Experts argue that UK sanctions will have no effect as hacking is ingrained in dealings with Beijing
The UK government’s decision to impose sanctions on two individuals and one entity allegedly involved in unsuccessful cyber-attacks on UK parliamentarians in 2021 suggests a deeper, more significant issue. James Cleverly, the home secretary, emphasized that such actions against elected representatives and electoral processes would always be challenged.
However, some experts viewed it as a signal that the UK was pressured by Washington’s decision to indict seven individuals linked to the hacking group APT31. These individuals are accused of conducting a widespread global hacking campaign, including sending over 10,000 malicious emails to politicians, officials, journalists, and China’s critics across multiple continents.
Alan Woodward, a cybersecurity professor at the University of Surrey, believes the sanctions will have no impact on the UK’s cybersecurity, likening them to sending a strongly worded letter. He suggests that the UK government feels compelled to respond due to American actions but still wants to avoid upsetting China.
On the same day the government disclosed historical hacking attempts, it attributed the compromise of the Electoral Commission’s systems between 2021 and 2022 to a “Chinese state-affiliated entity.” In response, the Chinese embassy in London labeled the UK’s statement as “completely unfounded and constitutes malicious slander.” However, none of the sanctioned entities were accused of involvement in that breach. Jamie MacColl, a research fellow in cybersecurity at the Royal United Services Institute think tank, noted that the government had “conflated two separate issues in a way that is quite confusing to the general public.”
Some perceive the UK’s response as weak and confusing because Chinese hacking attempts are not isolated incidents but rather part of the broader context in which all Western governments must manage their relationships with Beijing. According to a report released on 27 March by Google, China “continues to lead the way for government-backed exploitation.” APT31 has been linked to hacks in France, Finland, and against Microsoft. Additionally, New Zealand recently stated that another well-known Chinese hacking group, APT40, targeted its parliament in 2021 (the Chinese embassy in New Zealand denied these allegations).
A recent data leak from the Chinese cybersecurity firm iSoon has exposed the competitive nature of China’s hackers for hire, who actively vie for government contracts. They sometimes acquire data from foreign agencies in the hope of selling it to the highest bidder. Regarding APT31, the US Department of Justice claims that the hacking operation was directly overseen by a provincial department of China’s ministry of state security.
According to Mei Danowski, a China cybersecurity expert and author of the Natto Thoughts newsletter, nearly every cybersecurity firm in China likely has some form of contract with government clients. With the cybersecurity industry valued at approximately $13 billion (£10.3 billion), there is a substantial pool of potential hackers.
This leaves Western governments struggling to coordinate an effective response to hacks or hacking attempts. In many instances, the Chinese government can plausibly deny responsibility, and the impact of data breaches is not always clear. Audrye Wong, an assistant professor at the University of Southern California, noted that while Russian-based hacks often “sow discord and chaos,” China tends to be “more cautious” and “still very much cares about shaping perceptions of China and the Chinese Communist Party.” Many Western international security experts liken the situation to the concept that while Russia may represent a storm, China is akin to climate change.
Danowski suggests that since the US indicted hackers associated with a company called Chengdu 404 in 2020, its business operations in China have continued as usual. This implies that the “name and shame” tactic employed by the US and the UK this week may be largely symbolic.
While China claims it has “no interest or need to interfere in the UK’s internal affairs,” some cybersecurity experts point out that gathering information on foreign states is a fundamental aspect of every country’s intelligence operations – in other words, spies spy.
Reuters recently disclosed that Donald Trump, during his presidency, had authorized a covert CIA operation on Chinese social media to sway Chinese public opinion against Beijing, an operation that may still be ongoing. Jamie MacColl stated, “If Chinese cyber-attacks result in ‘the harassment of dissidents,’ I could understand why sanctions would be warranted.” However, he added, “But from my perspective, the activity that’s been named is predominantly political espionage.”