African Union HQ Building Bugged

Uploaded on 2018-03-22 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

A number of African leaders have turned to Chinese investment as a viable alternative to Western development aid. The recent allegations of Chinese cyber-espionage of the African Union’s headquarters might prompt them to reconsider.

Earlier this year, Le Monde reported that confidential data on the IT network of the Chinese-built African Union headquarters in Ethiopia was being siphoned off to Shanghai every night between 2012 and 2017.

Despite denials from China and the African Union, the alleged espionage is worth analysing as it highlights Africa’s geopolitical importance to China and endangers Beijing’s preferred narrative of benevolent relations with African states. Moving forward, African leaders will face a more complex calculus when approaching the West and China with respect to tech issues.

Although this sort of Spycraft is fairly routine, it signals Africa’s growing strategic importance to China. In a world of finite resources, states spy on states that matter to them. China seems to have calculated that the hard power benefits of accessing internal AU data to gain the upper hand in negotiations with African leaders outweighed the soft power benefits that came with building them a headquarters.

For their part, a number of African leaders have turned to Chinese investment as a viable alternative to Western development aid. Beijing has invested millions of dollars in infrastructure across the continent, trades heavily with the continent, and opened its first overseas military base in Djibouti.

African leaders, including Uganda’s Yoweri Museveni, have decried Western actors as “conceited, full of themselves, ignorant of our conditions, and they make other people’s business their business, while the Chinese just deal with you as one who represents your country.”

China’s alleged espionage takes it from benevolent business partner to potential political meddler, adding a dimension of realpolitik to the relationship.

What Can African States Do?

According to Le Monde, the African Union kept the Chinese surveillance secret for a year after discovering it, suggesting that African leaders believed such information, if public, could have explosive consequences for their relationship with China. Africa’s hesitation to disclose this incursion demonstrates just how much influence Chinese strategic ambitions have over choices African actors make.

What can AU members do? African states have historically found ways to push back against powerful outside influences, despite continued power imbalances. Cold War geopolitics allowed African states play Soviet and Western interests off of each other, giving them more “space” to operate.

For instances, they used aid and trade deals from one region to negotiate better deals with another. They also strategically granted military privileges to one side or the other as a negotiating tactic.

The African strategic toolkit shifted with the post-Cold War ascendancy of the West. African states began to use rules, a central element of Western global politics, as a mode of resistance.

All but three African members of the International Telecommunication Union that attended an important 2012 conference endorsed changes to a telecom treaty known as the International Telecommunications Regulations.

China also endorsed these changes, while the United States did not.

African states have also been reticent to accede to the Council of Europe’s Convention on Cybercrime, largely on the grounds that they had no role in drafting it.

Instead, African states developed their own rival set of rules in the African Union Convention on Cybersecurity and Personal Data Protection, underscoring their resistance.

Resistance through rules probably will not help African states deter Chinese cyber espionage. International law is generally silent on espionage, so playing one set of rules off of another would do little to deter it. Instead, African states could return to playing one region’s interests off of another to gain strategic space to maneuver. African states will not be able to stop Chinese espionage.

But, African states could respond to this allegation of Chinese espionage by, for example, indicating greater openness to Western partners. This incident also opens possibilities for the West to re-engage with African countries and offer itself as a more appealing partner to African states to balance China’s influence.

So far, however, African states have failed to deal with China in response to the bugging in a manner that bolsters their autonomy. Eight days after news of the Chinese espionage broke, the African Union joined Chinese denials. The AU chairman appeared in Beijing with the Chinese foreign minister calling the allegations “all lies” while the Chinese foreign minister added that the allegation was a Western attempt to divide China and Africa.

The African Union’s failure to address China’s behavior demonstrates just how dramatically China’s influence has narrowed African strategic choices. African states have failed to counterbalance China’s interests by buying the party line.

If this behavior continues, African autonomy will take a real hit. The original Le Monde report quotes AU officials rationalising the Chinese behavior, ‘at least they never colonised us.’

This may be true, but China does not have to colonise Africa to affect its destiny on Chinese rather than African terms.

DefenseOne

You Might Also Read: 

Chinese Hacker Groups Shift Focus To India:

In S.Africa The Cybersecurity Skills Gap Is A Chasm:

 
« Cybersecurity At Sea
Cybercrime Costs Londoners £26m Every Month »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

Sasa Software

Sasa Software

Sasa Software is a cybersecurity software developer specializing in the prevention of file-based network attacks.

The Security Awareness Company (SAC)

The Security Awareness Company (SAC)

The Security Awareness Company provides cyber security awareness training programs for companies of all sizes.

Hacker House

Hacker House

Hacker House teaches you what hackers can learn about your business and systems so that preventative solutions to protect your assets can be applied through active measures.

Southwest Research Institute (SwRI)

Southwest Research Institute (SwRI)

Southwest Research Institute SwRI are R&D problem solvers providing independent services to government and industry clients. Areas of expertise include Cybersecurity, Intelligent Networks and IoT.

ArmorText

ArmorText

ArmorText offers a seamless channel for communication and collaboration for organizations concerned with keeping communication data private and secure.

Portshift

Portshift

Portshift leverages the power of Kubernetes and Service-Mesh to deliver a single source of truth for containers and cloud-native applications security.

Secure Ideas

Secure Ideas

Secure Ideas is focused on penetration testing and application security including web applications, web services and mobile applications.

Cyber Dacians

Cyber Dacians

Cyber Dacians offers Information and Cyber Security Consulting Services. We help you to test the effectiveness of your security defenses and build a secure infrastructure.

Pratum

Pratum

Pratum is an information security services firm that helps clients solve challenges based on risk, not fear.

Senteon

Senteon

Senteon is a turnkey cybersecurity platform designed to make securing confidential data affordable, understandable, and streamlined for small-to-mid sized businesses and MSPs.

Pathway Communications

Pathway Communications

Established in 1995, Pathway Communications – is part of the Pathway Group of Companies, a Canadian IT Managed Services organization.

Iris Powered by Generali

Iris Powered by Generali

Iris Powered by Generali is an identity theft resolution provider. Our offering combines expert assistance and support with user-friendly identity protection technology.

ATSG

ATSG

ATSG is a global leader in transformational technology solutions for today’s digital enterprise. Cybersecurity ranging from Advisory & Assessment to Fully Managed Detection and Response Services.

Soteria LLC

Soteria LLC

Soteria LLC are a client-focused organization providing expert advisory, consulting services, and tailored solutions to prevent, detect, and respond to cybersecurity incidents.