Attacks/Breaches
6/6/2013
01:14 PM
50%
50%

China To America: You Hack Us, Too

Difference is China doesn't point fingers, says head of China's computer emergency response team, even though it has "mountains" of evidence that U.S. snoops.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Numerous online attacks against China have been traced back to U.S. servers. But unlike authorities in the United States, the Chinese government chooses to not point the finger, according to the head of the country's computer emergency response team.

"We have mountains of data, if we wanted to accuse the U.S., but it's not helpful in solving the problem," Huang Chengqing, the director of the National Computer Network Emergency Response Technical Team Coordination Center of China (CNCERT), told government-run media outlet China Daily Wednesday.

According to data published by CNCERT, in the first three months of 2013, 5.6 million systems in China were infected by malware tied to 13,400 command-and-control servers located overseas. Of those, more than half of infected systems -- 2.9 million PCs -- were controlled by about 4,000 command-and-control servers based in the United States. Meanwhile, 3,500 U.S. systems had been used to take over about 7,700 different websites located in China.

[ China has been blamed for a variety of intrusions. Read China Tied To 3-Year Hack Of Defense Contractor. ]

In the same timeframe, CNCERT reported that 54 U.S.-based IP addresses had "hijacked Chinese official websites to steal data," which according to China Daily included sites related to "government departments, key information systems and research institutions."

Despite the origin of the attacks, "it's hard to judge whether the U.S. government supported or got involved in the hacking," Huang said. "Besides, hackers can easily hide their real location and identities." As a result, he added, "technically it is irresponsible and unfounded for some people to talk about alleged hacking supported by the Chinese authorities." Huang's comments were published in advance of a two-day Chinese-American summit between President Obama and China's newly minted leader, President Xi Jinping, which is scheduled to occur this Friday and Saturday in California. His comments continue the People's Republic of China (PRC) party line, which is that the government isn't sponsoring espionage attacks against the United States.

The blame game against Chinese hackers has intensified in recent months. In February, a report from security firm Mandiant accused a Chinese army unit of having launched advanced persistent threat (APT) attacks against U.S. businesses. In March, Chinese Premier Li Keqiang rejected those accusations, saying that they amounted to a "presumption of guilt," and that "China does not support but indeed oppose such attacks."

But a confidential Department of Defense report from January 2013, portions of which were first published last month by The Washington Post, said that hack attacks attributed to state-sponsored Chinese attackers had been much more widespread than previously acknowledged, and had resulted in the compromise of data relating to cutting-edge military weapons systems and technologies that are critical to national security.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
humberger972
50%
50%
humberger972,
User Rank: Apprentice
6/10/2013 | 3:35:16 PM
re: China To America: You Hack Us, Too
stuxnet malware -
the country that came up with this - has zero rights to complain about the
activity of other countries. Stuxnet doesn't hack- it endangers people and destroys
infrastructure.... sorry but if you want the moral high ground - you have to
not be playing in the mud. Not to mention the other countries are probably
envious of Prism -- wishing their citizens were so passive they could get away
with that.
zerses
50%
50%
zerses,
User Rank: Apprentice
6/10/2013 | 12:59:25 AM
re: China To America: You Hack Us, Too
So we need a law that says we won't hack other entities that are legal entitites?

If we pass any law not to hack, China and every other country will NOT stop hacking - so now what?????????

Hey, WHITEHATS where the HECK are you?!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8896
Published: 2014-12-22
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify ...

CVE-2014-8897
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

CVE-2014-8898
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

CVE-2014-8899
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.