Attacks/Breaches
2/28/2013
01:00 PM
50%
50%

China Targets U.S. In Hacking Blame Game

Responding to allegations that China regularly hacks U.S. businesses, Chinese government officials claim that 63% of cyber attacks on their military systems in 2012 came from the U.S.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
China Thursday upped the stakes in the China-America hacking blame game by accusing the United States of launching hack attacks against Chinese government networks. According to the China's defense ministry, Chinese military systems were subjected to 144,000 attacks per month throughout 2012, and 63% of those attacks came from the United States.

"The Defense Ministry and China Military Online websites have faced a serious threat from hacking attacks since they were established, and the number of hacks has risen steadily in recent years," said ministry spokesman Geng Yansheng, Reuters reported. Geng's comments were delivered in a monthly press briefing that's closed to foreign reporters, and which were later distributed by the government.

China's allegations came as a response to increased accusations from security experts in the United States that Chinese government has been sponsoring a long-running online espionage campaign that targets private businesses.

[ Why does the U.S. accuse China of hacking? Read China Denies U.S. Hacking Accusations: 6 Facts. ]

Notably, security firm Mandiant last week released a report that accused the Chinese government of supporting multiple groups of advanced persistent threat (APT) attackers, and one particular group of having successfully compromised 141 businesses since 2006. Although the group -- dubbed Comment Crew by some security watchers, and APT1 by Mandiant -- was first spotted in 2006, Mandiant's report was the first to lay out voluminous evidence, albeit of a circumstantial nature, that attempted to link APT1 not just to China, but to the People's Liberation Army (PLA) Unit 61398, which Mandiant described as an elite military hacking unit.

According to a statement released last week by China's defense ministry, however, "the Chinese army has never supported any hackings." Indeed, the Chinese government has repeatedly denied that it hacks foreign governments' or businesses' websites, and Chinese officials labeled Mandiant's report "groundless both in facts and legal basis," accusing the security firm of invoking the specter of Chinese attacks to drum up more business.

Chinese officials likewise dismissed last month an allegation by The New York Times that the Chinese government was responsible for hacking into the paper's network and stealing a copy of every employee's password. After the Times discovered the breach in November 2012, it hired Mandiant to conduct a digital forensic investigation. In January, based on research provided by Mandiant, the Times accused China -- and in particular, APT group #12 -- of having launched the attacks. The Wall Street Journal and Washington Post later said they'd also been targeted in similar attacks.

As the hacking accusations against China have increased, Chinese government officials have gone to great pains to emphasize that people in China are themselves regularly subjected to attacks launched from overseas. "In 2012, about 73,000 overseas IP addresses controlled more than 14 million computers in China and 32,000 IP addresses remotely controlled 38,000 Chinese websites," foreign ministry spokesman Hong Lei said at a news conference last week, noting that the greatest number of attacks emanated from the United States.

Despite the increase in foreign attacks targeting Chinese systems, "Beijing has seldom accused other countries of launching the attacks," said Wen Weiping, a professor at the School of Software and Microelectronics at Peking University, in a statement released by Xinhua News Agency, which is the official press agency of the People's Republic of China.

Thursday, meanwhile, defense ministry spokesman Geng said that no Chinese soldiers are engaged in cyber warfare or online attacks, noting that Chinese "blue teams" participate only in military drills, "to enhance the country's ability to safeguard cyber security," according to a statement released by Xinhua. Blue teams refers to the "good guys" in a military exercise, while red teams play the enemy.

But Geng said China is working to improve its military cybersecurity capabilities. "Compared with military capabilities around the world, however, there is still a gap," he said.

Speaking this week at the RSA conference in San Francisco, some information security experts said they expect China's alleged cyber attacks to continue unabated.

In part that appears to be because high-level discussions on the topic have yet to agree on terminology, James Lewis, a senior fellow at the Center for Strategic and International Studies (CSIS), told the conference. In particular, Chinese government officials who engage in proxy discussions with U.S. think tanks prefer to avoid discussing espionage, or even using the word "espionage" at all.

Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple Deployment at the NEW Mac & iOS IT Conference. Use Priority Code DIPR03 by March 9 to save up to $500 off the price of Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies, and the latest technology. Register for Interop today!

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
3/4/2013 | 1:56:36 PM
re: China Targets U.S. In Hacking Blame Game
Perhaps it's a blame game and perhaps the Chinese government is guilty of more than a little bit of hyperbole, but the United States wouldn't be doing its job if it wasn't doing its due diligence on the biggest economic and military competitor of the future.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8891
Published: 2015-03-06
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors...

CVE-2014-8892
Published: 2015-03-06
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via un...

CVE-2015-1170
Published: 2015-03-06
The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API call...

CVE-2015-1637
Published: 2015-03-06
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for r...

CVE-2014-2130
Published: 2015-03-05
Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka B...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.