from the Registration and Electoral Office’s temporary storeroom at the AsiaWorld-Expo. As of this writing, the perpetrator remains at large. It is tempting for any reasonable person to speculate the whereabouts of such a massive compilation of personal data and the reason behind its mysterious disappearance.

National-scale cyberattack

Another common hybrid warfare tactic utilized by the CCP is to take down an enemy’s web presence entirely by way of cyberattack. Beijing has long been accused of sponsoring powerful cyberattacks against a wide range of institutions whose web contents deemed inappropriate to the authoritarian regime. In 2015, hosting service provider Github was under massive DDoS attacks from China for publishing two websites banned by the Chinese government. Web services frequented by tech-savvy Hong Kong protesters have also drawn the attacker’s attention. During last year’s protests, messaging app Telegram’s server was inundated with junk communication requests sent predominately from China. Online forum LIHKG experienced similar situations when their website was attacked simultaneously by Chinese online forum Baidu Tieba and Chinese internet security firm Qihoo360. Another frequent victim of cyberattack is of course Apple Daily, a pro-democracy news outlet that has been under increasing repression from the CCP even before the enactment of a national security law.

Clearly, cyberspace is considered by the CCP a key battlefield in the context of national security. Since late 2015, the Strategic Support Force (SSF) of the PLA has been developing its cyber warfare capabilities as a “new-type combat force” to strengthen the military’s performance and to support cross-domain joint operations. Specifically, the SSF is tasked with the primary responsibilities of overseeing operations in the areas of “signals intelligence, cyber espionage, computer attack, electromagnetic warfare and psychological operations.” These tactics, together with the intelligence obtained through data scraping, can easily be employed to deceive and subdue an enemy well ahead of any conflict.

In light of the existential threats posed by the CCP’s hybrid warfare, the free world needs to act in concert to safeguard our shared values. Capabilities to identify, counter and defeat hybrid warfare tactics are urgently needed before further damage is done to our beloved city and the rest of the world.

(Dr Jack Kwan Chi-pong, MIT-trained consultant based in Boston)

