Attacks/Breaches
2/28/2013
01:00 PM
50%
50%

China Targets U.S. In Hacking Blame Game

Responding to allegations that China regularly hacks U.S. businesses, Chinese government officials claim that 63% of cyber attacks on their military systems in 2012 came from the U.S.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
China Thursday upped the stakes in the China-America hacking blame game by accusing the United States of launching hack attacks against Chinese government networks. According to the China's defense ministry, Chinese military systems were subjected to 144,000 attacks per month throughout 2012, and 63% of those attacks came from the United States.

"The Defense Ministry and China Military Online websites have faced a serious threat from hacking attacks since they were established, and the number of hacks has risen steadily in recent years," said ministry spokesman Geng Yansheng, Reuters reported. Geng's comments were delivered in a monthly press briefing that's closed to foreign reporters, and which were later distributed by the government.

China's allegations came as a response to increased accusations from security experts in the United States that Chinese government has been sponsoring a long-running online espionage campaign that targets private businesses.

[ Why does the U.S. accuse China of hacking? Read China Denies U.S. Hacking Accusations: 6 Facts. ]

Notably, security firm Mandiant last week released a report that accused the Chinese government of supporting multiple groups of advanced persistent threat (APT) attackers, and one particular group of having successfully compromised 141 businesses since 2006. Although the group -- dubbed Comment Crew by some security watchers, and APT1 by Mandiant -- was first spotted in 2006, Mandiant's report was the first to lay out voluminous evidence, albeit of a circumstantial nature, that attempted to link APT1 not just to China, but to the People's Liberation Army (PLA) Unit 61398, which Mandiant described as an elite military hacking unit.

According to a statement released last week by China's defense ministry, however, "the Chinese army has never supported any hackings." Indeed, the Chinese government has repeatedly denied that it hacks foreign governments' or businesses' websites, and Chinese officials labeled Mandiant's report "groundless both in facts and legal basis," accusing the security firm of invoking the specter of Chinese attacks to drum up more business.

Chinese officials likewise dismissed last month an allegation by The New York Times that the Chinese government was responsible for hacking into the paper's network and stealing a copy of every employee's password. After the Times discovered the breach in November 2012, it hired Mandiant to conduct a digital forensic investigation. In January, based on research provided by Mandiant, the Times accused China -- and in particular, APT group #12 -- of having launched the attacks. The Wall Street Journal and Washington Post later said they'd also been targeted in similar attacks.

As the hacking accusations against China have increased, Chinese government officials have gone to great pains to emphasize that people in China are themselves regularly subjected to attacks launched from overseas. "In 2012, about 73,000 overseas IP addresses controlled more than 14 million computers in China and 32,000 IP addresses remotely controlled 38,000 Chinese websites," foreign ministry spokesman Hong Lei said at a news conference last week, noting that the greatest number of attacks emanated from the United States.

Despite the increase in foreign attacks targeting Chinese systems, "Beijing has seldom accused other countries of launching the attacks," said Wen Weiping, a professor at the School of Software and Microelectronics at Peking University, in a statement released by Xinhua News Agency, which is the official press agency of the People's Republic of China.

Thursday, meanwhile, defense ministry spokesman Geng said that no Chinese soldiers are engaged in cyber warfare or online attacks, noting that Chinese "blue teams" participate only in military drills, "to enhance the country's ability to safeguard cyber security," according to a statement released by Xinhua. Blue teams refers to the "good guys" in a military exercise, while red teams play the enemy.

But Geng said China is working to improve its military cybersecurity capabilities. "Compared with military capabilities around the world, however, there is still a gap," he said.

Speaking this week at the RSA conference in San Francisco, some information security experts said they expect China's alleged cyber attacks to continue unabated.

In part that appears to be because high-level discussions on the topic have yet to agree on terminology, James Lewis, a senior fellow at the Center for Strategic and International Studies (CSIS), told the conference. In particular, Chinese government officials who engage in proxy discussions with U.S. think tanks prefer to avoid discussing espionage, or even using the word "espionage" at all.

Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple Deployment at the NEW Mac & iOS IT Conference. Use Priority Code DIPR03 by March 9 to save up to $500 off the price of Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies, and the latest technology. Register for Interop today!

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
J. Nicholas Hoover
50%
50%
J. Nicholas Hoover,
User Rank: Apprentice
3/4/2013 | 1:56:36 PM
re: China Targets U.S. In Hacking Blame Game
Perhaps it's a blame game and perhaps the Chinese government is guilty of more than a little bit of hyperbole, but the United States wouldn't be doing its job if it wasn't doing its due diligence on the biggest economic and military competitor of the future.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.