Attacks/Breaches
6/6/2013
01:14 PM
Connect Directly
RSS
E-Mail
50%
50%

China To America: You Hack Us, Too

Difference is China doesn't point fingers, says head of China's computer emergency response team, even though it has "mountains" of evidence that U.S. snoops.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Numerous online attacks against China have been traced back to U.S. servers. But unlike authorities in the United States, the Chinese government chooses to not point the finger, according to the head of the country's computer emergency response team.

"We have mountains of data, if we wanted to accuse the U.S., but it's not helpful in solving the problem," Huang Chengqing, the director of the National Computer Network Emergency Response Technical Team Coordination Center of China (CNCERT), told government-run media outlet China Daily Wednesday.

According to data published by CNCERT, in the first three months of 2013, 5.6 million systems in China were infected by malware tied to 13,400 command-and-control servers located overseas. Of those, more than half of infected systems -- 2.9 million PCs -- were controlled by about 4,000 command-and-control servers based in the United States. Meanwhile, 3,500 U.S. systems had been used to take over about 7,700 different websites located in China.

[ China has been blamed for a variety of intrusions. Read China Tied To 3-Year Hack Of Defense Contractor. ]

In the same timeframe, CNCERT reported that 54 U.S.-based IP addresses had "hijacked Chinese official websites to steal data," which according to China Daily included sites related to "government departments, key information systems and research institutions."

Despite the origin of the attacks, "it's hard to judge whether the U.S. government supported or got involved in the hacking," Huang said. "Besides, hackers can easily hide their real location and identities." As a result, he added, "technically it is irresponsible and unfounded for some people to talk about alleged hacking supported by the Chinese authorities." Huang's comments were published in advance of a two-day Chinese-American summit between President Obama and China's newly minted leader, President Xi Jinping, which is scheduled to occur this Friday and Saturday in California. His comments continue the People's Republic of China (PRC) party line, which is that the government isn't sponsoring espionage attacks against the United States.

The blame game against Chinese hackers has intensified in recent months. In February, a report from security firm Mandiant accused a Chinese army unit of having launched advanced persistent threat (APT) attacks against U.S. businesses. In March, Chinese Premier Li Keqiang rejected those accusations, saying that they amounted to a "presumption of guilt," and that "China does not support but indeed oppose such attacks."

But a confidential Department of Defense report from January 2013, portions of which were first published last month by The Washington Post, said that hack attacks attributed to state-sponsored Chinese attackers had been much more widespread than previously acknowledged, and had resulted in the compromise of data relating to cutting-edge military weapons systems and technologies that are critical to national security.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
humberger972
50%
50%
humberger972,
User Rank: Apprentice
6/10/2013 | 3:35:16 PM
re: China To America: You Hack Us, Too
stuxnet malware -
the country that came up with this - has zero rights to complain about the
activity of other countries. Stuxnet doesn't hack- it endangers people and destroys
infrastructure.... sorry but if you want the moral high ground - you have to
not be playing in the mud. Not to mention the other countries are probably
envious of Prism -- wishing their citizens were so passive they could get away
with that.
zerses
50%
50%
zerses,
User Rank: Apprentice
6/10/2013 | 12:59:25 AM
re: China To America: You Hack Us, Too
So we need a law that says we won't hack other entities that are legal entitites?

If we pass any law not to hack, China and every other country will NOT stop hacking - so now what?????????

Hey, WHITEHATS where the HECK are you?!
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.