China hacks away at India 🖥️

Good morning,

In today’s edition, we have the 3Ws—why, how, and what.

China’s hackers targeted one of India’s largest media groups. Why?
A new Anglosphere bloc could change the winds of foreign policy. How?
LIC agents could have a new role marketing an IPO. What!

Let’s begin.

Chinese state-sponsored hackers might be perusing the files at The Times Group

Jaspreet Kalra

Chinese state-affiliated hackers have been looking through the files at the Unique Identification Authority of India (UIDAI), the Madhya Pradesh Police department, and media conglomerate Bennett and Coleman and Co Ltd (BCCL), according to a report by enterprise security firm Recorded Future.

The bulk of personally identifiable data stored with UIDAI, which issues the unique digital ID Aadhaar, makes it a luring target for espionage. But the attack on BCCL, also known as The Times Group, could have been spurred by a desire to gain access to journalistic sources as well as pre-publication content.

The media group was hit with malware between February and August 2021, and majority of the data was stolen out of the firm’s servers when The Economic Times (a Times Group subsidiary) ran reports of “freedom patrol,” an exercise conducted by the US Navy in the Indian Ocean.

In the report, Recorded Future noted:

While the timing of the initial intrusion and exfiltration activity coinciding with naval-related articles is circumstantial evidence of possible intent, it remains plausible that that TAG-28’s [the hacker group] objectives may have included targeting the media group to gain insight into Indian ocean naval matters or perceived anti-China reporting.

Both UIDAI and the Times Group have disputed the report’s claims. While the media group told Bloomberg that the “alleged exfiltration” of data was blocked by its defence systems, UIDAI said it had no knowledge of the breach and has a “robust security system in place.”

While state-sponsored attackers usually tend to go after critical infrastructure or attempt to gain access to corporate and government secrets via cyber attacks, this isn’t the first time Chinese hackers have attacked a media organisation. A 2013 attack on The New York Times coincided with the paper’s publishing of an investigation that found that the relatives of Wen Jiabao, China’s prime minister at the time, had accumulated fortunes worth several billion dollars.

The attacks are also more widely symptomatic of fraying relationships between India and China, which reached a fever pitch during border tensions along the Himalayas that kicked off in May 2020.

“Data shows a 261% increase in the number of suspected state-sponsored Chinese cyber operations targeting Indian organisations and companies,” this year compared to 2020, the report said.

“Gaining access and insight into Indian government departments and organizations will … likely remain of paramount interest to Chinese state sponsored actors for the foreseeable future,” it added.

Given that both UIDAI and The Times Group have dismissed the claims made in the report, it’s unlikely that the government will initiate a public investigation into the matter.

And as The Ken has reported in the past, India’s response to a cyber breach often starts with a denial. Consequently, it gets lost in a hodgepodge of bureaucracy, weak infrastructure, and an absence of strategy.

With an adversarial neighbour that is increasingly keen to leverage its cyber-might for espionage and intimidation, a good starting point might just be to codify how private and public sector enterprises notify and coordinate with state agencies on such breaches instead of being caught frozen like a deer in the headlights.

Geopolitics is complicated. The winner is likely arms manufacturers

Nithin Sasikumar

Yesterday, an informal meeting of the South Asian Association for Regional Cooperation (SAARC) was cancelled because Pakistan thought that a member of the new Taliban government in Afghanistan should represent the country.

While the old order is facing complications wrought by new regimes, new blocs are emerging and complicating things further. Sometimes, these blocs have even sprung up overnight, as a surprise. I’m talking about AUKUS, a security alliance of the US, Australia, and the UK, which was announced on 15 September. The obvious target of this alliance is China.

And if SAARC has been fading away to irrelevance, AUKUS could be making other regions irrelevant. Think Europe.

Now, the direct result of this new alliance was an immediate about-face from Australia, which decided to cancel its submarine-purchase deal with France and, instead, buy nuclear-powered submarines from the US. The French were not happy and recalled their ambassadors to Washington and Canberra.

