Feds Glossing Over China in Cybercrime Assessment Raises Questions, Say Experts

Feds Glossing Over China in Cybercrime Assessment Raises Questions, Say Experts
A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Kacper Pempel/Reuters
Noé Chartier
Updated:
0:00

Some experts are raising questions about a new Canadian government report that establishes a baseline of threats from cybercrime, as it focuses on Russia while barely mentioning China.

Canada’s Cyber Centre published its “Baseline cyber threat assessment: Cybercrime” on Aug. 28, to inform cybersecurity professionals and the broader public about global cybercrime and how it affects the country.

The report discusses methodologies used by cybercriminals, such as the use of ransomware, and assesses that organized cybercrime will “very likely pose a threat to Canada’s national security and economic prosperity over the next two years.”

Two of the five key judgments of the report, where the Cyber Centre delivers its main messages and assessments pertaining to threats, address Russia’s involvement.

It says that Russia, and to a lesser extent Iran, very likely serve as safe havens for cybercriminals targeting Western entities. It expresses higher confidence that Russian intelligence services and law enforcement “maintain relationships with cybercriminals and allow them to operate with near impunity.”

China

Cyber security experts consulted by The Epoch Times agree over Russia’s significance in cybercrime, but raise questions about why China was practically left out of the report. The country is only mentioned once in the context of a segment on the birth of profit-driven cybercrime.

“It must be said that the focus on Russia in the report is appropriate, simply because they are no less dangerous or inactive than the other cybercriminal adversaries targeting Canada and our allies, and those nations include but are not limited to China, West African countries, and India,” says cyber criminologist Laura Love.

But she adds the “very noticeable imbalance” in focusing on Russia in the report is somewhat of a “head scratcher” for cyber professionals who protect networks on a daily basis from ransomware, business email compromise, exploitation, and exfiltration. It does not “paint the entire picture,” says Ms. Love.

Michael Haffely, a cyber security consultant based in the U.S., also points out that the Cyber Centre did not expand on China even though it’s a “large threat.”

He points to a prolific Chinese hacker group identified as Advanced Persistent Threat 41 (APT41), twice indicted in the U.S. and featured on the FBI’s most wanted list.
The group is said to carry out state-sponsored espionage along with attacks for profit. Cyber security firm Mandiant calls it a “dual espionage and cyber crime operation,” which has targeted Canada in the past.
The group is accused by the U.S. of having compromised over 100 victims globally, from software companies to foreign governments and pro-democracy activists in Hong Kong.

“Separation of state or government-sponsored attacks and financially motivated cybercrime is, as seen with the group called APT41 (also known as Winnti, Barium, Wicked Panda, etc.), not always clear,” says Mr. Haffely.

“APT41 allegedly attacked various companies for financial gain, it is not known if this was at the behest of the Chinese government or if this was a case of ‘we have the tools, let’s make some money.’”

Limiting Framing

While raising some questions about glossing over China, both experts say the report is generally sound. One other concern they have separately expressed is its framing, which they say can be limiting.

“The report feels like they are ‘splitting hairs’ by restricting the definition of cybercrime,” says Mr. Haffely.

The Cyber Centre adopted a narrow definition of cybercrime to conduct its assessment, limiting it to “criminal activity that targets a computer, a computer network, or a networked device for profit.”

Mr. Haffely says the motivation for criminal acts can be much broader, from political activism to boredom.

As for Ms. Love, she says the “very noticeable issue with this report is it’s chosen narrowed scope wherein known and highly documented major players in financially motivated cybercrime are barely mentioned, if at all.”

The Cyber Centre did not immediately return an inquiry with regards to China’s exclusion from the report. It has previously not been shy about identifying the Chinese regime as a core cyber threat.

“The state-sponsored cyber programs of China, Russia, Iran and North Korea continue to pose the greatest strategic cyber threat to Canada,” wrote Cyber Centre Head Sami Khoury in the “National Cyber Threat Assessment 2023-2024.”

While identifying the main actors, the Centre said the “threat from China is very likely the most significant by volume, capability, and assessed intent.”