Exploiting fears: virtual kidnapping targets Chinese international students

As “sophisticated cyber attacks” on Australian’s digital infrastructure dominate weeks of headlines, it pays to remember that malicious cyber actors also prey on vulnerable people and diaspora communities. As demonstrated by the recent virtual kidnapping scams, these cyber threats covertly operate in the social realm and achieve their effects through sowing fear and confusion. While Australia bolsters its cyber security posture, policy discussions must go further than purely technical solutions — data protection, network security, critical infrastructure security — and respond to cyber threats that exploit fear and societal fractures within our communities.  

This year, eight Chinese international students in Australia have fallen victim to virtual kidnapping scams orchestrated by international crime syndicates. In one case, the victim’s father in China paid more than $2 million to the scammers after being sent a video of his daughter tied up in an unknown location.

How do these virtual kidnapping scams work?

First, the victim receives a phone call from someone claiming to be a “Chinese official”. The scammers often program the caller’s ID so that it appears to be from the Chinese police, consulate or embassy.

Next, the “Chinese official” convinces the victim that they have been implicated in a serious crime in China and that they must transfer money to avoid legal action, arrest or deportation. One of the victims said that the “police officer” insisted that “he could help but it would cost $4,000 for an expedited investigation, $90,000 as a kind of security bond, and $250,000 for a civil liability case.”

While some cases end when the victim transfers the requested amount, NSW Police reported more egregious scenarios where victims are coerced to stop contacting their family and friends, rent a hotel room and fake their own kidnappings. Victims are told to photograph themselves tied up and blindfolded as “evidence” — images that are then sent to the victim’s family in China. When the victim’s family is unable to contact them, they send large ransom payments in exchange for their safe “release.”

Why are Chinese international students being targeted?

The fact that Chinese international students typically arrive in Australia with limited life experience and no solid support networks makes them particularly vulnerable.

Monash University Criminology Lecturer, Dr Lennon Chang, said that “if you’re an Australian-born Chinese and someone tells you you’re involved in organised crime in China, you’d tell them to go away” but “if you’re a Chinese international student, you might be worried about your family, your situation, back in your hometown.”

Exploiting well-founded fears of persecution by authoritarian governments is a savvy, albeit extremely deleterious technique used by malicious cyber actors. It’s not far-fetched for Chinese international students to believe the “Chinese official” informing them of a crime unknown to them that involves their arrest or deportation. The Chinese Communist Party (CCP) is widely known for its top-down manipulation through its consulates who proactively control how China is talked about on a global scale.

For example, this week the CCP introduced a new online portal that allows people to refer their compatriots to Chinese officials for political crimes. The online portal allows allegations to be levelled against dissidents for “attacking the party, the state system and major policies”, endangering national security, harming the national image and slandering heroes.

If Chinese citizens have been punished for innocuous offences like posting a video online of catching fish while wearing a red scarf associated with a Communist Party organisation, the threat of persecution is considerably more real and intimidating for Chinese international students than your average university student.

With the all-pervasive and exponential nature of cybercrime, there is a growing need for cyber security to be approached holistically.

These scams demonstrate that cyber threats can go well beyond network security, data privacy issues and breaches, and instead expose deep-seated social and cultural issues. Although the challenges international students experience are not new to policy makers and universities — isolation, culture shock, language barriers, and accommodation issues — emerging technologies only increase the potency of the tools and techniques malicious cyber actors use.

As the recent foray of state-sponsored cyber attacks have served as a wake-up call for the federal government to re-think its cyber security posture, discussions must also respond to cyber threats that operate in the social realm and exploit fear and cultural vulnerabilities shared by many of Australia’s diaspora communities.

These scams are also an opportunity for universities to lead public cyber awareness campaigns with student organisations, agencies and the private sector to support our international student communities in an online world.

This article was originally published by Young Australians in International Affairs on August 6, 2020