(Not the UK, though, which itself speaks volumes of how it is being perceived by France or the EU by extension.)

But this new pact excluding the European countries is a blast from the past as per Andreas Kluth, who wrote —

There it is again: the old Anglosphere, as distinct from the wider West. The undertone is that when it comes to staring down genuine threats — in the 21st century as in the 20th — it’s those ancient ties of language and culture that bind.

But he also says that Europe has to look inwards and blame itself for being kept out of these alliances first.

They could start by asking Lithuania, that former victim of Soviet imperialism which is now a proud member of the EU and NATO. It’s become the latest European country to get the full bullying treatment from Beijing. The reason is that Vilnius allowed Taiwan, which China considers a renegade province, to set up a representative office. In retaliation, if that is the word, Beijing withdrew its ambassador, clamped down on Lithuanian trade and generally tightened the vise.

The U.S. immediately offered its support to Lithuania. And the EU? Its member states aren’t so sure. After all, they do a lot of business with China — Germany’s largest trading partner — and feel that Lithuania could have been more diplomatic. It fell to the prime minister of Slovenia, which currently holds the EU’s rotating presidency, to plead with his counterparts to stick up for Lithuania at a gathering in two weeks.

Even within its own member nations, money (from China) took precedence over banding together. And that’s just one instance. Even as France seethes at the snub by the “Anglosphere”, its European neighbours have been fairly quiet in their reaction.

As Europe figures its standing in the new world order, the ripple effect of AUKUS will be felt:

The first casualty could be a European Union trade agreement with Australia. French President Emmanuel Macron’s government is questioning whether the EU should proceed with a trade agreement with Canberra. The chair of the European Parliament’s trade committee said on Monday the EU-Australia agreement might now be much more complicated and that willingness to compromise on issues like agriculture was likely to be quite limited.

Not just in trade, but also in the matter of military spending and other regional alliances.

Such frictions may also reinforce European wariness of relying on U.S. military might. Macron talked a couple of years ago of the “brain death” of NATO. The way in which President Joe Biden handled the withdrawal of U.S. troops from Afghanistan last month and the snub over the subs are likely to rekindle such thoughts. That might prompt an increase in EU countries’ defence budgets – and even persuade Macron to restrict France’s role in NATO, as was the case before 2009.

The threat (and even the money) of China is redefining foreign policy in the 21st century.

PS: Reuters published a “factbox” detailing how countries in the Asia-Pacific region were upping their military spending.

The LIC agent, its IPO, and incentives

Rohin Dharmakumar

The Life Insurance Corporation of India (LIC), India’s largest insurer, is a gigantic, lumbering beast. In an era of tech-driven insurance, it still does business the old-fashioned way. Through an army of nearly 2.3 million agents who forge and maintain personal connections with millions of LIC customers.

A large part of LIC’s success can be chalked up to that unmissable character across the country: the LIC agent. Persuasive and desperate in equal measure, she is in high demand between January and March—the last month of the financial year—when taxpayers hasten to buy insurance as a tax-saving measure.

As of March 2020, the latest year for which this data is available, India had 2.3 million life insurance agents. And more than half of them worked with LIC.

These agents brought in nearly 95% of the premium paid on LIC’s new individual policies in the year ended March 2020. For its peers, agents contributed under 25%. “Private players have been able to leverage the reach of banks. It allows you to scale rapidly,” says Saurabh Bhalerao, associate director of Care Ratings. (Disclosure: LIC owns nearly 10% of Care.)

Sure, LIC agents are often guilty of upselling customers expensive policies they don’t really need. But broadly, they have a relationship based on trust. “I trust that my money is safe with LIC,” is the unsaid bond between customer and agent.

