Podcast Summary: Risky Bulletin – "Srsly Risky Biz: China's MSS Gets Personal"

Release Date: March 20, 2025

Hosts:

• Patrick Gray – Host, Risky Biz
• Tom Uren – Policy and Intelligence Editor, Risky Biz

Introduction

In this episode of Risky Bulletin, Patrick Gray and Tom Uren delve into two pressing cybersecurity concerns: the Chinese Ministry of State Security's (MSS) aggressive tactics against alleged Taiwanese cyber operatives and Russia's ongoing sabotage campaigns targeting Western Europe. The discussion provides insightful analysis into these geopolitical cyber threats and explores potential Western responses.

1. China's Ministry of State Security (MSS) Doxxing of Taiwanese Cyber Operators

a. Escalation of Doxxing Activities

Patrick initiates the conversation by highlighting a recent alarming trend: the Chinese MSS has intensified its efforts to expose individuals it accuses of being Taiwanese military hackers targeting China.

Patrick Gray [00:54]: "The Chinese Ministry of State Security has doxxed a bunch of people it alleges are, you know, essentially Taiwanese military hackers who've been hitting targets in China."

b. Comparison with U.S. NSA Practices

Tom contrasts China's approach with that of the U.S. National Security Agency (NSA), noting that while both agencies identify foreign operatives, China's methods carry a more threatening undertone.

Tom Uren [01:45]: "When the US indicts someone in China, they'll name names... but China's a big country, there's lots of places you can go on holiday you don't have to go to."

c. Implications for Targeted Individuals

The doxxing by MSS includes personal details such as ID numbers, birth dates, and job titles, coupled with direct threats of lifelong prosecution. This approach differs significantly from the U.S., adding a layer of personal risk for the individuals involved.

Tom Uren [01:45]: "...they're trying to get very personal about, we know who you are and we're going to hold you accountable."

d. Broader Security Concerns

Patrick underscores the immediate risks for those with ties to mainland China, referencing the extradition of Uyghurs from Thailand as a precedent.

Patrick Gray [03:38]: "I remember when that happened... extraditing 40 Uyghurs to China."

e. Language and Rhetoric Used by MSS

The use of forceful and threatening language by MSS is reminiscent of authoritarian communications, which serves to intimidate and deter potential cyber operatives.

Tom Uren [06:47]: "...reunite Taiwan with the mainland... a cyber force aimed at attacking and infiltrating the mainland."

f. Call for Enhanced Operational Security (OpSec)

Concluding their discussion on MSS activities, Patrick emphasizes the necessity for Taiwanese cyber operatives to bolster their operational security to mitigate such threats.

Patrick Gray [08:52]: "...the Taiwanese need to get real about opsec."

2. Russia's Sabotage Campaigns Against Western Europe

a. Overview of Russian Aggression

The conversation shifts to Russia's multifaceted sabotage efforts in Western Europe, which include physical attacks on infrastructure and minor cyber operations.

Patrick Gray [09:28]: "Russia has been waging a sabotage campaign targeting Western European countries... assassinations and whatnot."

b. Analysis of Cyber Operations

Tom references a Center for Strategic and International Studies (CSIS) report, noting that while Russia conducts cyber attacks, they comprise less than 15% of their total sabotage activities.

Tom Uren [11:39]: "Cyber activities... make up a small minority of what's happening... less than 15%."

c. Western Response: Cyber Retaliation

There's a debate on whether Western nations should escalate their responses to Russian sabotage by adopting more aggressive cyber tactics. While physical sabotage is overt, cyber operations offer a deniable form of retaliation.

Tom Uren [15:01]: "Cyber is actually like a pretty good tool. It's more expensive, takes longer, it's harder, but it's also harder for people to pin it directly to you if you do your job right."

d. Ethical and Proportionality Concerns

Patrick raises concerns about the proportionality of cyber responses compared to Russia's physical sabotage, questioning the effectiveness and ethical implications.

Patrick Gray [17:07]: "It's not a proportionate response... throwing a few packets back is not proportionate."

e. Future Trajectory of Cyber Warfare

Tom outlines a potential escalation path where Western nations may increasingly rely on cyber operations as a primary means of retaliation, given their deniability and strategic advantages.

Tom Uren [18:02]: "...offensive cyber stuff, and we'll try it until we get sick of it..."

f. Conclusion on Deterrence

The discussion concludes with thoughts on deterrence, suggesting that real deterrence might require more tangible defensive measures rather than solely cyber retaliation.

Tom Uren [18:08]: "If you want real deterrence, you play it out on the battlefield..."

Final Thoughts

Patrick and Tom provide a compelling analysis of the evolving landscape of cyber threats emanating from major geopolitical players like China and Russia. The episode underscores the critical need for enhanced security measures, strategic responses, and a reevaluation of traditional deterrence mechanisms in the face of sophisticated cyber and physical sabotage tactics.

Notable Quotes:

• Tom Uren [06:47]: "Under the guise of developing asymmetric warfare capabilities, the Taiwan's ruling party has recklessly spent taxpayer money to build a cyber force aimed at attacking and infiltrating the mainland. However, this effort is futile, akin to an ant trying to shake a tree."

• Patrick Gray [15:57]: "You don't want to get your hands dirty, I think is the... you're trying to go for there, Tom."

• Tom Uren [16:49]: "...destructive cyber packet throwing."

For more insights and detailed analyses, subscribe to Tom Uren's weekly newsletter, Seriously Risky Business, available at Risky Biz.