Cyber attacks likely as KL govt reviews projects: Security firm

KUALA LUMPUR • Chinese state-sponsored hackers may be targeting companies and state agencies in Malaysia as it looks to review several major projects linked to China's Belt and Road Initiative (BRI), cyber security firm FireEye said yesterday.

Malaysian Prime Minister Mahathir Mohamad, who took power after an election win in May, will be in China tomorrow seeking to renegotiate and possibly cancel billions of dollars worth of Chinese-invested projects authorised by his predecessor, Najib Razak.

China's BRI, unveiled in 2013, aims to develop a network of land and sea links with South-east Asia, Central Asia, the Middle East, Europe and Africa.

FireEye said it had found indications that cyber espionage activities were increasing throughout South-east Asia as China-based groups and others sought to gain information on BRI projects and deals.

Malaysia's recent political changes and its reassessment of China-backed projects put it at heightened risk of such activity, FireEye's head of global intelligence operations, Ms Sandra Joyce, told a media briefing.

"Malaysia is looking more and more like a typical target of Chinese state-sponsored cyber activity," she said.

"As Chinese investments continue to be scrutinised, that is going to be a motivator for groups... to gain more intelligence and information on the future of these projects."

China's foreign ministry did not immediately respond to a request for comment.

China routinely denies accusations of involvement in hacking and says it is a main victim of it.

Malaysia suspended the US$20 billion (S$27.6 billion) East Coast Rail Link (ECRL) project that links Malaysia's west coast with ports in the east, pending discussions over pricing and graft allegations.

Malaysia also halted work on two projects worth more than US$2.3 billion awarded to the China Petroleum Pipeline Bureau.

Meanwhile, Malaysian Finance Minister Lim Guan Eng said that the government's review of the ECRL is not confined to construction costs only, but also to the viability of maintaining the rail network.

"It must be noted that even if the rail project is completed, the operational cost will be very high to cover the project cost," he said.

"Don't even talk about capital expenditure, as we can't even cover the operational cost, which is estimated to be RM600 million (S$202 million) to RM1 billion annually," he said in reply to a question in Parliament yesterday.

Mr Lim said operational cost is another crucial factor as to why the government decided to review the ECRL project.

"This is a huge issue, and it is clear why a review is needed to avoid the government being saddled with a huge debt. It is a mega project that will result in a mega debt," he added.

Mr Lim informed lawmakers that negotiations between the government and Chinese project contractor China Communications Construction are still ongoing.

"The viability and feasibility of the project remains the biggest question," he stressed.


A version of this article appeared in the print edition of The Straits Times on August 16, 2018, with the headline 'Cyber attacks likely as KL govt reviews projects: Security firm'. Print Edition | Subscribe