Chinese luring former, active PH military worries gov’t
Several government and cybersecurity organizations said they are concerned about reports pointing to the alleged recruitment of former and active Filipino military personnel by suspected Chinese firms masquerading as American and European enterprises.
The groups include the Armed Forces of the Philippines (AFP), the Department of National Defense (DND), the Department of Information and Communications Technology (DICT), the Manila-based think-tank International Development and Security Cooperation (IDSC), California-based Palo Alto Networks (PAN), and the National Association of Data Protection Officers of the Philippines (NADPOP). A member of the Philippine Senate also expressed alarm over the issue last Sunday.
AFP Chief General Romeo Brawner Jr. told reporters that they are still in the process of validating the reports.
DND spokesperson Arsenio Andolong said he had ordered the Armed Forces to investigate the allegations.
“We did pick up the activity,” Andolong said. He also stressed that the group offered guidance to the AFP as this is a new issue, thus the need for interagency cooperation.
DICT Undersecretary for Cybersecurity and Upskilling Jeffrey Ian Dy revealed that these firms have been handing out part-time jobs as analysts online to target Filipino recruits.
“There is a facility on the internet called WHOIS that allows users to find out who registered the domain names or the name of the website. When you check through that, you will see that they are registered as Chinese companies,” Dy further explained. “Hundreds of dollars per hour are being offered for the jobs.”
The presence of suspicious Chinese nationals in strategically-located communities and key industries should also be a cause of concern in view of Manila’s deteriorating relationship with Beijing.
Expansionist ambitions of advanced nations are said to be predicated on the activities of agents out to target the nation’s industrial hubs, leaving the country prone to possible cyber-attacks.
Chester Cabalza, founding president of the Manila-based think-tank International Development and Security Cooperation (IDSC), told the Manila Standard that he is aware of intelligence reports revealing the presence of Chinese agents in strategic Philippine entities. These agents, working under legitimate business entities, allegedly conspire with foreign intelligence and data networks, he said.
Cabalza, who attended both the National Defense University in Beijing, and the University of Delaware under a State Department stewardship, said the boldness of China’s recent political and economic coercion shows a familiarity with the Philippines’ national security architecture.
Developments like the “the enrollment of numerous Chinese students in many colleges and universities in Cagayan province, the recruitment of Chinese nationals into the auxiliary service of the Philippine Coast Guard, and the presence of Chinese funded Philippine-based think-tanks, as well as (Filipino) politicians leaning towards (the) Chinese narrative in the West Philippine Sea” deserve a long, hard second look, he said.
Such moves by China’s cyberthreat actors have prompted the Department of Information and Communications Technology (DICT) and the local defense sector to craft cybersecurity measures to fortify the country’s firewall.
Other concerns have been raised. Sam Jacoba, founding president of the National Association of Data Protection Officers of the Philippines (NADPOP), said that related government agencies should seriously question the large presence of Chinese nationals currently residing in Multinational Village in Parañaque City. A thorough investigation should rule out the possibility that they are involved in more than just cross-border gambling operations.
He said that Chinese nationals employed in the Philippine Overseas Gaming Operations (POGOs) may have the skillset and equipment to conduct technologically-enabled data-gathering on Philippine defense officials, their activities, and even their families, especially in view of their relative proximity to key military facilities and the country’s premier airport.
“Anybody can be a hacker,” said Jacoba, who also sits as vice president of the Philippine Computer Emergency Response Team (PH-CERT). This, he added, could pose a real threat to the country’s national security in view of successful cyber-attacks recently perpetrated against the Department of Science and Technology (DOST) and the Philippine Coast Guard (PCG). The PCG came into the spotlight for allowing Chinese nationals into the auxiliary corps.
Russia’s cyber activities against Ukraine stands as a good example. “One lesson we can learn from the Russian invasion (of Ukraine) is that certain critical infrastructure will almost certainly be targeted. They include, the telecommunications ecosystem, energy facilities, water supply, and the finance sector,” the cybersecurity expert said.
Jacoba lauded President Bongbong Marcos’s signing of the National Cybersecurity Plan (NSCP) 2023-2028 on April 4. He said it is a significant step towards strengthening the Philippines’ capability to repel both financially-motivated and state-sponsored cyber-attacks.
The NCSP directs all government agencies to earmark 20 percent of its information and communications technology (ICT) budgets on cybersecurity goods and services.
NADPOP’s mission is to build, develop and manage a nationwide data privacy and protection ecosystem that will support Data Protection Professionals and their respective organizations to safeguard the personal information of their employees, customers, and families.
Meanwhile, Oscar Visaya, country manager of California-headquarters Palo Alto Networks (PAN), said the company’s “Unit 42” has released to the Manila Standard an executive summary that says “over the past 90 days, Unit 42 researchers have identified two Chinese advanced persistent threat (APT) groups conducting cyber-espionage activities against entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN).”
Unit 42 is a department that specializes in cyber “threat hunting.” The department traced most cyberattacks and malware as originating from China, North Korea or Russia.
“The first APT group, Stately Taurus, created two malware packages we believe targeted entities in Myanmar, the Philippines, Japan, and Singapore. The timing of these campaigns coincided with the ASEAN-Australia Special Summit, held March 4-6, 2024,” the report further stated.
“We assess this to be a Chinese APT group that routinely conducts cyber-espionage campaigns. This group has historically targeted government entities and nonprofits, as well as religious and other nongovernmental organizations across North America, Europe and Asia,” according to the same PAN report.
Visaya said that while no country is ever 100-percent ready for any cyber-attack, government agencies and private companies have to be “better prepared”.
PAN is an American multinational cybersecurity company whose core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security.
It can be recalled that Senator Nancy Binay questioned the Philippine Retirement Authority’s policy of issuing special resident retiree visas (SSRVs) to Chinese nationals of “soldier’s age” on Sunday. She expressed alarm over the lack of stricter vetting of the applications regardless of nationality.
The inquiry was prompted by the reported arrest of four Chinese nationals suspected of proliferating fraudulently-acquired government-issued IDs and documents together with genuine Philippine passports with dubious SRRVs.
Roughly 78,000 foreign retirees in the Philippines, and about 30,000 Chinese “retirees” have been allowed to reside permanently in the Philippines based on the records of the Philippine Retirement Authority (PRA).
According to Senator Binay, “Chinese syndicates have likely connived, maintained ties and established networks within the government bureaucracy.”