Please enable javascript to access the full functionality of this site

Gaming Public Opinion

Submitted by jerrycashman@a… on Mon, 04/24/2023 - 10:46
GamingPublicOpinion
Dark
@ASPI_ICPC

Gaming public opinion

The CCP’s increasingly sophisticated cyber-enabled influence operations

What’s the problem?

The Chinese Communist Party’s (CCP’s) embrace of large-scale online influence operations and spreading of disinformation on Western social-media platforms has escalated since the first major attribution from Silicon Valley companies in 2019. While Chinese public diplomacy may have shifted to a softer tone in 2023 after many years of wolf-warrior online rhetoric, the Chinese Government continues to conduct global covert cyber-enabled influence operations. Those operations are now more frequent, increasingly sophisticated and increasingly effective in supporting the CCP’s strategic goals. They focus on disrupting the domestic, foreign, security and defence policies of foreign countries, and most of all they target democracies.

Currently—in targeted democracies—most political leaders, policymakers, businesses, civil society groups and publics have little understanding of how the CCP currently engages in clandestine activities online in their countries, even though this activity is escalating and evolving quickly. The stakes are high for democracies, given the indispensability of the internet and their reliance on open online spaces, free from interference. Despite years of monitoring covert CCP cyber-enabled influence operations by social-media platforms, governments, and research institutes such as ASPI, definitive public attribution of the actors driving these activities is rare. Covert online operations, by design, are difficult to detect and attribute to state actors. 

Social-media platforms and governments struggle to devote adequate resources to identifying, preventing and deterring increasing levels of malicious activity, and sometimes they don’t want to name and shame the Chinese Government for political, economic and/or commercial reasons. 

But when possible, public attribution can play a larger role in deterring malicious actors. Understanding which Chinese Government entities are conducting such operations, and their underlying doctrine, is essential to constructing adequate counter-interference and deterrence strategies. The value of public attribution also goes beyond deterrence. For example, public attribution helps civil society and businesses, which are often the intended targets of online influence operations, to understand the threat landscape and build resilience against malicious activities. It’s also important that general publics are given basic information so that they’re informed about the contemporary security challenges a country is facing, and public attribution helps to provide that information.

ASPI research in this report—which included specialised data collection spanning Twitter, Facebook, Reddit, Sina Weibo and ByteDance products—reveals a previously unreported CCP cyber-enabled influence operation linked to the Spamouflage network, which is using inauthentic accounts to spread claims that the US is irresponsibly conducting cyber-espionage operations against China and other countries. As a part of this research, we geolocated some of the operators of that network to Yancheng in Jiangsu Province, and we show it’s possible that at least some of the operators behind Spamouflage are part of the Yancheng Public Security Bureau.

The CCP’s clandestine efforts to influence international public opinion rely on a very different toolkit today compared to its previous tactics of just a few years ago. CCP cyber-enabled influence operations remain part of a broader strategy to shape global public opinion and enhance China’s ‘international discourse power’. Those efforts have evolved to nudge public opinion towards positions more favourable to the CCP and to interfere in the political decision-making processes of other countries. A greater focus on covert social-media accounts allows the CCP to pursue its interests while providing a plausibly deniable cover. 

Emerging technologies and China’s indigenous cybersecurity industry are also creating new capabilities for the CCP to continue operating clandestinely on Western social platforms.

Left unaddressed, the CCP’s increasing investment in cyber-enabled influence operations threatens to successfully influence the economic decision-making of political elites, destabilise social cohesion during times of crisis, sow distrust of leaders or democratic institutions and processes, fracture alliances and partnerships, and deter journalists, researchers and activists from sharing accurate information about China.

What’s the solution?

This report provides the first public empirical review of the CCP’s clandestine online networks on social-media platforms.

We outline seven key policy recommendations for governments and social-media platforms (further details are on page 39):

  1. Social-media platforms should take advantage of the digital infrastructure, which they control, to more effectively deter cyber-enabled influence operations. To disrupt future influence operations, social-media platforms could remove access to those analytics for suspicious accounts breaching platform policies, making it difficult for identified malicious actors to measure the effectiveness of influence operations.
  2. Social-media platforms should pursue more innovative information-sharing to combat cyber-enabled influence operations. For example, social-media platforms could share more information about the digital infrastructure involved in influence operations, without revealing personally identifiable information.
  3. Governments should change their language in speeches and policy documents to describe social-media platforms as critical infrastructure. This would acknowledge the existing importance of those platforms in democracies and would communicate signals to malicious actors that, like cyber operations on the power grid, efforts to interfere in the information ecosystem will be met with proportionate responses.
  4. Governments should review foreign interference legislation and consider mandating that social-media platforms disclose state-backed influence operations and other transparency reporting to increase the public’s threat awareness.
  5. Public diplomacy should be a pillar of any counter-malign-influence strategy. Government leaders and diplomats should name and shame attributable malign cyber-enabled influence operations, and those entities involved in their operation (state and non-state) to deter those activities.
  6. Partners and allies should strengthen intelligence diplomacy on this emerging security challenge and seek to share more intelligence with one another on such influence operations. Strong open-source intelligence skills and collection capabilities are a crucial part of investigating and attributing these operations, the low classification of which, should making intelligence sharing easier.
  7. Governments should support further research on influence operations and other hybrid threats. To build broader situational awareness of hybrid threats across the region, including malign influence operations, democracies should establish an Indo-Pacific hybrid threats centre.

