If you allow another country to gain access to really critical data about your society, over time that will erode your sovereignty, you no longer have control over that data.MI6 chief Richard Moore to BBC News (30 November 2021).
Data. The United Nations (UN) has always gathered data and published it. But since the advent of the digital revolution, data collection has taken on new forms. It is now gathered 24/7 and sits in databases – or on somebody’s smartphone. It flows in, and flows out. Some call it a ‘data deluge’. Since 2000, despite various initiatives (irritating ‘cookies’ warnings before you can interact with a web page, or the more legalistic General Data Protection Regulation (GDPR) – a regulation in EU law on data protection and privacy in the European Union and the European Economic Area) data has become incontinent: it leaks out everywhere.
An orgy of cross-border data collection and harvesting has only increased in its intensity in the past 20 years. And the UN and other international organisations have played their part.
But what most of us do not want to think about is this: that data is power and when it is parsed and sifted by algorithms and AI (artificial intelligence), it allows the entity doing this to engage in event-shaping. How much of our lives is being shaped by digital ‘voodoo dolls’ in a cyber centre somewhere?
And, as the head of the UK’s MI6 intelligence service says, “over time that will erode your sovereignty, you no longer have control over that data.” In short, you’ve been hacked.
France24: UN among victims of massive cyber-spying campaign
“Cyber-security experts have unveiled one of the biggest computer hacking campaigns to date, releasing a list of 72 organisations whose networks were attacked over a five-year period. Victims include the UN and several governments.
REUTERS – Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world. …
In the case of the United Nations, the hackers broke into the computer system of its secretariat in Geneva in 2008, hid there for nearly two years, and quietly combed through reams of secret data, according to McAfee.”
BBC: Accenture and Microsoft plan digital IDs for millions of refugees
Guardian: Secret aid worker: we don’t take data protection of vulnerable people seriously
“Personal information leaked in sensitive contexts can spark violence, discrimination, exclusionary policies. Yet my NGO shares confidential data freely.”
UNHCR: ID2020 and UNHCR Host Joint Workshop on Digital Identity
Xinhua: China, UN to build big data research institute in Hangzhou
The New Humanitarian: EXCLUSIVE: The cyber attack the UN tried to keep under wraps
“If there are no consequences for the [UN] agencies for failures like these … there will be more breaches.”
“About this investigation:
While researching cybersecurity last November, we came across a confidential report about the UN. Networks and databases had been severely compromised – and almost no one we spoke to had heard about it. This article about that attack adds to The New Humanitarian’s previous coverage on humanitarian data. We look at how the UN got hacked and how it handled this breach, raising questions about the UN’s responsibilities in data protection and its diplomatic privileges.“
UN confirms it suffered a ‘serious’ hack, but didn’t inform employees
Approximately 4,000 employees may have had their data compromised.
XDR Report: UN hacked: Attackers got in via SharePoint vulnerability
“In summer 2019, hackers broke into over 40 (and possibly more) UN servers in offices in Geneva and Vienna and downloaded “sensitive data that could have far-reaching repercussions for staff, individuals, and organizations communicating with and doing business with the UN,” The New Humanitarian reported on Wednesday.”
“Oz Alashe, CEO of CybSafe, says that the unintentional disclosure of this cyber attack on such an important institution last year is concerning.
“This delay, and the fact that the UN did not report this attack to any governing authority – or even their own staff – may have put victims at unnecessary risk. Not only were staff passwords stolen, system controls and security firewalls were compromised too which could have led to the critical confidential reports falling into criminal hands,” he pointed out.
This attack could end up undermining trust in the UN – trust that they are able to keep sensitive information safe and trust that they will notify affected individuals when they fail.”
Quartz: The UN is partnering with China’s biggest surveillance software company
Foreign Policy: EXCLUSIVE U.N.: Backs Down on Partnership With Chinese Firm for 75th Anniversary: The decision comes after U.S. officials and human rights advocates complained that Tencent aids Beijing in surveillance.
WSJ Opinion: China Uses the U.N. to Expand Its Surveillance Reach | In the name of ‘sustainable development,’ Beijing takes the lead in data collection efforts.
United Nations: Inauguration Ceremony Regional Hub for Big Data in China in support of the United Nations Global Platform
“I am very honoured to join you today in this inauguration ceremony of the Regional Hub for Big Data in China, in support of the United Nations Global Platform. The inauguration of this Regional Hub is most important, and timely.
