Close

China Russia Latin America

Are China and Russia on the Cyber Offensive in Latin America and the Caribbean?

Table of Contents

Chinese and Russian Use of Cyber Capabilities in Latin America and the Caribbean

The Russian Federation and the People’s Republic of China operate in cyberspace in pursuit of diplomatic, informational, military, and economic (DIME) interests around the globe. Although many in Latin America and Caribbean view cyber competition as an issue for Russia, China, the European Union, and the United States, they are discovering that, to paraphrase Leon Trotsky, “You may not be interested in cyber, but cyber is interested in you.”

Based on U.S. performance in conflicts since 1990, Russia and China have both determined that armed conflict with the United States is a bad idea. Based on that same analysis, however, both have discovered that the way to confront the United States is through asymmetric means below the threshold of “armed attack” or “use of force” as mentioned in the Charter of the United Nations. Crossing that threshold allows the aggrieved state to use all means necessary to defend themselves (as with 9/11) or allows the United Nations to call for armed action under Chapter VII (as with Desert Storm). As such, both China and Russia have developed methods of operating in the “grey zone,” or below the threshold that triggers a military response.

Russia and China have discovered the utility of these grey zone operations and pursue them globally. The techniques that were developed to confront the United States are now being deployed elsewhere, such as Taiwan and Ukraine. These techniques are demonstrated across the four elements of national power: diplomacy, information, military, and economy.

China seeks to play the long game and ensure that its interests are secured, including the Belt & Road Initiative (BRI) as well as access to natural resources and commodities. It seeks to improve its global perceptions and influence on issues like the South China Sea and Taiwan. Although Beijing does not seek military supremacy, it does want to bolster its military capabilities. Its economic interests, however, are its priority; increasing economic status will ensure a quiescent Chinese population and enable the other instruments of national power, like diplomacy, information, and military power.

Since the Moscow Security Conference in 2007, Russia has sought to contest the current global system that it believes is designed to give the advantage to the United States and partners to Russia’s detriment. Moscow’s strategic goal is regime survival and the morphing of the current system to a multipolar global system, but it will not challenge the system overtly, instead seeking opportunities to destabilize it. The intent is to fracture intergovernmental organizations, like NATO and the European Union, while undermining international institutions, like humanitarian law and norms. Through political warfare, they hope to contest Western democracies, diminishing their power while bolstering Russian power, and regain a buffer zone in Eastern Europe. Although Latin America and the Caribbean are not strategic priorities for Russia, they will challenge the United States in its near abroad to reduce U.S. influence in the region.

Russian and Chinese options for leveraging cyber capabilities in Latin America and the Caribbean may be examined through the lens of the instruments of national power. As an example, the Chinese use diplomacy along with information and intelligence operations in support of its economic goals. These elements are interrelated and all are performed simultaneously in support of strategic goals. Figure 6 provides an overview of our DIME Framework as well as some examples of Chinese and Russian objectives falling under each category.

Figure 6: The DIME Framework and Cyber Operations

Instrument Description Examples of Chinese Objectives Examples of Russian Objectives Operative Question
Diplomatic Efforts by a state to influence the policy or action of another state through negotiation. - Grow global support for its territorial claims in the South China Sea.

- Decrease the number of states that recognize the legitimacy of the Republic of China (Taiwan).		 - Diminish international opposition to Russian military actions in Ukraine and Syria

- Cast doubt on the legitimacy and primacy of multilateral forums

- Cultivate partners in the region to enhance support for its legal and normative initiatives to bolster state sovereignty and provide international top-cover for authoritarianism.		 What cyber and information operations could Russia or China conduct in the region support of regional or global diplomatic objectives?
Information Efforts by a state to influence the policy or action of another state or population by controlling or spreading information, targeted at the local population. - Increase positive sentiment towards China in the region, likely in support of economic and market-share goals - Sow discord and undermine democratic processes through misinformation

- Enable populist politicians, which tend towards more favorable views of Russia.		 What cyber and information operations could Russia or China conduct in the region in support of information objectives?
Military Efforts by a state to influence the policy or action of another state or group via the use of military power. - Build military to military partnerships

- Collect military intelligence		 -Support friendly militaries

- Develop and maintain access to critical and critical information infrastructure.		 What cyber and information operations could Russia or China conduct in the region in support of military objectives?
Economic Efforts by a state to utilize economic power to influence another state or group, and to bolster its own economic strength and reach. - Guarantee access to key resources

- Bolster the local market for Chinese high-tech, telecommunications, and arms exports.		 - Bolster the local market for Russian arms and energy exports

- Maintain access to local black and criminal markets for Russian actors.		 What cyber and information operations could Russia or China conduct in the region in support in support of economic objectives?

