Attribution for cyberattacks is said to be notoriously difficult, but sometimes context and timing are damning evidence.
In July, the Permanent Court of Arbitration in The Hague conducted a hearing on the territorial dispute in the South China Sea between the Philippines and China. On the third day of the hearing, the Court’s website was suddenly knocked offline. The attack, made public by Bloomberg last week, reportedly originated from China and infected the page with malware, leaving anyone interested in the landmark legal case at risk of data theft.
The two countries are in the midst of a decades-long dispute over the Scarborough Shoal and other territories in the South China Sea, which should come as no surprise to readers of The Diplomat. Just in case, here’s the backstory: In a precedent-setting turn this summer, when the Permanent Court of Arbitration began hearing a case brought by the Philippines that argues that China’s territorial claims violate international law under the UN Convention on the Law of the Sea.
In an attempt to deter the Chinese expansion, “the Philippines is asking the court to rule on the validity of China’s nine-dash line as a maritime claim; the status of individual features that China occupies; and Beijing’s interference in Philippine activities in the South China Sea.” If successful, the Philippines’ legal challenge might set a precedent for other Southeast Asian countries to non-militarily wrestle China over the disputed waters.
China has continuously dismissed the court case simply as “a blatant grab for territory,” stating that it “would not accept and would not engage” in the case. The country subsequently released a position paper rejecting the court’s jurisdiction over the dispute. Despite China’s strong reluctance to participate in the court hearings, the July hack demonstrates that Beijing’s attention is focused on the hearing and its aftermath.
By infecting the computers of journalists, diplomats, lawyers, and others who are involved or interested in the case, Chinese cyber units may be able to find out the names of people who are following the case and anticipate what their response might be if the court rules against China. For example, if Vietnamese or Japanese diplomats visited the website and their computers were infected, China could have access to internal documents and understand that country’s next moves over the disputed islands.
<click here for link>