China's Testing Ground for War on the West | China Uncensored - VoiceTube: Learn English through videos!

Subtitles section Play video

On this episode of China Uncensored,
the Chinese Communist Party has developed
a whole bunch of warfare tactics to use against the West,
in particular the United States.
And they've been developing them in Taiwan.
Hi, welcome back to China Uncensored.
I'm your host Chris Chappell.
The Chinese Communist Party is engaged in a campaign
of Unrestricted Warfare against the West.
Unrestricted Warfare aims to achieve the same goals of war,
without necessarily firing bullets.
And Cyber Espionage is one of the most powerful weapons.
The Chinese regime is one of the world's biggest cyber aggressors.
In 2015, the Chinese military was blamed for the hack
on the US Office of Personnel Management,
which affected over 21 million Americans.
But you don't test out your biggest weapons on the US.
You try them out on a smaller target first,
to see if they work.
And for the Chinese Communist Party,
that means Taiwan.
I sat down with cyber security expert Kitsch Liao
in Taipei to learn more.
Thank you very much for joining us.
My pleasure.
So, the Chinese Communist Party is one of the biggest
cyber aggressors in the world.
Is Taiwan a particular target?
I would say yes, because ultimately the goal of cyber
espionage or even cyber attack is to advance the political
aim of the Communist Party.
And, as you know, a lot of your
audience must know, Taiwan has been the particular focus
for the Chinese Communist Party for the past 40, 50 years.
It's the entire reason for the existence of the People's Liberation Army.
Mm-hmm-so, what's being targeted?
I would say basically when you're looking at what the Chinese
actually are sort of targeting,
they are mostly government infrastructures and military think tanks,
or research institutes, huge companies.
Basically, everything you can think of anywhere from
the President's office down to the most basic registry,
like population registration, the DMV.
Everything.
Mm-hmm -but since Taiwan is a part of China,
how do you hack yourself?
Well, the thing is, you know,
as much as the CCP likes to claim they're part of,
we are part of China, we still have different jurisdiction.
We have our own army.
We have our own elected government.
We have popular legitimacy, and if you ask most people,
they are like, well you know, I don't think China's part of us.
You know?
I need passport to go there.
Good point.
So, I know in the U.S.,
I've heard there are only two types of companies.
Companies that have been hacked and companies that
don't know they've been hacked.
Is that the situation in Taiwan?
Oh, yeah, of course, definitely.
Up until a few years ago, if one of the white-hat hackers,
which means they're hackers and they turn to fight for side of good,
if they were to basically bring a vulnerability,
a leak of a company with proof of concept,
Instead of fixing their vulnerabilities,
basically what they would do is they would charge
the white-hat that bring them the problem.
So, it's just made the problem worse?
Yes.
Or at least didn't fix the problem.
It's getting better.
It's getting better in the past few years.
And-
What changed?
Basically, awareness, I would say.
And also several significant incidents in the past few years.
Not the least of which was the hack on the hack on the Far Eastern Bank
that resulted in a almost few million losses.
But, fortunately our law enforcement officials were able
to capture them before they succeeded.
I'm curious, the Chinese Communist Party has said
for decades that they are going to invade Taiwan by force, if necessary.
Why do people not realize cyber espionage from
the Communist Party is a threat?
Well, the thing is for most people
they just want to get on with their lives,
and the internet penetration rate in Taiwan is one of
the highest known around the world.
But, also, because it's invisible.
You don't feel the effects.
Even if they stole everything from you,
all your personal information,
the effect is not going to be immediate unless you've
got a credit card stolen.
I have one example that I would like to provide that to
illustrate this kind of situation.
The Research Institute was acting on the government contract.
They were researching on behalf of the government,
and we were called in to basically to conduct a review of their system.
And, we found out, basically,
a lot of their computers are completely unprotected, and basically-
Unprotected?
Unprotected and there's a lot of trojan in it, and you know,
including ones that could be traced back to China.
But, of course, their concern was less about the security,
but more about the fact that
they needed to turn in their report on time.
I would say awareness is the first step, and that gets the people
in charge to understand what kind of consequences they are facing.
What created that awareness?
Was it that big hack?
What took?
It's a gradual process, but I would say, we've talked about espionage.
There's also the other side of that.
Because, once you actually get into a computer system,
there's a lot you can do.
The Chinese Communist Party,
in terms of the organization of the armed forces,
they do not make distinct differentiation between say,
cyber espionage and other kind of warfare.