Here, we examine how China and Russia may use cyber and information operations in support of objectives in each of these areas.

China in Latin America and the Caribbean

In this section, we explore how China could use cyber and information operations in Latin America and the Caribbean in support of diplomatic, information, military, and economic objectives. The DIME objectives described herein are grounded in doctrine and analysis of the geopolitical goals of China. However, due to limited open-source material, the analysis of how China might apply cyber and information capabilities in the region to support these goals is largely based on extrapolation based on Chinese activity elsewhere and Latin American and Caribbean vulnerabilities.

Diplomatic Objectives

China performs cyber and information operations in order to build support from decision-makers and the general population for Chinese diplomatic priorities in much of the world. Current Chinese diplomatic priorities include building support for its initiatives as part of the One-China policy against the recognition of the government of the Republic of China (Taiwan), its territorial claims in the South China Sea, and its approach to multilateral forums like the UN. In addition, China increasingly provides support to those who oppose U.S. interests, where they do not align with Chinese interests, in an effort to frustrate the United States politically.1

The Taiwan issue is of potentially heightened importance in Latin America and the Caribbean, as nine of the 11 states that recognize Taiwan are located in the hemisphere: Belize, Guatemala, Haiti, Honduras, Nicaragua, Paraguay, Saint Kitts and Nevis, Saint Lucia, and Saint Vincent and the Grenadines.2 Primary drivers of these states’ loyalty to Taiwan are financial gifts and investments from Taiwanese companies.3 Nonetheless, this support is challengeable, as shown by Panama switching sides in June 2017,4 the Dominican Republic changing allegiances in April 2018,5 and El Salvador recognizing the PRC in August of 2018.6 Reporting suggests that China will likely accelerate its efforts to continue diplomatically to isolate Taiwan.7 This push involves seizing control of online narratives regarding Taiwan’s independence.8 It could also include conducting cyber operations to determine the stance of key decision-makers vis-à-vis Beijing’s interests as well as reach people either who sympathize with them or who are vulnerable to its influence and can be subordinated to their goals.

More generally, China will continue its somewhat unique approach to multilateralism, which is characterized by increasing engagement in existing multilateral forums, pushing hard on issues it deems in its interest and blocking those that are not, avoiding responsibility for particularly burdensome initiatives, and generally refraining from making grand proposals at multilateral forums.9 Relevant to cyber and information operations, China has been a proponent of cybersecurity conventions that would transfer greater responsibility over the internet to the hands of sovereign states and enabling greater state control of content and information online, as signaled by their repeated sponsorship of a letter to the UN General Assembly proposing discussions on the topic and co-signing a recent proposed resolution.10 China may covertly engage in cyber and information activity that undermines existing international norms for the dual purpose of achieving other objectives and bolstering the case for new conventions.

Information Objectives

The Chinese government engages in public messaging campaigns in support of economic and political objectives. For example, in key markets, consumers campaigns to encourage consumers to buy Chinese products (advertising) or build popular support for Chinese diplomatic objectives (propaganda). Some of these campaigns are transparent, others less so.

Military Objectives

China actively works to build military-to-military partnerships with several militaries in the region. As part of this effort, China has, for example, built schools for military training professional military education in China similar to the Western Hemisphere Institute for Security Cooperation in the United States.11 They invite participants from a variety of countries in the hemisphere to attend those schools. Militaries sending troops to train in these facilities should be cautious about bringing electronics and other communications systems with them, which may be vulnerable to exploitation during such visits providing novel collection platforms.

In addition, China provides low-tech supplies such as boots and uniforms to regional militaries through state and quasi-state enterprises. These activities are all part of a long-term Chinese strategy to become the partner of choice of militaries in the region, though it is unclear how, apart from traditional advertising and propaganda, cyber and information operations would be used in support of these objectives.

However, it is reasonable to expect that the Chinese military services currently and will continue to use cyber means to conduct intelligence operations against influential regional military powers, like Brazil, Chile, Argentina, and Mexico.

Furthermore, like most tier-1 cyber powers, Chinese military entities are likely to conduct cyber operations to generate access to key communications systems, though no evidence of such activities exist in open source material. Likely targets for such access operations include command and control (C2) infrastructure of potential military adversaries and government communication systems. These operations may come in the form of traditional computer network operations, but may also take the shape of strategic supply chain compromises on high tech and telecommunications exports.

