A massive database taken from a Chinese government server in Shanghai has exposed the identities of close to two million members of the Chinese Communist Party, thousands of whom are working in British consulates, defence firms, banks, universities and in British companies such as Jaguar, HSBC, and Rolls Royce.
The leaked database has exposed the extent to which members of the Chinese Communist Party have embedded themselves in British institutions that include pharmaceutical companies, research firms, defence firms, universities, auto majors, and banking giants Standard Chartered and HSBC.
According to the Daily Mail with whom the database was shared, the database contains the personal information of nearly two million CCP members who are based in Shanghai. In total, the Chinese Communist Party boasts a total of 92 million members, tens of thousands of whom stay and operate outside China.
The database was previously exfiltrated from a CCP server in Shanghai and posted on Telegram and then shared by a Chinese dissident with the Inter-Parliamentary Alliance on China (IPAC), an international cross-party group of over 150 legislators working towards reform on how democratic countries approach China. Sir Iain Duncan Smith MP and Baroness Helena Kennedy are members of the alliance.
The paper reported that the list of 1.95 million CCP members includes more than 600 party members working in Standard Chartered and HSBC, 123 party members working in pharmaceutical giants Pfizer and AstraZeneca, academics conducting research in aerospace engineering and chemistry at universities, and hundreds of party members working in Airbus, Boeing and Rolls-Royce that form part of the British defence industry.
The list also includes “a research fellow in aerospace engineering at a leading university who also works for a private company” as well as a Chinese national who works at the British consulate in Shanghai which also hosts a team of MI6 officers operating under diplomatic cover. Working at the consulate may enable the CCP member to identify British intelligence officials and pass on their activities and whereabouts to the Chinese government.
The fact that several full-time Chinese Communist Party members are working at pharmaceutical companies Pfizer and AstraZeneca raises questions about the security of intellectual property, especially information about COVID-19 vaccines. The presence of CCP members at large corporations may also increase the risks of insider threat to sensitive data.
Recently, a U.S. court had indicted two hackers working for China’s Ministry of State Security (MSS) for targeting multiple organisations in several countries to gain access to precious intellectual property, including COVID-19 research data.
These victim companies, other entities, and individuals were located in the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom and targeted industries included high tech manufacturing, medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals, and defense.
The primary motive of the two Chinese hackers was to steal precious intellectual property from high technology industries for the benefit of the MSS or other Chinese government agencies. Sometimes, the hackers also tried to extort cryptocurrency from victims by threatening to release their files on the Internet and in recent days, they probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments.
Recently, five Chinese hackers working for APT41 were also charged for orchestrating computer intrusions “affecting over 100 victim companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organisations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.”
The US Department of Justice said the state-sponsored hackers facilitated the theft of source code, software code signing certificates, customer account data, and valuable business information and also carried out ransomware and cryptojacking schemes. Two of the five hackers also conspired with two Malaysian businessmen to profit from computer intrusions targeting the video game industry in the United States and abroad.
According to Sam Curry, Chief Security Officer at Cybereason, the Chinese are a cyber superpower and they are responsible for billions of dollars in IP theft annually from thousands of companies. Companies and government agencies need to take the threat seriously and it is imperative that they invest in improving their network defenses against blatant and egregious espionage related activities.
In a report titled The Dark Side of China: The Evolution of a Global Cyber Power, threat intelligence firm IntSights said that to understand the threat from China, one must first understand their desired outcomes, culture, and worldview.
“The 13th Five Year Plan of the Chinese Communist Party, ratified in 2016, outlined President Xi Jinping’s vision for an economic growth rate of 6.5% by 2020, innovation-driven development, and a shift to higher value-added manufacturing.
“The latter of these objectives is further outlined in a document called Made in China 2025 (中国制造2025), a strategic roadmap for an upgrade to Chinese industry from low-quality and low-value products to production of high-tech goods in categories including pharmaceutical, automotive, aerospace, semiconductor, IT and robotics. These documented plans are an important indicator for the motivation behind the corporate espionage and theft of intellectual property through cyber intrusions that have been observed over the past several years,” the report said.