That's according to The Science of Military Strategy, basically.
That's what they're saying.
All of this integrating, including psychological warfare,
intelligence, electronic warfare and of course, cyber warfare.
So, really this is an aspect of war?
Yes, definitely.
They treat this as seriously as any warfare.
This is a prelude to warfare.
I would say that.
All this election-related, all this fake news,
disinformation that you saw, people are starting to catch up,
because you saw some unfamiliar use of phrases,
people started thinking wait,
how much of this is actually coming from China.
When you say fake news,
are you talking about what happened in the U.S. or here in Taiwan?
Here in Taiwan.
Really?
That was problem here, too?
Yeah.
And in fact, that's actually one of the most serious concerns
of our National Security Establishment these days.
So, the Chinese Communist Party's trying to
interfere with elections in Taiwan?
When we say election interference we gotta specify which part
we're actually talking about.
So, in terms of the actual voting process,
because Taiwan's voting process
is conducted by people, actual paper.
You have a paper ballot, and they put that in the ballot boxes.
And then when it's time to actually count the results-
The U.S. should try that.
Yes.
We result, we track all of that.
So, it's actually harder to hack that, so to speak.
But, during the campaign there were stories.
There will be polls, actually.
There will be all sorts of information that is open to
manipulation on the internet.
I hear what the Chinese Communist Party is doing
in terms of interfering with the election process
in Taiwan is sort of like a staging ground for tactics
they are going to use around the world.
Can you speak to any of that?
In terms of staging ground,
it's less of an election thing, influence operations.
It's more about cyber espionage.
So basically, that means the tools,
the malwares they would use in other countries.
And, a lot of the times,
this is actually according to American firms,
that they would test on Taiwan first.
They would use Taiwan as a testing ground to see
whether we're onto them or not.
How good our detection are.
How good our protections are,
our security operation centers are.
Whether we are onto them or not before actually moving on.
This is pretty common.
You want to use your best weapons on the hottest opponent.
So, you want to test on Taiwan first before say
going for more harder targets like America, for example.
Mm-hmm -so Taiwan is really on the front lines
of the cyber warfare with China?
Oh, without a doubt.
And how do you tell if it's a Chinese State actor,
or an individual actor within China?
That goes to how we actually hunt the cyber actors.
So, one of the first thing when we receive, for example,
an NSA report is that you know, most of the time,
you know what they're after, what they're targeting,
which institution, which companies they're targeting.
And, then you are able ascertain, at least,
some sort of motive.
Why do they want this?
For example, if the hack was against
a military research institution,
then there's very little doubt that government agencies,
or for example, mercenaries would be interested
in selling this information.
Then you trace back to see what kind of tools they're using,
what kind of procedures they're using.
Does this match any of the previous attacks that we're familiar with?
And then when you see a pattern,
you start comparing the tools to see how much this tool actually cost.
You can estimate how much this is going to cost,
how much the entire operation is going to cost,
and what kind of resources they have to devote to this.
State-backed actors obviously have access to more resources.
Yes.
Okay.
In terms of actual cyber attack you could effectively
they have unlimited resources because it's cheap.
Most of these attacks, unfortunately
Compared to like a tank?
Yes.
Okay.
I know the United States provides
a lot of military support to Taiwan.
Are they are also providing like cyber...
what's the term I'm looking for...
cyber equipment, cyber-
Cooperation
Super-human samurai.
Oh, yeah.
Cyber-squads.
Yeah.
Well, the thing is,
if we're talking about general cooperation,
because we have to clarify.
In terms of a cyber threat posed to people,
there are generally two kinds.
This is the most rough classification.
You have cyber espionage, and you have cyber crime.
Basically they're doing the same thing, but one is motivated
by financial gains.
The other is motivated by others.
State interest.
In terms of financial crime, cyber crime,
everybody's actually aware this is a huge problem, right now.
Hell, even China is part of the cooperation in this.
But, in terms of cyber crime cooperation, our law enforcement
and intelligence community is actually very active with our partners
in the States and as well as Europe.
And, they have regular conferences.
They have exchange of intelligence.
The case I just mentioned, the Far Eastern case,
they actually enlisted the help of Interpol as well.
But, in terms of the more serious State interest concerns,
cyber espionage and cyber welfare, the thing is,
even if there is cooperation that would stay behind doors
because of the sensitive nature.
Naturally.
And, what about the risk
from Chinese telecommunication company,
like Huawei or ZTE?
