Weak banks are China’s next target in their war for data hegemony
We need to take a hard look at the institutions on which we all rely. We need to make sure they are acting to protect their customers' confidential information and their employees from China, argues Damien Phillips
As the government looks set to row back from its initial enthusiasm for TikTok's plans to locate its headquarters in London, amid reports that Downing Street is conducting an informal review of TikTok's entire operations in the UK, increasing hawkishness towards China has become a common theme across the Five Eyes alliance. The UK, the US, and the West are being forced to grapple with the national security and privacy threats posed by the Chinese Communist Party (CCP) and its data-grabbing commercial tentacles. But China's information gathering goes far beyond its state-backed enterprises and we need to be alive to how major businesses, like HSBC and ANZ Bank, that we once thought of as our allies, may be handing over our most private details to the totalitarian state.
Only five years ago, President Obama was telling the United Nations that "technology [and] social media" would topple dictatorships. Today, China is using such tools to conduct a global data mining exercise that – according to a leading Australian think tank – seeks to "shape international discourse, promote its social credit system and support China's military intelligence". Only last year, the Australian Strategic Policy Institute (ASPI) was warning that China had established a "massive and global data collection ecosystem" which could be used to reshape global governance.
But China also effectively combines mass data collection with more traditional, targeted tradecraft by its intelligence officers to facilitate their efforts, and customer data is a valuable objective for seizure. In January 2020, Chinese hackers accessed email and travel details for nine million easyJet customers, which can be used to track the movement of specific individuals. As Saher Naumaan, a threat intelligence analyst at BAE Systems, points out, information on "who is travelling on which routes can be valuable for counter-intelligence or other tracking of persons of interest."
Banking details are potentially even more significant. Chinese intelligence officers can cross-reference bank accounts with high value intelligence targets in the UK or amongst our Western allies, looking for points of weakness. Those in debt, or with potentially embarrassing or compromising payments, may be vulnerable to bribery or blackmail in exchange for valuable information, technology, or influence. Cyber experts believe China may be building a database of such vulnerable people, combining information from different hacks of Western companies that have secured the personal details of millions around the world. With data from multiple sources, they can create a comprehensive picture of their targets and they will know which buttons to push with them to secure their cooperation.
Which makes it very alarming that as China moves to tighten its grip on Hong Kong, HSBC's massive data centre there – the largest in Asia – is under serious threat. HSBC has over 40 million customers worldwide, with their data held in a "global data centre network". The Hong Kong data centre is one of the network's mission-critical facilities. As Hong Kong rapidly loses its autonomy and HSBC moves to show fealty to its new CCP overlords by backing their draconian security laws, it will be much easier for Chinese intelligence officers to recruit and run agents within the centre to access confidential information or to facilitate hacking operations to steal the banking details of any HSBC customer they wish.
Australia and New Zealand Bank (ANZ) is one of the top 50 banks in the world and headquartered in Melbourne, Australia – one of our staunchest allies in the new Cold War with China. In a move which looks extraordinarily naïve in today's political climate, it established a key data centre in mainland China in Chengdu in 2011. Shockingly, despite the extent of China's malign activities against the West becoming more apparent every year since, ANZ has made no effort to relocate its Chengdu "hub" to protect its customers.
On the contrary, it has expanded its service centre there. "ANZ Technology Chengdu" now employs 800 people, including data analysts who "source, ingest, consume and analyse data across the enterprise", gleaned from ANZ's 9 million global customers. The company is seeking to build a vast "data lake" and in March 2019 it was proclaiming that it needed people on the ground in Chengdu to "define and drive the architecture of [the] big data ecosystem". Given the ease of running agents on the mainland, it seems highly likely that Chinese intelligence will not have passed up such a golden opportunity to try to steal any technology or systems analysis developed at the hub which the Chinese state doesn't already have, and it would be foolish to assume that they they're not already making a concerted effort to attempt to access potentially millions of ANZ customer files for use in espionage operations against the West. That the bank has had years to smell the coffee on China and pull the plug on such a risky project, but instead has deepened its exposure, is a damning indictment of ANZ's senior leadership.
Ironically, for a glimpse into the future of what China's mass data gathering exercises may mean for ordinary people, you have only to look at what happened to ANZ's own top trader. Bogac Ozdemir, a US citizen, was formerly Global Head of Credit at ANZ in their Singapore office. In March 2020, he posted criticisms on LinkedIn of the Chinese government's handling of the Coronavirus crisis in which he questioned the Chinese state's integrity and how much we could trust their statements. In the space of six weeks, the CCP learnt of the post, directed its paid army of social media activists to rain hell on Mr Ozdemir, ordered the Chinese financial regulator and several of ANZ's Chinese clients to pressure the bank to fire him, and eventually secured not only his sacking but a grovelling statement from the bank denouncing their own employee.
The speed of the response and taking the scalp of someone so important within the bank (Mr Ozdemir had generated tens of millions of dollars in profits for ANZ, something the Chinese intelligence services were no doubt aware of given the constant flow of company data into Chengdu) is testament to the extent of China's harvesting of global information and its access to insider knowledge. The CCP silenced a dissenting voice, sent a message to anyone else in the West thinking of opposing them, made a display of their power over ANZ, and weakened a bank that is crucial to the fortunes of an important Western ally, all in one go.
We need to take a hard look at the businesses, the banks, and the institutions, on which we all rely. We need to make sure they are acting to protect their customers' confidential information and their employees from a totalitarian state which shares none of our values. The leaders of banks like HSBC and ANZ may have already given in, but it's never too late for the rest of us to take a stand.
