Chinese influencing operations are on the rise, according to new report

The new report — Gaming public opinion: The CCP’s increasingly sophisticated cyber-enabled influence operations, from the Australian Strategic Policy Institute (ASPI) — has revealed the extent of the pro-China Spamouflage network’s covert influencing operations on a range of platforms.

And that’s just a part of a far larger, more worrying picture. The CCP is also using more overt and open propaganda to “tell China’s story well” via expanded media outlets and online influencers.

The Spamouflage network has been operating since at least 2017. The name is based on the activity the group focuses on — namely, posting what is effectively government-mandated spam while obfuscating its source — and was coined by social media analytics firm Graphika, though it is also known as Dragonbridge by researchers at Mandiant.

The network’s operations were first disclosed by Twitter and Facebook owner Meta, after they discovered “reliable evidence to support that [these campaigns were] a coordinated state-backed operation”, in Twitter’s words. Spamouflage’s initial efforts were aimed at influencing reactions to protests in Hong Kong and supporting the police in cracking down on them.

But since then, the network has grown in both sophistication and reach. Where once it was a very internal network of fake accounts supporting each other, more subtle fake accounts are now reaching wider audiences by stoking local concerns — but always in favour of what the CCP sees as a favourable outcome for China.

By way of example, ASPI details a campaign aimed at interfering in Australian politics. The network promoted the views of fringe and alternative parties as well as commentators, particularly conspiracy theorists.

The aim was to “sow distrust in the government”.

Another campaign was aimed at protestors in the lead-up to the 6 January riots in Washington, while yet another sought to intimidate people reporting on China. Most recently, Spamouflage was apparently involved in a campaign called Operation Honey Badger by the CCP, which is still ongoing.

VIEW ALL

The campaign shared a narrative that the Central Intelligence Agency (CIA) and the National Security Agency (NSA) were taking part in cyber espionage against “China and other countries”, possibly with the aim of expanding China’s own cyber security services via the Belt and Road Initiative and into south-east Asia. The campaign was formed around announcements from real officials and state media, but amplified by a host of fake accounts across Reddit, Twitter, and Facebook.

How Spamouflage works

ASPI believes that the Spamouflage network — and others like it — operate on a low budget and that much of the work is outsourced to third parties. This is based on the lax operational security shown by many accounts. On the other hand, the RAND Corporation believes that the network is run by the CCP propaganda department or the United Front Work Department. Both may even be involved.

Regardless of who is running the network, Spamouflage is highly reactive. It has started to take advantage of VPNs to mask its locations in China and is also actively taking advantage of hacked accounts of actual social media accounts.

“The scale of the necessary digital infrastructure to sustain these networks requires a sophisticated, technical team that has approval from the Chinese government to circumvent the Great Firewall,” ASPI believed.

Other observers have also linked Chinese tech companies to the network. Meta banned a raft of accounts linked to a fake biologist whose posts aimed to interfere with a World Health Organisation’s investigations into the origins of COVID-19. Many of the accounts were linked to a Chinese IT security firm, Sichuan Silence Information Technology.

The policy response

ASPI believes that the challenges of CCP influencing operations can be met by seven policy recommendations:

1. Social media outlets need to take advantage of the control they have over their infrastructure to deter influencing operations.
2. Those same companies should look for better ways to share information on such operations.
3. Social media needs to be treated as critical infrastructure, given its importance in shaping public discourse.
4. Governments need to review legislation regarding foreign interference and, at the same time, mandate that social media companies need to share any information regarding influencing operations. Boosting the public’s threat awareness is key.
5. Public diplomacy needs to be at the heart of any government response — naming and shaming matters.
6. Allies need to share their experiences, information, and learning on the matter and work together to combat it.
7. More research on cyber influence and other forms of hybrid warfare is needed.

To that end, ASPI believes that a “hybrid threat centre”, based on the model of Finland’s NATO–EU Hybrid Centre of Excellence and focused on the Indo-Pacific region, is needed.

“The centre would build confidence through measures supporting research and analysis, greater regional engagement, information sharing and capacity building,” ASPI said.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.