Economic Objectives

Economic goals are likely to continue to be a top priority for China in the Western Hemisphere and much of their cyber and information activity will be designed to pursue these interests. To that end, China seeks to guarantee access to resources and to open up new markets, while diminishing the economic might of competitors. Some commentators suggest the goal of this activity is to become the world’s predominant economic hegemon. Specifically, Chinese companies, often with governmental assistance, continue to work open new markets to Chinese high tech, telecommunications, and arms exports.12 In addition, China seeks to retain access to critical resources such as Venezuelan oil and a Chinese-dominated Nicaraguan canal.

Companies typically attempt to obtain favorable contracts and take-overs of local companies to guarantee resources and achieve monopolies in states to ensure not only access to resources, but to coerce the target state if necessary. In the past, Chinese government entities have been accused of conducting cyber operations in support of those goals, namely though intelligence operations to determine opportunities; influence operations to decrease local resistance to Chinese economic interests; and intellectual property theft to help Chinese firms emulate locally successful products and services.13

In spite of bilateral agreements with the likes of Australia, Germany, and the United States, aimed at blunting Chinese cyber industrial espionage, evidence from each country suggests that Chinese firms and state organizations have continued this activity.14 It is highly likely that Chinese entities will engage in similar activity in markets of interest.

Although the theft of intellectual property is the most often cited form of Chinese industrial espionage, the Chinese also undertake intelligence operations to obtain local market advantages. For example, a common Chinese tactic for bolstering economic reach involves the acquisition of local companies in foreign markets. In the past, Chinese state security services have assisted corporate takeovers by providing intelligence on the internal deliberations and potential vulnerabilities of local companies targeted for mergers or acquisitions.15 Some of this intelligence is gathered through open-source and human collection methods; some intelligence is collected via illicit breaches of company and government computer systems. As China becomes more interested and assertive in Latin American and Caribbean markets, they can be expected to replicate many of the cyber and information operations and tactics they have employed elsewhere.

Russia in Latin America and the Caribbean

In this section, we explore how Russia could use cyber and information operations in Latin America and the Caribbean in support of diplomatic, information, military, and economic objectives. As with our China in Latin America and the Caribbean section, the DIME objectives described herein are grounded in doctrine and analysis of the geopolitical goals of Russia. However, as with China, due to limited open-source material the analysis of how Russia might apply cyber and information capabilities in the region to support these goals is largely based on extrapolation based on Russian activity elsewhere and Latin American and Caribbean vulnerabilities.

Media in the region have been quick to point to Russian meddling in elections in Latin America and the Caribbean.16 In open source material, there exists limited evidence of past or ongoing cyber-enabled influence operations in the region akin to those around the 2016 presidential election in the United States. Where social media bots and fake accounts have spread political messaging around key elections and votes in the region, this activity had largely been attributed to domestic actors deploying similar tactics to those used by Russian intelligence services in the lead up to the U.S. election.17 However, recent events in Venezuela point to increased Russian activity.18

Notably, however, major media platforms—RT and Sputnik—have developed a stronger presence in Latin America and the Caribbean in recent years and have increased their Spanish and Portuguese language coverage.19 In addition, while Russia has a history of using cyber and information capabilities in the event of hot conflicts, there is no public evidence of Russian actors penetrating civil communication systems or critical infrastructure for exploitation in the region. Nonetheless, in October 2018, Symantec reported that GRU operators targeted a government in Latin America. No more information was provided, including which government and the type of system targeted. However, this is the first open-source claim that Russia is targeting Latin American or Caribbean assets.20

Diplomatic Objectives

Russia’s global diplomatic priorities include diminishing international opposition to Russian military actions in Ukraine and Syria, casting doubt on the legitimacy and primacy of multilateral forums that have been dominated by the United States and Europe and traditionally underpinned liberal democratic order, and spreading support for its legal and normative initiatives to bolster state sovereignty and provide international top-cover for authoritarianism domestically. Russia’s regional diplomatic priorities are to bolster partnerships in the region and weaken U.S. influence, while possibly cultivating support for initiatives and proposals at multilateral forums like the UN General Assembly. In addition, no Latin American or Caribbean countries have joined the U.S.-led sanctions on Russian individuals. The Kremlin would most likely prefer to keep it that way.