The demand for data, especially during the COVID-19 pandemic, is greater than ever. Governments are in need of detailed data on the spread of the virus and its impacts on society. Under these challenging circumstances, statistical institutes have had to respond urgently to the demand for data, and to present innovative solutions. Consequently, in these times of need, the statistical community is now able to effectively use Big Data and advanced technologies.
For example, census data – together with detailed geospatial information – can help identify the most vulnerable populations during the pandemic. And, real-time data on the position and movement of ships, for example, can estimate the volume of cargo being transported, and thus help produce estimates on the state of the economy. These real-time shipping data are available as a global data set on the United Nations Global Platform, and can be accessed by the whole statistical community.”
Foreign Policy: CHINA USED STOLEN DATA TO EXPOSE CIA OPERATIVES IN AFRICA AND EUROPE: The discovery of U.S. spy networks in China fueled a decadelong global war over data between Beijing and Washington.
“Around 2013, U.S. intelligence began noticing an alarming pattern: Undercover CIA personnel, flying into countries in Africa and Europe for sensitive work, were being rapidly and successfully identified by Chinese intelligence, according to three former U.S. officials. The surveillance by Chinese operatives began in some cases as soon as the CIA officers had cleared passport control. Sometimes, the surveillance was so overt that U.S. intelligence officials speculated that the Chinese wanted the U.S. side to know they had identified the CIA operatives, disrupting their missions; other times, however, it was much more subtle and only detected through U.S. spy agencies’ own sophisticated technical countersurveillance capabilities.”
ITPro: United Nations suffers potential data breach: Hackers could have breached the database long before the UN applied a patch
Japan Forward: China Strengthens Influence on the U.N. Through Big Data Collection
A United Nations research institute is being set up in China that will amass and analyze huge amounts of data from around the world on sustainable development goals. Chinese researchers are expressing the need for data in order to analyze human behavior.
“China’s influence is undoubtedly growing in the United Nations, with four of the 15 specialized agencies of the intergovernmental organization being led by Chinese nationals. Beijing seized the “absence” of the United States, accelerated by the Trump administration’s disdain for the U.N., to extend its tentacles to unexpected places.
A plan to set up the first U.N. big data research institute is underway in Hangzhou, Zhejiang Province, China. Officially, it would facilitate U.N. operations by amassing and analyzing huge amounts of data from around the world on sustainable development goals (SDGs) to tackle global issues such as starvation and climate change.
One cause for concern is that Chinese researchers are expressing the need for data in order to analyze human behavior. The United States, which is wary of any data leaks to China, is raising alarms against the plan. In an October 7, 2020, article in The Wall Street Journal,Hudson Institute fellow Claudia Rosett warned that the plan would enable China to collect data from U.N. member states and set the standards for data collection.”
Financial Times: Opinion Technology sector: As digital trade grows, so does western distrust of Beijing: China is moving to the forefront of global innovation but governments fear privacy breaches
Nikkei Asia: Comment: Data suspicions threaten to tear China and west apart: Applications by Chinese companies see 200-fold increase since 1999
UNHCR: Government of Pakistan delivers first new biometric identity smartcards to Afghan refugees
ODI: Although shocking, the Rohingya biometrics scandal is not surprising and could have been prevented
“The data privacy and security of Rohingya refugees in Bangladesh has reportedly been jeopardised by the UN Refugee Agency. In an exposé published on 15 June by Human Rights Watch (HRW), UNHCR stands accused of improperly collecting the Rohingya’s biometric information and later sharing it with the Myanmar government without the Rohingya’s consent. Refugees said they had been told to register to receive aid, but the risks of sharing their biometrics had not been discussed, and the possibility this information would be shared with Myanmar was not mentioned.
The potential harm of sharing information with a regime that has a long history of manipulating registration systems to exclude and marginalise Rohingya populations is obvious. That biometrics are involved makes it worse. Unlike names or other personal information, biometrics are sticky – it’s not something you can change or escape.”
Reuters: ANALYSIS-Afghan panic over digital footprints spurs call for data collection rethink
Biometric Update: Concerns over Taliban accessing aid agency biometric data
“People in Afghanistan are fearful of the Taliban accessing personal information captured and stored by aid agencies including biometric data which could be used to identify individuals. Experts have raised concern that approaches used by security firms and United Nations development agencies could prove problematic for refugees and vulnerable groups, reports the Thomson Reuters Foundation, the charitable trust of Thomson Reuters.