Key findings

The CCP has developed a sophisticated, persistent capability to sustain coordinated networks of personas on social-media platforms to spread disinformation, wage public-opinion warfare and support its own diplomatic messaging, economic coercion and other levers of state power.

That capability is evolving and has expanded to push a wider range of narratives to a growing international audience with the Indo-Pacific a key target.

The CCP has used these cyber-enabled influence operations to seek to interfere in US politics, Australian politics and national security decisions, undermine the Quad and Japanese defence policies and impose costs on Australian and North American rare-earth mining companies.

  • CCP cyber-enabled influence operations are probably conducted, in parallel if not collectively, by multiple Chinese party-state agencies. Those agencies appear at times to collaborate with private Chinese companies. The most notable actors that are likely to be conducting such operations include the People’s Liberation Army’s Strategic Support Force (PLASSF), which conducts cyber operations as part of the PLA’s political warfare; the Ministry of State Security (MSS), which conducts covert operations for state security; the Central Propaganda Department, which oversees China’s domestic and foreign propaganda efforts; the Ministry of Public Security (MPS), which enforces China’s internet laws; and the Cyberspace Administration of China (CAC), which regulates China’s internet ecosystem. Chinese state media outlets and Ministry of Foreign Affairs (MFA) officials are also running clandestine operations that seek to amplify their own overt propaganda and influence activities.
  • Starting in 2021, a previously unreported CCP cyber-enabled influence operation has been disseminating narratives that the CIA and National Security Agency are ‘irresponsibly conducting cyber-espionage operations against China and other countries’. ASPI isn’t in a position to verify US intelligence agency activities. However, the means used to disseminate the counter-US narrative— this campaign appears to be partly driven by the pro-CCP coordinated inauthentic network known as Spamouflage—strongly suggests an influence operation. ASPI’s research suggests that at least some operators behind the campaign are affiliated with the MPS, or are ‘internet commentators’ hired by the CAC, which may have named this campaign ‘Operation Honey Badger’. The evidence indicates that the Chinese Government probably intended to influence Southeast Asian markets and other countries involved in the Belt and Road Initiative to support the expansion of Chinese cybersecurity companies in those regions.
  • Chinese cybersecurity company Qi An Xin (奇安信) appears at times it may be supporting the influence operation. The company has the capacity to seed disinformation about advanced persistent threats to its clients in Southeast Asia and other countries. It’s deeply connected with Chinese intelligence, military and security services and plays an important role in China’s cybersecurity and state security strategies.

Introduction

This report explores the growing challenges posed by China’s globally focused and increasingly sophisticated cyber-enabled influence operations, which ASPI defines broadly as planned actions to influence individuals, communities and governments using the cyber domain.

Those actions include a range of state-sanctioned activities targeting foreign countries (sometimes individually or as a region) that seek to guide and interfere in their public discourse, to promote disinformation and to threaten and harass individuals and groups. Those activities are typically conducted on social-media platforms, where they’re also referred to by industry and national security stakeholders as coordinated inauthentic behaviour,1 information operations,2 cognitive domain operations,3 information warfare or public opinion warfare.4

In the first section of this report, which starts immediately below, we review the existing evidence of clandestine cyber-enabled influence operations originating from China to provide an assessment of the CCP’s evolving capabilities. By analysing datasets disclosed by social-media platforms and other publicly available sources, we map the CCP’s online networks and expose the wide range of Chinese state actors operating covertly on social media and other platforms.

In the second section (from page 11), we present original, empirical research about a recent coordinated CCP propaganda campaign named ‘Operation Honey Badger’ (蜜獾行动) by Chinese government-linked entities.

As of April 2023, this campaign continues to attribute cyber-espionage operations to the US Government. We uncover new evidence to suggest that the MPS, with the support of cybersecurity company Qi An Xin,5 may be involved in this campaign. This section is highly technical and detailed and sets out an evidence base for subsequent strategic assessments.

In the last section (from page 37), we explain how the CCP’s cyber-enabled influence operations are part of a broader strategy to achieve its objectives on social media. This section and our recommendations will be most relevant to policymakers. Our methodology and its limitations can be found in Appendix 1.