Every policy’s first page clearly says that the policy is underwritten by the President of India (basically, the government) and that you will be paid off at the end of the tenure. And most people don’t seem to care about how this happens, so long as the money eventually makes its way into their bank accounts. It hasn’t failed thus far, they might argue.

Even if many agents sell many policies that are bad for customers, LIC has two safety mechanisms to contain any fallout. Firstly, because insurance payouts happen over years, it gives LIC time to work out alternatives. Secondly, there is always the implicit backing of the state.

But what if agents are asked to sell customers something that circumvents both these safety mechanisms?

After 'mutual funds sahi hai’, it could be the turn of something like 'stock market sahi hai’. Ahead of what will be India's biggest initial public offering, expected later this year, the government and the insurance major are planning a high-decibel awareness campaign for retail investors to ensure their participation in large numbers. “It may be along the lines of the highly successful campaign on mutual funds,” an official privy to the developments said.

The campaign will mainly target investors in tier II and tier III cities, and will be organised through the vast network of LIC agents to make the policyholders aware about investing in stock markets. LIC had about 2.28 million agents as on March 31, 2020, and they would be leveraged for this exercise.

[…]

In an effort to give LIC policyholders an opportunity to own a part of the insurance company, the government will reserve up to 10 per cent of the issue size for them. The government is keen on ensuring that the policyholders’ quota in the offering gets fully subscribed.

Now, by all measures, the LIC IPO might turn out to be a roaring success. But what if it isn’t? No one, not the government nor LIC, can offer protection against a falling stock.

Will customers who were nudged to invest their hard-earned money in the IPO blame their agents? Will that erode the trust they had in the agent? In LIC?

This promises to be an interesting collision of incentives.

McDonald’s is becoming more responsible

Nithin Sasikumar

The famous yellow arches are going green.

Okay, not quite. The arches will still remain yellow, but the famous McDonald’s toys packed within its kiddie meal, the Happy Meal, are ditching the plastic in favour of cardboard and other environment-friendly material.

The burger giant said Tuesday it’s working with toy companies to develop new ideas, such as three-dimensional cardboard superheroes kids can build or board games with plant-based or recycled game pieces.

Sure, Happy Meals aren’t exactly packed with nutrients, and the world’s junk food obsession could partly be attributed to companies like McDonald’s catching their customers young. But these ‘plastic toys’ that are packaged along with the Happy Meal are equally unhealthy for the environment and, eventually, will find their way into landfills.

So, even if the meals are ‘bad’, the toys will be ‘good’.

Source: Giphy

PS: According to various estimates, McDonald’s could well be delivering over 1.5 billion such toys every year. And if you’ve heard of McDonald’s being one of the largest commercial real estate owners in the world, well, it’s also one of the largest toy distributors in the world. Even beating toy manufacturers like Hasbro and Mattel.

That’s it for today.

Don’t forget to write in with your thoughts and observations on the reshaping of businesses, societies, and economies. We will be back tomorrow.

Stay safe,
Nithin
[email protected]

The only business subscription you need

Unrivaled analysis and powerful stories about businesses in India and Southeast Asia from award-winning journalists. Includes access to longform articles, premium newsletters across a range of topics depending on your interest and our top-ranked podcast. For those who want to be prepared for what comes next.

So much journalism in India is superficial.

Articles are generic, almost cookie-cutter in their approach. And they don’t provide enough context on the issues they cover. The Ken is different. I don’t always agree with everything they say but I appreciate their commitment to publishing deeply reported narratives and investigations. Their reporters find new ways to analyze tech among other industries. And that’s always worth a read.

Sid Talwar / Co-Founder and Partner / Lightbox Venture Capital

As entrepreneurs, we thrive on being in the know at all times.

A personal subscription to The Ken was a no brainer. But as startup founders, this isn't enough. Team members also need to be in the know, for everyone handles customer-facing responsibilities and an ecosystem change that impacts customers also impacts us

Kiran Jonnalagadda / Co-founder / HasGeek and Internet Freedom Foundation