Much of Latin America and the Caribbean are part of the Cold War-era Non-Aligned Movement. Today, this means that they are potentially swing states on international policy issues. In recent years, Russia has made a concerted push at the United Nations in favor of an international convention on information security. While seemingly innocuous on the surface, the proposal represents an attempt to diplomatically legitimize authoritarian approaches to controlling information and the internet. As New America has noted, Latin American and Caribbean countries are likely to be crucial “digital deciders” in that particular diplomatic debate.21

Russia, like any well-resourced country, assists their diplomatic efforts with intelligence, and increasingly cyber-enabled intelligence. It is reasonable, therefore, to expect decision makers in countries deemed of diplomatic interest to be under surveillance. In addition, Russia may continue to conduct cyber operations that undermine international law in an effort to create more urgency and purchase for a binding international agreement.22

Information Objectives

Outside of its near abroad, the Russian government has shown a proclivity towards leveraging information to exert influence and sow discord over other instruments of national power like diplomacy, the military, and trade or investment. As we note above, the Russian government views information campaigns as a relatively cheap and scalable means to attain its national goals. Russia’s information objectives globally include undermining democratic processes, in part to seek greater legitimacy for its own authoritarian approach to governing, and enabling populist politicians in democratic parts of the world, many of whom have exhibited more favorable views of Russia in recent years.

Russia is likely to operate in the information environment throughout the hemisphere as part of its strategy to provide low-cost irritation to the United States. They are and will continue to conduct white23 and grey24 propaganda through their traditional media outlets such as Actualidad RT or RT (the former Russia Today) in Spanish. This propaganda will support Moscow’s global interests such as gathering support for Russian activities in Ukraine and Syria and diminish international support for U.S. interests. Although it is not clear from open-source information whether Russian actors have engaged in more covert information operations in the region, the cost of doing so in the region would be low. They could, therefore, periodically participate in black propaganda25 operations such as the campaign in Central America to persuade the population that Americans were adopting children to take them back to the United States to be used for body parts.26

Military Objectives

Russia has two priorities for military activities in the Western Hemisphere. The first is to support friendly regimes. The second is to develop and maintain access to critical military and infrastructure systems in order to exploit them in the event of hot conflict. Here we unpack those objectives in greater detail and explore how cyber and information operations might be used to support them in the region.

In order to support friendly regimes, the Russians could penetrate the networks of two groups of states: the friendly states and those states who might endanger them. They would monitor networks in friendly states to ensure that they maintain situational awareness of the military situation and to identify potential military problems (i.e. coup plans) within friendly countries, particularly Venezuela and to a lesser extent Cuba.

The potential adversaries to friends in the region really only include the Colombians and the United States. In particular, the Russian armed forces are most likely seek to enter Colombian and U.S. intelligence and command and control (C2) networks to both build better awareness of military plans and to conduct operational preparation of the environment so that they could slow down or take out C2 networks in case of conflict. In addition, the Russians have perhaps the most advanced capability in the world to disrupt delivery of critical infrastructure services, like power delivery. In order to conduct such operations, they work to create and maintain access to critical infrastructure systems in adversarial or potentially adversarial countries. They already engage in similar activities in the United States and may do the same in other adversarial countries in the Americas.

Economic Objectives

Identifying Russia’s economic objectives can be difficult. Its legitimate trade with Latin America and the Caribbean is miniscule in comparison to both China and the United States. In addition, Russian exports to Latin America and the Caribbean make up a small fraction of their total export. Globally, Russia’s exports are primarily in the arms, energy, and metals sectors. However, 39 percent of Russia’s domestic economy is underground—in the so-called shadow economy.27 Here we will unpack Russian objectives in the arms, energy and raw materials, and underground markets and then explore how cyber or information operations might be used to support those objectives in Latin America and the Caribbean.

Annual Russian arms sales to Latin America and the Caribbean make up a relatively small percentage of their overall arms sales, with the LAC market hovering between 0 and 15 percent of annual arms exports. Nicaragua, Mexico, Venezuela, and Cuba are the primary arms customers in the region. Between 1992 and 2017, Venezuela accounted for 73 percent of the local market for arms.28 Apart from arms, the brunt of the Russian economy lies in raw materials in the form of crude and refined oil, as well as heavy metals, and the extraction and treatment of these materials. Russia has already made deals with the likes of Venezuela, Cuba, Bolivia, Mexico, and Argentina to provide or support energy production and could work to expand this effort.29

In addition to these legitimate economic activities, one estimate posits that 39 percent of Russia’s domestic economy exists separately and underground.30 Russian criminal activity is transnational, and some participants in Russian criminal activity are closely involved with decision-makers in the Kremlin.31 Russian actors will continue to seek access to black markets around the world online and offline. Russians are crucial, for example, in the emerging underground economy for offensive cyber capability.32 Russian business and criminal groups will also likely continue to use bank accounts in Latin America and the Caribbean to launder money in an effort to hide illicit activity.

