Attacks/Breaches
2/28/2013
01:00 PM
Connect Directly
RSS
E-Mail
50%
50%

China Targets U.S. In Hacking Blame Game

Responding to allegations that China regularly hacks U.S. businesses, Chinese government officials claim that 63% of cyber attacks on their military systems in 2012 came from the U.S.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
China Thursday upped the stakes in the China-America hacking blame game by accusing the United States of launching hack attacks against Chinese government networks. According to the China's defense ministry, Chinese military systems were subjected to 144,000 attacks per month throughout 2012, and 63% of those attacks came from the United States.

"The Defense Ministry and China Military Online websites have faced a serious threat from hacking attacks since they were established, and the number of hacks has risen steadily in recent years," said ministry spokesman Geng Yansheng, Reuters reported. Geng's comments were delivered in a monthly press briefing that's closed to foreign reporters, and which were later distributed by the government.

China's allegations came as a response to increased accusations from security experts in the United States that Chinese government has been sponsoring a long-running online espionage campaign that targets private businesses.

[ Why does the U.S. accuse China of hacking? Read China Denies U.S. Hacking Accusations: 6 Facts. ]

Notably, security firm Mandiant last week released a report that accused the Chinese government of supporting multiple groups of advanced persistent threat (APT) attackers, and one particular group of having successfully compromised 141 businesses since 2006. Although the group -- dubbed Comment Crew by some security watchers, and APT1 by Mandiant -- was first spotted in 2006, Mandiant's report was the first to lay out voluminous evidence, albeit of a circumstantial nature, that attempted to link APT1 not just to China, but to the People's Liberation Army (PLA) Unit 61398, which Mandiant described as an elite military hacking unit.

According to a statement released last week by China's defense ministry, however, "the Chinese army has never supported any hackings." Indeed, the Chinese government has repeatedly denied that it hacks foreign governments' or businesses' websites, and Chinese officials labeled Mandiant's report "groundless both in facts and legal basis," accusing the security firm of invoking the specter of Chinese attacks to drum up more business.

Chinese officials likewise dismissed last month an allegation by The New York Times that the Chinese government was responsible for hacking into the paper's network and stealing a copy of every employee's password. After the Times discovered the breach in November 2012, it hired Mandiant to conduct a digital forensic investigation. In January, based on research provided by Mandiant, the Times accused China -- and in particular, APT group #12 -- of having launched the attacks. The Wall Street Journal and Washington Post later said they'd also been targeted in similar attacks.

As the hacking accusations against China have increased, Chinese government officials have gone to great pains to emphasize that people in China are themselves regularly subjected to attacks launched from overseas. "In 2012, about 73,000 overseas IP addresses controlled more than 14 million computers in China and 32,000 IP addresses remotely controlled 38,000 Chinese websites," foreign ministry spokesman Hong Lei said at a news conference last week, noting that the greatest number of attacks emanated from the United States.

Despite the increase in foreign attacks targeting Chinese systems, "Beijing has seldom accused other countries of launching the attacks," said Wen Weiping, a professor at the School of Software and Microelectronics at Peking University, in a statement released by Xinhua News Agency, which is the official press agency of the People's Republic of China.

Thursday, meanwhile, defense ministry spokesman Geng said that no Chinese soldiers are engaged in cyber warfare or online attacks, noting that Chinese "blue teams" participate only in military drills, "to enhance the country's ability to safeguard cyber security," according to a statement released by Xinhua. Blue teams refers to the "good guys" in a military exercise, while red teams play the enemy.

But Geng said China is working to improve its military cybersecurity capabilities. "Compared with military capabilities around the world, however, there is still a gap," he said.

Speaking this week at the RSA conference in San Francisco, some information security experts said they expect China's alleged cyber attacks to continue unabated.

In part that appears to be because high-level discussions on the topic have yet to agree on terminology, James Lewis, a senior fellow at the Center for Strategic and International Studies (CSIS), told the conference. In particular, Chinese government officials who engage in proxy discussions with U.S. think tanks prefer to avoid discussing espionage, or even using the word "espionage" at all.

Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple Deployment at the NEW Mac & iOS IT Conference. Use Priority Code DIPR03 by March 9 to save up to $500 off the price of Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies, and the latest technology. Register for Interop today!

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
3/4/2013 | 1:56:36 PM
re: China Targets U.S. In Hacking Blame Game
Perhaps it's a blame game and perhaps the Chinese government is guilty of more than a little bit of hyperbole, but the United States wouldn't be doing its job if it wasn't doing its due diligence on the biggest economic and military competitor of the future.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3341
Published: 2014-08-19
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

CVE-2014-3464
Published: 2014-08-19
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers ...

CVE-2014-3472
Published: 2014-08-19
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

CVE-2014-3490
Published: 2014-08-19
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have...

CVE-2014-3504
Published: 2014-08-19
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Dark Reading continuing coverage of the Black Hat 2014 conference brings interviews and commentary to Dark Reading listeners.