Is that something that Taiwan is on guard about?
Oh yeah, definitely.
I would like to take this opportunity
to point out, we were actually one of the first in the world
to point that out.
Back in 2013, we were the first ones to actually prevent
any Chinese company from participating in bids involving our core network,
you know, pay stations, servers within government agencies.
And...that's, for the establishment of the 4G network.
And now, when it comes to 5G, the NCC,
the National Communication Commission,
which is in charge of all the telecommunication equipment in Taiwan,
actually announced that the rules won't change for the 5G.
So, Huawei and ZTE, they're still out.
But, in terms of personal equipment, you know cell phones,
your internet card and everything.
Unfortunately, they're actually pretty prevalent in Taiwan these days.
Really?
What about Chinese apps, like WeChat?
WeChat and QQ, I'm sure a lot of people have heard they're dangerous,
you should not be using them.
But, people don't understand why they're dangerous.
Now, there are many, many, many reasons not to use them.
Just purely from whether the product is secure or not.
In terms, because this is a Chinese software,
so there's the added problem, issue,
of Chinese State censorship,
and also what they can do with these apps.
So, for example, there were reports during the Hong Kong protest
that the Chinese of Industry of State Security is actually
sending remote access trojans through WhatsApp in order to basically,
you know, sneak a peak at what's going on in your phone.
What these trojans allows a lot of times is a complete access
and administrator access off your entire phone.
So, it doesn't matter what kind of encryption you use
for your other messaging apps.
You could be using Signal, Telegram, whatever,
they will still have access to all of your personal information,
if they wish to.
So apps like WeChat are basically providing a backdoor
for the Chinese Communist Party to get into your phone?
If they so wish, yes.
what can an individual do?
Ultimately speaking,
I know this is going to sound really old fashioned,
but everybody's responsible for,
not only their own security,
but everybody around them.
Because, if you don't care about what kind of breach,
or what kind of access you're providing to potential hackers,
potential actors, then you are just,
you are just a jumping board for attackers to attack
everybody around you.
That means everybody around you have to defend against you.
So, update your password every three month or so.
Because even if you don't leak your password,
the people who has your password is going to leak them.
Yeah.
Use encryption and you know,
for every software you want to install,
I know there's End User Agreement,
and it's really exhausting to read through all of them,
but they will usually require access to some of your personal stuff.
Personal information.
So, read through them,
and if it's not absolutely necessary,
do not agree to share your information.
That's the best that you can do on a daily basis.
Of course, for Gmail, because almost everybody have Gmail,
activate your two-step verification.
Because, the goal of security is to make it harder,
collectively, for the bad guys to do things.
Mm-hmm (affirmative)-what about,
I'm curious about Chinese mobile phone games.
Is that something people want to watch out for?
Well, basically mobile games are just like any other software.
They're prone to all sorts of malware inserts.
Now, basically, mobile games,
I would say like the larger concern these days are data collection,
and also the censorship nature.
Because, there actually has been reports studying,
you know, kind of censorship going on in Chinese mobile games.
So, that's another aspect that's unrelated with this.
So, what is the Taiwanese Government doing about any of this?
Basically, the Taiwanese Government has been aware of this threat
for a long time and they've been gradually building of this capacity
on a government level to encounter the cyber threat posed by
all the threat actors.
But, specifically, China.
Now, in terms of securing our infrastructure,
what they do is much like what we have for dealing with any natural disaster.
We identify the critical infrastructure.
But, in this case, it's called the critical information infrastructure.
Basically, we have all these agencies reporting what kind of
vulnerabilities they would encounter.
Whether they would be able to continue operation if any one of them
was being paralyzed by any cyber attacks.
So, this kind of exercise has been going on on an annual basis.
And, also like in any government agencies and offices now,
we have security operation centers set up with people on-site
to monitor the entire cyber security situation of any given agency.
And, proper access rules, error gaps,
all three different firewalls...internal firewalls
that's all have been set up.
I would say, we have actually improved a lot.
Considering a disproportionate amount of threat Taiwan's under,
we are actually doing a pretty good job.
Great.
One final question.
The Chinese Communist Party,
if you had to pick,
would be what Star Trek villain?
Wow.
That would be really hard.
Oh, of course, it's easy.
It's the Borg.
Yep.
Correct.
You win the interview.
Congratulations.
Thank you.
Thanks for joining us, Kitsch.
It was wonderful to have you.
My pleasure.