On October 14, the United Nations Human Rights Council confirmed China's membership, albeit with fewer votes than when it was last elected to the council in 2016. Beijing has served on the council for 12 of the past 14 years, despite appalling records of human rights violations. The new three-year term means she can continue to influence the surveillance of human rights abuses around the world, including arbitrary detentions.
In the past two years, Chinese authorities have arrested more than 1 million people in around 400 detention centers in the Xinjiang area. Most of the prisoners are Muslim, mainly Uyghurs and Kazakhs. But in the camps, they are forced to give up their religion, champion the Chinese Communist Party's (CCP) ideology, and learn Mandarin. China initially denied the existence of the camps, but now recognizes them as "re-education camps" designed to fight terrorism. Despite the government whitewashing, it is clear to the outside world that the camps in Xinjiang are modern concentration camps – sites of cultural genocide.
Western democracies, including the United States, the United Kingdom and France, have increased pressure on China to stop human rights abuses in Xinjiang, but economic sanctions and public criticism have so far had no effect. China is too big, too powerful and too independent to be held back by other nations individually. It is time for democracies to adopt a strategy that has immediate effects: covert cyberattacks to gather reliable intelligence and disrupt the CCP's control over the camps.
High-tech mass surveillance has turned Xinjiang into a virtual cage where authorities can use technology to see, collect, and analyze personal data to determine who is deemed harmful to the state. The establishment of a so-called smart region, tightly controlled by technology, makes government tracking more effective, but it also exposes systems to cyberattacks and allows countries with advanced offensive capabilities to disrupt the operation of the camps.
Countries that are able to do so already frequently use offensive cyber attacks. The United States has launched cyberattacks against Iranian and Russian targets, including missile systems, nuclear power plants, and intelligence agencies. Israel has targeted Iranian nuclear facilities, and Iran has tried to penetrate the critical infrastructure of the US and Israel. Russia is a well-known perpetrator of cyber attacks, including the one against the Pentagon in 2008, which prompted the United States to establish the US Cyber Command – one of the most advanced cyberspace operations units in the world.
Cyberwarfare principles could be applied to targets used to commit crimes against humanity in Xinjiang. Covert and targeted cyber attacks against technology in the internment camps would have numerous advantages. Given the secret nature of the camps, access to cameras and data could provide reliable information about human rights violations. Such evidence could be used against CCP officials, including by bringing a case to the International Court of Justice.
Covert gathering of information would also reveal information about the camp's vulnerabilities and shape future cyberattacks for maximum disruption. Successful hacks could disable anything in the technology controlled warehouses. Disabling cameras used to spy on prisoners would significantly reduce efficiency in the camps. It would also reduce the psychological pressure on prisoners, even temporarily, to be constantly monitored.
Disabling communication devices used by workers inside the camps as well as between workers and authorities outside the camps can affect operations by disrupting the flow of information and instructions and affecting the guards' ability to prevent prisoners from escaping. Hacking also makes it possible to encrypt or delete data without being able to restore it, especially if the backup system is deactivated in advance without the knowledge of the authorities. Given the volume of data in the warehouses, it is unlikely that information will be stored in print.
Coordinated cyberattacks would send a clear message to China that the international community does not accept ethnic cleansing in Xinjiang or other regions such as Tibet. This could also deter CCP officials from other violations of international law and make it clear that the West will resort to cyberwar if other measures fail. If cyberattacks prove to be an effective strategy, they could be escalated: targeting technology outside of Xinjiang's camps for tracking and imprisonment.
However, hacking into China's systems in Xinjiang will not be easy. The Chinese authorities have already put in place advanced cybersecurity measures and highly skilled personnel to guard the networks, although these measures have their own weaknesses.
One such measure is microsegmentation, which alerts operators to unauthorized activities and blocks them. It works with a zero trust model that divides data into safe zones in order to secure them individually so that violations can be detected and contained more quickly. Microsegmentation slows the attack by limiting the hacker to the specific host or segment he is attacking – but it is expensive and not scalable. Microsegmentation is also prone to human error, making it prone to infiltration. With the right resources, it can be compromised remotely by installing threats via vulnerable services or malicious software updates.
China's "Great Firewall" is based on Deep Packet Inspection (DPI), which blocks intrusion by analyzing the data transmitted through an inspection point, stopping viruses, non-compliance logs and other potential threats. System policies require constant updates, without which the network is vulnerable to hacking. The DPI system has difficulty reading and blocking the encrypted packets that allow hackers to gain access to the system. Like microsegmentation, DPI can be hacked remotely. Other cybersecurity measures – such as air gaps that isolate computers from networks – would require the use of an employee to gain physical access, either through recruitment or accidental exploitation.
The United States has some of the most advanced cyber offensive forces in the world and the resources to expand and improve them. It should lead an international effort along with other western cyber agencies in countries like the UK, France and possibly Germany, Canada and Australia. Pooling resources and experience would be a huge advantage over China's resources and manpower, potentially making China better prepared for cyber war than the US at the moment.
Beijing recognizes cyberspace as an important national security domain and is investing considerable resources in building its capabilities. And the suppression of the Chinese government in Xinjiang is promoting more than the culture and identity of the Han Chinese: the region is crucial to the government's ambitious Belt and Road initiative. It is important for President Xi Jinping to maintain complete government control over Xinjiang, which means that cyberattacks on the camps are likely to result in non-violent retaliation from China.
The coordinated missions should remain covert once completed to avoid escalating conflicts from China, and collaboration between democracies with advanced cyber skills is key. For political reasons, these countries should neither approve nor deny participation in any particular attack. The Chinese authorities may suspect the attacker's identity but cannot prove it. Without a proven enemy, they are unlikely to resort to a martial response. Covert infiltration also has the benefit of denial so that the CCP can avoid public humiliation that could escalate further.
The CCP is unlikely to resort to preventive cyberattacks as it could require significant resources and a quick and aggressive response. Still, it is important that the countries involved improve their cyber defenses before launching cyberattacks against Chinese systems in Xinjiang and investing in advanced technology, human resources and updated response methods. You have to be ready to defend critical infrastructures as well as national security and intelligence agencies. Either way, strengthening these capabilities is vital: technological advances in the cybersphere will, in part, determine the future of warfare.
Evidence of human rights violations in Xinjiang is undeniable: torture, slave labor, sterilization obligations, sexual abuse and the separation of children from their parents are just a few examples. It took five years and millions of deaths for the Allied powers to close and liberate the remains of Nazi death camps, and did so with limited tactical skills. Democracies now have the ability to remotely disrupt Chinese concentration camps in Xinjiang by nonviolent means – a major asset that could be more effective against cultural genocide than sanctions and criticism.