Hackers lurk in Vatican shadows. Were spies involved in the China-Vatican Agreement?

Has China tricked the Vatican? This is what Recorded Future, a private company based in Massachusetts claims. Recorded Future conducts web intelligence by monitoring and analysing open source programs. The cybersecurity company's team of researchers filed in a detailed report on how the Holy See might been targeted by Chinese hackers.

RedDelta is the name of a group of hackers with Beijing government ties, according to the American experts. Red Delta purportedly managed to access the servers of the Pontifical Institute for Foreign Missions (PIME) headquarters and the Holy See’s Study Mission in Hong Kong. Hackings apparently began in mid-May and through at least 21 July. Investigators at Recorded Future pointed out that the illegal activity probably had taken place just before the controversial provisional agreements between the Vatican and the People's Republic of China are set to expire. The secret accord on episcopal ordinations was struck between the two parties in September 2018 and will remain in effect until this September 21. It faces a likely extension of twelve months on the heels of what Massimo Franco calls "coronavirus diplomacy."

The stakes of the accord’s renewal are high. If revelations made by the US cybersecurity company are indeed true, it would not be surprising that hackers connected to Beijing had chosen to break into the Holy See’s Study Mission servers. Although not a true diplomatic mission since relations were officially interrupted since 1951, the Study Mission is nevertheless is a sort of nunciature that closely follows the complex reality of the Catholic Church in China. It has existed since 1989, when Saint John Paul II commissioned a councillor from the Vatican’s Manila nunciature to reside permanently in Hong Kong and to act as a link between the Holy See and the Chinese dioceses. The first to fill this office was the French bishop Jean-Paul Gobel who then was succeeded by Cardinal Fernando Filoni, the former “Red Pope” and current Grand Master of the Equestrian Order of the Holy Sepulchre of Jerusalem.

The papal delegate in Hong Kong has never had an easy life: for example, Bishop Martin Nugent, Filoni’s successor in this sensitive assignment, said Beijing twice refused to issue him a visa to visit mainland China. The Vatican’s Hong Kong Study Mission is the most important information channel for the Vatican in the region, especially regarding episcopal ordinations. It is from this office, for example, that the Holy See learned that between 2010 and 2011 there was an acceleration of hostilities by Chinese communist government, after illicit ordinations had resumed and following attempts to subdue faithful of the "clandestine Church" to the “patriotic Church” by withdrawing state funds as well subjecting them to kidnappings and arrests.

Access to the Mission's server, therefore, allows you to get one’s hands on particularly important information in light of the terms of discussions intended for the renewal of the provisional China-Vatican agreement. This, however, does seem to be a common modus operandi for China: two years ago, an American web intelligence company had once again reported on Beijing-linked hackers against Japan whose aim was to obtain information about Japan’s position on the escalating North Korean crisis. Even in that particular instance, the cyber-soldiers were suspected of being under orders from China and had used the “spear-phishing” technique via the sending of emails with credible content capable of installing malware to access a particular IT systems and steal valuable data.

This is the very same trap that, according to Recorded Future, Chinese hackers used to spy on PIME and later the Study Mission in Hong Kong. The bait was set in the form of a condolence letter signed by the cardinal and secretary of state, Pietro Parolin, for the death of Bishop Joseph Ma Zhongmu. This was a double hoax, if one thinks about it, since the prelate of Mongolian origin, who had passed away at an age well over 100 years, was consecrated in secret and was persecuted by the regime that never recognized him officially and sent him to serve for years in a labor camp. The letter, as published in the American company’s report, appears rather plausible in form and content. In fact, the Massachusetts IT team has not been able to affirm whether it was created ad hoc by Chinese hackers or stolen from somewhere else.

Maurizio Mensi, professor at National School of Administration (SNA) and Luiss Guido Carli and executive director of the  MENA-OCSE Centre, told the Nuova Bussola Quotidiana that "even the way in which the attack was launched, close to the provisional agreement’s deadline, makes quite clear the relevance of the hacker’s objectives and should lead us to assess the full danger of Chinese strategy and its consequential resolutions."

The Chinese Foreign Ministry reacted to the Recorded Future report, dismissing its accusations and asking for "sufficient evidence" to prove them. This defence does not surprise Mensi, who believes the use of espionage via cyber attacks not directly linked to state entities serves as a cover for Beijing once the attack is finally exposed. "It is very difficult to judge with certainty just who is the author of this criminal activity. In the cyber sector, it is well known that attribution is one of the most delicate aspects of cybernetics."

The "First Cyber ​​Cold War" is underway between the western world and China. China, if its hacking of Vatican servers is confirmed, seems willing to fight with any means available and without too many difficulties with respect to those whom they want to spy on. The current “cold war” differs significantly from that which ended with the collapse of the Berlin Wall and the eventual dismantling of the USSR. According to Mensi, "unlike the Cold War with the Soviet Union, the current conflict with China takes on characteristics of a real clash of civilizations. It is an all-out clash that has implications on strategic, economic military level, ideological levels."

The attacks on servers at the Holy See’s Mission Study and PIME centre, therefore would not be considered an isolated event. Mensi, The SNA economic law professor considers, it "an element that fits perfectly, even in terms of  timing, into a global expansionist strategy, which includes the 5G and the Belt and Road Initiative [the “New Silk Road”], which should also cause the Vatican to reconsider its attitude towards Beijing . The warning from the United States Ambassador to Italy, Lewis Eisenberg, regarding threats coming from Chinese objectives on Italian ports and, more broadly, on its strategic infrastructures deserves our utmost attention."

This could spell a reversal of policy hoped for by Benedict Rogers, a human rights activist. In an articled published a few days ago in Foreign Policy, Rogers express his doubts about the 2018 Provisional Agreement and, more generally, on the Vatican’s reactions in the face of religious and civil liberties violations in China. The British journalist said he was perplexed that the text of the agreement remained secret: "If it is such a good agreement in the eyes of the Holy See,” he wondered,  “then why don’t ordinary Catholics and the world, in general, know what it says?"

"What we do know is that it gives the Chinese Communist Party - an avowedly atheist regime - a direct role in the appointment of Catholic bishops and which has already led to the forced removal of numerous clandestine bishops loyal to the Vatican in favor of state bishops," Rogers said. According to Rogers, the Agreement "did not bring about any improvements in the freedoms for Catholics; if anything, the situation has worsened, (because) no member of the clergy was imprisoned before the Agreement went into effect, while many have been arrested, detained and even disappeared since the agreement was agreed." "Far from bringing the desired unity or protection for the Church”, concluded the British activist, “it caused greater division and more repression."

Might revelations on alleged espionage ordered by Beijing against the Papal Mission in Hong Kong and the PIME headquarters have consequences on the negotiations relating to the Provisional Agreement expiring in just under two months? So far, no reactions to the Recorded Future report have come from within Vatican walls According to Prof. Mensi, the supposed cyber attack shows that "Chinese escalation spares not even the Vatican, which has so far been rather lukewarm towards in its attitudes toward Beijing."