China Mounts Narrative Counterattack After Kenya Hacking Report

This week, a set of reports emerged alleging that Chinese state-backed actors perpetrated cyberattacks against foreign governments. In response, Chinese state media sprang into action by relaying official denials of responsibility, diverting attention to Western misconduct, and praising the benefits of China’s relationship with the host country. A short analysis of local media coverage of the events highlights the traction of Chinese state-media narratives.

On Wednesday, Reuters released an investigation concluding that Chinese actors hacked into several ministries and institutions of the Kenyan government, including its presidential office and National Intelligence Service (NIS). Aaron Ross, James Pearson, and Christopher Bing reported on the potential motivations and source of the hack:

Reuters could not determine what information was taken during the hacks or conclusively establish the motive for the attacks. But the defence contractor’s report said the NIS breach was possibly aimed at gleaning information on how Kenya planned to manage its debt payments.

[…] The defence contractor, pointing to identical tools and techniques used in other hacking campaigns, identified a Chinese state-linked hacking team as having carried out the attack on Kenya’s intelligence agency.

The group is known as “BackdoorDiplomacy” in the cybersecurity research community, because of its record of trying to further the objectives of Chinese diplomatic strategy. [Source]

Chinese officials forcefully denied the allegations. Within hours, the Chinese embassy in Kenya published a press release on its website calling the Reuters report “groundless, far-fetched and sheer nonsense.”

Describing the hacking reports as a “collective disinformation campaign,” Chinese foreign ministry spokesperson Mao Ning retorted: “The U.S. is the empire of hacking.” CGTN, Xinhua, and Global Times all ran articles on her remarks, which were amplified via their Twitter accounts, with official Chinese accounts joining in. China Daily followed with its own article criticizing the U.S. On Twitter, Hu Xijin mocked the report, and the Chinese embassy in Kenya shared a video of a Kenyan economist criticizing the “power hegemony” of the U.S.

In addition to denying the hacking allegations and accusing the U.S. of misconduct, China also sought to bolster its image among the Kenyan public. After the Reuters report emerged, Chinese state media published numerous articles emphasizing China’s strong ties to Kenya. On Wednesday, China Daily published a video feature “exploring the deep roots of China and Kenya’s relationship,” which was shared on Twitter and republished on the website of the Forum on China-Africa Cooperation (FOCAC). On Friday, China Daily published a long article titled “Kenya reaps real BRI dividends,” later shared to Twitter via multiple tweets. Xinhua published an article that day, titled “Kenya marks Africa Day amid growing Sino-African ties,” that was also shared on the FOCAC website

Local Kenyan media coverage of the issue showed the ease with which Chinese state narratives gained traction during a potential public-relations crisis for China. At Capital News, the first article on the issue, under an anonymous byline, uncritically relayed the embassy’s criticism of the report with heavy use of quotes and paraphrasing. Among the only other two articles it ran, one under an anonymous byline uncritically relayed the Kenyan government’s dismissal of the report, and the other was an op-ed with blistering criticism of the Reuters “disinformation attempts.”

At the state-run Kenya Broadcasting Company (KBC), only two articles touched on the issue, and neither had a byline. The first was composed entirely of quotes and paraphrases of the Chinese embassy statement, and the second uncritically relayed the Kenyan government’s description of the report as “sponsored propaganda.” At The Star, while several articles were published on the subject, one of the earlier ones was composed entirely of quotes and paraphrasing of the Chinese government’s statement, and included the same image as the banner of the embassy’s Twitter profile

At the Nation, three articles were published on the subject. The first and third had bylines and described the Reuters report and the Kenyan government’s dismissal, respectively. The second had no byline and was composed entirely of quotes and paraphrases from the Chinese embassy statement. At the same time, the outlet’s homepage showcased a sponsored article by Xinhua extolling Xi Jinping’s “wisdom” in fostering a China-Central Asian community. In March, on the other hand, the newspaper’s Elvis Ondieki reported critically on Chinese and Russian Twitter broadsides against the West from their embassies in Nairobi:

“China never engages in slaughter, predation or racial genocide of its ethnic minorities and never allows ‘I can’t breathe’ to happen,” one message says, obviously referring to the killing of George Floyd – a Black man – by White police officers in the US.

[…] The two powers have also been using their embassies in other African countries to attack the West. However, handles of the embassies in Kenya appear to be the most active and preferred. On February 18, the Chinese embassy in Nigeria tweeted a scathing post on Washington.

“Living up to the epithet of ‘surveillance empire’, the US has, for decades, conducted indiscriminate mass surveillance of foreign governments, companies and individuals as well as its citizens,” it posted through its handle @china_emb_ng.

[…] Some Kenyans are already demanding to know why this country is being pulled into the rivalry.

[…] A Kenyan called Kazuri saw humour in China’s attack on the US in late February: “I suggest a boxing match between the Chinese ambassador and the American ambassador at the KICC to decide this matter.” [Source]

Kenya’s relations with China have become strained in recent years as Nairobi grapples with a debt crisis. China provided loans worth billions of dollars to Kenya to fund major infrastructure projects, some of which are producing more debt, dysfunction, and criminal inquiries than government revenue. The current trajectory risks forcing the country into defaulting on its debt. Since the election of President William Ruto last year, the Kenyan government has tried to take a tougher stance towards China and pivot towards the West, but Ruto has struggled to deliver on his campaign promises.

In 2018, the African Union accused China of hacking into its headquarters’ computer system every night for five years and transferring confidential files. The building, located in Ethiopia, was built by a Chinese state-owned company and funded by Beijing. In Kenya, Huawei has helped build the country’s telecommunications systems and has recently signed deals to expand its coverage.

Meanwhile, another report of potential Chinese hacking surfaced on Wednesday. As David Sanger described in The New York Times, a mysterious computer code linked to Chinese actors appeared in telecommunications systems in Guam and elsewhere in the U.S.:

The code, which Microsoft said was installed by a Chinese government hacking group, raised alarms because Guam, with its Pacific ports and vast American air base, would be a centerpiece of any American military response to an invasion or blockade of Taiwan. The operation was conducted with great stealth, sometimes flowing through home routers and other common internet-connected consumer devices, to make the intrusion harder to track.

The code is called a “web shell,” in this case a malicious script that enables remote access to a server. Home routers are particularly vulnerable, especially older models that have not had updated software and protections.

Unlike the balloon that fascinated Americans as it performed pirouettes over sensitive nuclear sites, the computer code could not be shot down on live television. So instead, Microsoft on Wednesday published details of the code that would make it possible for corporate users, manufacturers and others to detect and remove it. In a coordinated release, the National Security Agency — along with other domestic agencies and counterparts in Australia, Britain, New Zealand and Canada — published a 24-page advisory that referred to Microsoft’s finding and offered broader warnings about a “recently discovered cluster of activity” from China. [Source]


Subscribe to CDT


Browsers Unbounded by Lantern

Now, you can combat internet censorship in a new way: by toggling the switch below while browsing China Digital Times, you can provide a secure "bridge" for people who want to freely access information. This open-source project is powered by Lantern, know more about this project.

Google Ads 1

Giving Assistant

Google Ads 2

Anti-censorship Tools

Life Without Walls

Click on the image to download Firefly for circumvention

Open popup

Welcome back!

CDT is a non-profit media site, and we need your support. Your contribution will help us provide more translations, breaking news, and other content you love.