Facebook internal documents reveal Chinese hackers attacking Cambodian opposition party

10 June 2022

“A set of … actors logged onto several Cambodian government IP addresses … which lends a possible hypothesis that they may have compromised the Cambodian Ministry of Posts and Telecommunications.” These sentences form part of an internal investigation by a Facebook employee into a hacking attack against the Cambodian government—the document states that the hacks were likely by Chinese hackers, using Facebook’s Messenger and Pages as a platform. The researcher found that the hackers used several “unique titles such as chief, section chief, military, military chief staff officer,” which indicates an intelligence organisation’s structure, likely of Chinese origin. The researcher also concluded that the Chinese hackers were likely working in partnership with the Chinese Ministry of Public Security and the China-ASEAN Technology Transfer Centre—part of a Chinese government programme to share technology with South East Asian nations.

The investigation is part of a large tranche of documents, among the disclosures made to the United States Securities and Exchange Commission, and were provided to Congress in redacted form by the legal counsel of Frances Haugen—a former product manager with Facebook’s civic integrity team, who became a whistle-blower. The investigation links the hacks to a Chinese group called Speeding Wall, about whom not much else is known. Speeding Wall likely targeted Cambodia once previously, in 2017.

The investigation clearly states two possible conclusions. Firstly, the Cambodian government could have used the hacks alongside Chinese help to target the Cambodia National Rescue Party—the primary opposition party in the country—as well as dissenting citizens. Since coming to power in 1979, Cambodia’s ruling Cambodian People’s Party, or CPP, pursued a brutal crackdown on the opposition, particularly using social media. The second possibility, the researcher argues is that the hackers, working at at least some level of coordination with the Chinese government, hacked the Cambodian government in relation to China’s expanding Belt and Road Initiative. The BRI is the Chinese president Xi Jinping’s ambitious geopolitical project, which aims to construct trade routes between China and over seventy countries. The researcher however cautions that the second possibility is less likely. It is currently unclear what action Facebook took against the hackers or if such vulnerabilities on its platform, that allow for international espionage, have been fixed.

Ahan Penkar is a fact-checking fellow at The Caravan.

Keywords: Facebook Files Facebook china Cambodia Belt and Road Initiative