In support of these economic interests, Russia could engage in a broad spectrum of cyber and information activity. On the far end of the spectrum, Russia could sabotage existing energy delivery systems via relatively cheap cyber means, opening up new markets to Russian energy procurement and delivery support and expertise. In addition, in order to create offensive cyber capability, developers need to discover vulnerabilities in software and hardware and—depending on the nature of the capability—develop working understanding of how the specific targeted system works. While this lends to the difficulty in scaling the sale of robust, targeted cyber capability, it means that, in order to continue to operate in this market, Russian actors will necessarily need to probe potential target systems. Cyber activities—likely by state and non-state actors—will likely continue to complement the development of offensive cyber capability for sale in black markets.

Citations
  1. "China's Influence & American Interests: Promoting Constructive Vigilance," Hoover Institution, November 29, 2018, source.
  2. Carin Zissis, “Central America Caught in China-Taiwan Diplomatic Tussle, Americas Society Council of the Americas,” September 11, 2018, source
  3. Prasad, Binay, "A Latin American Battle: China vs. Taiwan," The Diplomat, August 19, 2017, source.
  4. “Panama cuts ties with Taiwan in favor of China,” British Broadcasting Corporation, June 13, 2017
  5. Josh Horwitz,“Taiwan now had diplomatic relations with fewer than 20 countries,” Quartz, May 1, 2018
  6. Chris Horton, “El Salvador Recognizes China in Blow to Taiwan,” New York Times, August 21, 2018
  7. Steven Lee Myers and Chris Horton, “China tries to erase Taiwan One Ally (and Website) at a Time,” New York Time, May 25, 2018
  8. ibid
  9. Mingjiang Li, "Rising from Within: China's Search for a Multilateral World and Its Implications for Sino-US Relations," Global Governance 17, no. 3 (2011): 331-51. source.
  10. “An Updated Draft of the Code of Conduct Distributed in the United Nations- What’s New,” The NATO Cooperative Cyber Defense Centre of Excellence;“Unpacking The Competing Russian and U.S. Cyberspace Resolutions at the United Nations,” Council on Foreign Relations, October 29, 2018 United Nations, United Nations General Assembly, 73th session, 1st committee, October 22, 2018
  11. The State Council, The People’s Republic of China, “China’s Policy Paper on Latin America and the Caribbean,” November 2008, source.
  12. Capt. George Gurrola, “China-Latin America Arms Sales Antagonizing the United States in the Western Hemisphere,” Military Review, July – August 2018
  13. See, for example: “Indictment of PLA Officers,” Council on Foreign Affairs, May 2014
  14. Adam Segal, Samantha Hoffman, Fergus Hanson and Tom Uren, “Hacking for Cash,” Australian Strategic Policy Institute, September 25, 2018.
  15. David E Sanger and Katie Benner,“U.S. Accuses Chinese Nationals of Infiltrating Corporate and Government Technology,” New York Times, December 20, 2018, source
  16. "Will the Russians Meddle in Latin American Elections?,”Center for Strategic and International Studies, March 26, 2018, source
  17. See, for example: source and source
  18. See, for example: source
  19. Julia Gurganus,"Russia: Playing a Geopolitical Game in Latin America," Carnegie Endowment for International Peace, source.
  20. “APT28: New Espionage Operations Target Military and Government Organizations,” Symantec Corporation, October 4, 2018,source
  21. Robert Morgus, Jocelyn Woolbright, and Justin Sherman, “The Digital Deciders” New America, October 23, 2018, source
  22. Robert Morgus, “Russia Gains and Upper Hands in the Cyber Norms Debate,” Council on Foreign Relations, December 5, 2016, source
  23. White propaganda refers to propaganda where the artist of the propaganda is not hidden.
  24. Grey propaganda refers to propaganda where the artist of the propaganda is intentionally and meticulously obfuscated so that the origin of the information is difficult to decipher.
  25. Black propaganda refers to propaganda where the artist of the propaganda presents false or misleading information and purports to be on one side of the conflict, but is actually from the opposite side.
  26. William Booth, “Witch Hunt,” Washington Post, May 17, 1994, source
  27. Boon Yew Ng, “Emerging from the Shadows,” June 2017, source
  28. Julia Gurganus,“Russia; Playing a Geopolitical Game in Latin America” Carnegie Endowment for International Peace, May 3, 2018, source
  29. ibid
  30. Boon Yew Ng, “Emerging from the Shadows,” June 2017, source
  31. Mark Galeotti,“Transitional Aspects of Russian Organized Crime,” Chatham House, July 17, 2012
  32. Blank, Stephen, “Cyber War and Information War á la Russe,” Carnegie Endowment for International Peace, October 16, 2017, source

Close

Chinese and Russian Use of Cyber Capabilities in Latin America and the Caribbean

View as PDF

Table of Contents

Close

Are China and Russia on the Cyber Offensive in Latin America and the Caribbean?