Attacks/Breaches
2/28/2013
01:00 PM
Connect Directly
RSS
E-Mail
50%
50%

China Targets U.S. In Hacking Blame Game

Responding to allegations that China regularly hacks U.S. businesses, Chinese government officials claim that 63% of cyber attacks on their military systems in 2012 came from the U.S.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
China Thursday upped the stakes in the China-America hacking blame game by accusing the United States of launching hack attacks against Chinese government networks. According to the China's defense ministry, Chinese military systems were subjected to 144,000 attacks per month throughout 2012, and 63% of those attacks came from the United States.

"The Defense Ministry and China Military Online websites have faced a serious threat from hacking attacks since they were established, and the number of hacks has risen steadily in recent years," said ministry spokesman Geng Yansheng, Reuters reported. Geng's comments were delivered in a monthly press briefing that's closed to foreign reporters, and which were later distributed by the government.

China's allegations came as a response to increased accusations from security experts in the United States that Chinese government has been sponsoring a long-running online espionage campaign that targets private businesses.

[ Why does the U.S. accuse China of hacking? Read China Denies U.S. Hacking Accusations: 6 Facts. ]

Notably, security firm Mandiant last week released a report that accused the Chinese government of supporting multiple groups of advanced persistent threat (APT) attackers, and one particular group of having successfully compromised 141 businesses since 2006. Although the group -- dubbed Comment Crew by some security watchers, and APT1 by Mandiant -- was first spotted in 2006, Mandiant's report was the first to lay out voluminous evidence, albeit of a circumstantial nature, that attempted to link APT1 not just to China, but to the People's Liberation Army (PLA) Unit 61398, which Mandiant described as an elite military hacking unit.

According to a statement released last week by China's defense ministry, however, "the Chinese army has never supported any hackings." Indeed, the Chinese government has repeatedly denied that it hacks foreign governments' or businesses' websites, and Chinese officials labeled Mandiant's report "groundless both in facts and legal basis," accusing the security firm of invoking the specter of Chinese attacks to drum up more business.

Chinese officials likewise dismissed last month an allegation by The New York Times that the Chinese government was responsible for hacking into the paper's network and stealing a copy of every employee's password. After the Times discovered the breach in November 2012, it hired Mandiant to conduct a digital forensic investigation. In January, based on research provided by Mandiant, the Times accused China -- and in particular, APT group #12 -- of having launched the attacks. The Wall Street Journal and Washington Post later said they'd also been targeted in similar attacks.

As the hacking accusations against China have increased, Chinese government officials have gone to great pains to emphasize that people in China are themselves regularly subjected to attacks launched from overseas. "In 2012, about 73,000 overseas IP addresses controlled more than 14 million computers in China and 32,000 IP addresses remotely controlled 38,000 Chinese websites," foreign ministry spokesman Hong Lei said at a news conference last week, noting that the greatest number of attacks emanated from the United States.

Despite the increase in foreign attacks targeting Chinese systems, "Beijing has seldom accused other countries of launching the attacks," said Wen Weiping, a professor at the School of Software and Microelectronics at Peking University, in a statement released by Xinhua News Agency, which is the official press agency of the People's Republic of China.

Thursday, meanwhile, defense ministry spokesman Geng said that no Chinese soldiers are engaged in cyber warfare or online attacks, noting that Chinese "blue teams" participate only in military drills, "to enhance the country's ability to safeguard cyber security," according to a statement released by Xinhua. Blue teams refers to the "good guys" in a military exercise, while red teams play the enemy.

But Geng said China is working to improve its military cybersecurity capabilities. "Compared with military capabilities around the world, however, there is still a gap," he said.

Speaking this week at the RSA conference in San Francisco, some information security experts said they expect China's alleged cyber attacks to continue unabated.

In part that appears to be because high-level discussions on the topic have yet to agree on terminology, James Lewis, a senior fellow at the Center for Strategic and International Studies (CSIS), told the conference. In particular, Chinese government officials who engage in proxy discussions with U.S. think tanks prefer to avoid discussing espionage, or even using the word "espionage" at all.

Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple Deployment at the NEW Mac & iOS IT Conference. Use Priority Code DIPR03 by March 9 to save up to $500 off the price of Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies, and the latest technology. Register for Interop today!

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
3/4/2013 | 1:56:36 PM
re: China Targets U.S. In Hacking Blame Game
Perhaps it's a blame game and perhaps the Chinese government is guilty of more than a little bit of hyperbole, but the United States wouldn't be doing its job if it wasn't doing its due diligence on the biggest economic and military competitor of the future.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.