The Intercept reported that equipment used by the U.S. army for biometric collection has already been seized by the Taliban. Biometric data on Afghans who assisted the U.S. were widely collected, making anybody identified vulnerable to persecution from the Taliban.
Sources told the Intercept that there was little planning for such an event, while the U.S. Army plans to continue to spend another $11 million on biometrics capture equipment including 95 more devices.
The UNHCR has been using biometrics in the region since 2002 when it tested iris recognition technology on Afghan refugees in the Pakistani city of Peshawar. Aid agencies praise biometric technology’s anti fraud and contactless capabilities.”
UN Computer Networks Breached by Hackers Earlier This Year
“Hackers breached the United Nations’ computer networks earlier this year and made off with a trove of data that could be used to target agencies within the intergovernmental organization.
The hackers’ method for gaining access to the UN network appears to be unsophisticated: They likely got in using the stolen username and password of a UN employee purchased off the dark web.”
“Organizations like the UN are a high-value target for cyber-espionage activity,” Resecurity Chief Executive Officer Gene Yoo said. “The actor conducted the intrusion with the goal of compromising large numbers of users within the UN network for further long-term intelligence gathering.”
CPO Magazine: United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies
“A spokesperson for the United Nations has confirmed that the organization was breached by hackers in early 2021, and that attacks tied to that breach on various branches of the UN are ongoing. The data breach appears to stem from an employee login that was sold on the dark web. The attackers used this entry point to move farther into the UN’s networks and conducted reconnaissance between April and August. Information gleaned from this activity appears to have been put to use in further attacks, with attempts made on at least 53 accounts.”
UN data breach creates long-term havoc for organization
“The UN has a unique need for cutting-edge cybersecurity given that it is one of the world’s prime targets for hackers, and that it fields regular attacks from advanced operators. Many of these go unrecorded, but the organization has weathered some high-profile attacks in recent years.”
The Hub: China’s influence at the UN is growing—how, why, and what it means with Rosemary Foot
ABC News: Security scanners across Europe tied to China govt, military
At some of the world’s most sensitive spots, authorities have installed security screening devices made by a single Chinese company with deep ties to China’s military and the highest levels of the ruling Communist Party
China’s Espionage Plans for the 2022 Winter Olympics: What Athletes Should Expect
Yes, China is going to spy on the Olympic athletes. Its mandatory app is just the tip of the iceberg.
Why the US Must Take China’s Disinformation Operations Seriously
China has barely scratched the surface of its potential to carry out a “people’s war” on global public opinion.
“China’s propaganda machine also has over 1 million journalists and reporters tasked with the mission to “tell China’s story well.” Armed with AI and bots, China’s huge internet army could hobble global social media platforms with a large-scale flooding attack to win the CCP’s public opinion war.”
FBI Director Wray says scale of Chinese spying in the U.S. ‘blew me away’
The FBI opens a new China-related counterintelligence investigation every 12 hours on average, and it now has over 2,000 such cases.
Data integrity and cross-border data sharing have been concerns for a very long time. False Data Makes Border Screening Corruptible
There’s a War Going On But No One Can See It by Huib Modderkolk, Bloomsbury, 02 Sept. 2021
“Based on the cases he investigated over a period of six years, award-winning Dutch journalist Huib Modderkolk takes the reader on a tour of the corridors and back doors of the globalised digital world. He reconstructs British-American espionage operations and reveals how the power relationships between countries enable intelligence services to share and withhold data from each other.”
The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power by Shoshana Zuboff, Profile Books, 2019
“Surveillance Capitalism: A new phase in economic history in which private companies and governments track your every move with the goal of predicting and controlling your behaviour. Under surveillance capitalism you are not the customer or even the product: you are the raw material.”
BBC News: MI6 boss warns of China ‘debt traps and data traps’
“In a wide-ranging interview ahead of his first major public speech since taking on the role as head of MI6, Mr Moore:
- warned China has the capability to “harvest data from around the world” and uses money to “get people on the hook” …
“Speaking about the threat posed by China, Mr Moore described its use of “debt traps and data traps”.
He said Beijing is “trying to use influence through its economic policies to try and sometimes, I think, get people on the hook”.
Explaining the “data trap”, he said: “If you allow another country to gain access to really critical data about your society, over time that will erode your sovereignty, you no longer have control over that data.
“That’s something which, I think, in the UK we are very alive to and we’ve taken measures to defend against.”
This work is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.
ORCID iD: https://orcid.org/0000-0001-5311-1052.
© David South Consulting 2021