Download full report

Readers are warmly encouraged to download the full report, which contains;

  • What’s the problem?
  • What’s the solution?
  • Key findings
  • Introduction
  • China’s cyber-enabled influence operations
    • The evolution of Spamouflage
    • What we think we know about Chinese covert networks online
  • Case study: Operation Honey Badger (蜜獾行动)
    • Coordinated inauthentic behaviour alleging US cyber hegemony
    • Spamouflage accounts on Chinese social-media platforms
    • Connections with Qi An Xin
    • Qi An Xin’s links with CCP cyber-enabled influence operations
    • Qi An Xin’s links to other influence operations
  • The CCP’s online influence objectives on social media
  • Policy recommendations
  • Appendixes
    • Appendix 1: Methodology and limitations
    • Appendix 2: Case history of CCP cyber-enabled influence operations
    • Appendix 3: Possible Spamouflage linkages to APT41
    • Appendix 4: Qi An Xin (奇安信)
  • Notes
  • Acronyms and abbreviations
PB71 Gaming Public Opinion
Mon, 04/24/2023 - 10:44
jerrycashman@a…
Attachment
ADF

Australian Defence Force

ACSC

Australian Cyber Security Centre

IEC

the International Electrotechnical Commission

IEEE

Institute of Electrical and Electronics Engineers

IoT

Internet of Things

IoTAA

Internet of Things Alliance Australia

ISO

International Organisation for Standardization

USB

universal serial bus

IIOT

Industrial Internet of Things

ASD

Australian Signals Directorate

CCP

Chinese Communist Party

MERICS

Mercator Institute for China Studies

PRC

Peoples Republic of China

VPN

virtual private network

AI

Artificial Intelligence

SCS

Social Credit System

BRI

One Belt, One Road initiative

CETC

China Electronics Technology Group Corporation

NGO

nongovernment organisation

RFID

radio-frequency identification

CFIUS

Committee on Foreign Investment in the US

SVAIL

Silicon Valley Artificial Intelligence Laboratory

UTS

University of Technology Sydney

ATO

Australian Taxation Office

COAG

Council of Australian Governments

DHS

Department of Human Services

DTA

Digital Transformation Agency

FIS

Face Identification Service

FVS

Face Verification Service

TDIF

Trusted Digital Identity Framework

NUDT

National University of Defense Technology

PLAIEU

PLA Information Engineering University

RFEU

Rocket Force Engineering University

STEM

science, technology, engineering and mathematics

UNSW

University of New South Wales

ZISTI

Zhengzhou Information Science and Technology Institute

AFP

Australian Federal Police

ACIC

Australian Criminal Intelligence Commission

A4P

Action for Peacekeeping

ASEAN

Association of Southeast Asian Nations

C-34

Special Committee on Peacekeeping Operations

CTOAP

Peacekeeping Training Centre (Timor-Leste)

F-FDTL

Timor-Leste Defence Force

MFO

Multinational Force and Observers

MINUSCA

UN Multidimensional Integrated Stabilization Mission in the Central African Republic

MINUSMA

UN Multidimensional Integrated Stabilization Mission in Mali

MONUSCO

UN Stabilization Mission in the Democratic Republic of the Congo

PNGDF

Papua New Guinea Defence Force

PNTL

National Police of Timor-Leste

RAMSI

Regional Assistance Mission to Solomon Islands

RFMF

Republic of Fiji Military Forces

RPNGC

Royal Papua New Guinea Constabulary

RSIPF

Royal Solomon Islands Police Force

UNAMI

UN Assistance Mission for Iraq

UNAMID

UN–African Union Mission in Darfur

UNAMIR

UN Assistance Mission for Rwanda

UNAVEM

UN Angola Verification Mission

UNDOF

UN Disengagement Observer Force

UNIFIL

UN Interim Force in Lebanon

UNIKOM

UN Iraq–Kuwait Observation Mission

UNIOGBIS

UN Integrated Peacebuilding Office for Guinea-Bissau

UNISFA

UN Interim Security Force for Abyei

UNOSOM

UN Operation in Somalia

UNMHA

UN Mission to Support the Hodeidah Agreement

UNMIBH

UN Mission in Bosnia and Herzegovina

UNMIK

UN Interim Administration Mission in Kosovo

UNMIL

UN Mission in Liberia

UNMIS

UN Mission in Sudan

UNMISET

UN Mission of Support to East Timor

UNMISS

UN Mission in South Sudan

UNMIT

UN Integrated Mission in East Timor

UNOTIL

UN Office in East Timor

UNSMIS

UN Supervision Mission in Syria

UNTAC

UN Transitional Authority in Cambodia

UNTAES

UN Transitional Administration for Eastern Slavonia, Baranja and Western Sirmium

UNTAET

UN Transitional Administration in East Timor

UNTSO

UN Truce Supervision Organization