Attacks/Breaches
4/23/2013
12:30 PM
50%
50%

Cyber Strikes Like Nuclear Bombs, Says Chinese General

Chinese official calls for better Internet security, denies reports that China-affiliated attackers are targeting Western competitors.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
A leading Chinese military officer Monday warned that a failure of Internet security could have "damaging consequences" for all "big cyber countries."

"If the security of the Internet cannot be guaranteed, then ... results may be as serious as a nuclear bomb," said Gen. Fang Fenghui, chief of staff of the People's Liberation Army, in a joint press conference with his U.S. counterpart, Martin Dempsey, chairman of the Joint Chiefs of Staff, according to a statement released by the Joint Chiefs of Staff.

Dempsey is in China to conduct negotiations on a number of fronts, including cybersecurity, North Korea, terrorism and disaster relief -- in the wake of an earthquake Sunday in Sichuan Province that left an estimated 188 people dead and 11,500 injured, and for which the Chinese military has been leading the disaster response.

[ Is China behind hacks? Read China Denies U.S. Hacking Accusations: 6 Facts. ]

On the cybersecurity front, Fang during the press briefing denied reports that a Chinese military unit has been responsible for launching cyberespionage operations and advanced persistent threat attacks against Western competitors.

"None of these activities is tolerated here in China," he said, emphasizing that like the United States, China is itself a victim of online attacks, reported The Wall Street Journal. Furthermore, he noted the difficulty of accurately tracing back attacks to their true origin.

In an apparent first, however, the Chinese military official agreed to discuss the issue of cybersecurity in further high-level government talks. "Gen. Dempsey and I have already talked about the importance of maintaining cybersecurity," Fang said. "I believe it is important that we check out the idea that we should jointly work on this issue," he said.

Fang's remarks came the same day that Verizon released its annual Data Breach Investigations Report (DBIR). That report -- based on information provided by Verizon and the U.S. Computer Emergency Response Team, as well as other national CERTs, the U.S. Secret Service and law enforcement agencies in Europe -- counted 621 confirmed data breaches, 47,000 reported security incidents and 44 million compromised records in 2012.

"State-affiliated actors tied to China are the biggest mover in 2012," said the report. "Their efforts to steal IP [intellectual property] comprise about one-fifth of all breaches in this [2012] data set." The report noted that "a whopping 96% of espionage cases were attributed to threat actors in China."

"State espionage and IP theft is more prevalent than ever," said Jay Jacobs, a senior analyst for the RISK Team at Verizon, speaking by phone.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RoninQuinn
50%
50%
RoninQuinn,
User Rank: Apprentice
4/26/2013 | 10:01:13 PM
re: Cyber Strikes Like Nuclear Bombs, Says Chinese General
I am sorry, but there is simply no comparison here. Am I missing some sort of Cold War 2.0 hidden fear-mongering agenda here?

Cyber Attacks can not destroy "life" on earth. Likening Intellectual Property theft, and banking disruption to Nuke's is just wrong. This has to be one of the dumbest quotes / headlines I have seen in a while.
Lee Hu
50%
50%
Lee Hu,
User Rank: Apprentice
4/25/2013 | 11:57:49 AM
re: Cyber Strikes Like Nuclear Bombs, Says Chinese General
A Chinese military officer promoting Internet security is like Adolf Hitler promoting world peace. The Chinese government was warned over and over again since 2008...we tried to let them save face. But they wouldn't stop. Now, every major Internet security group in the world has identified the Chinese government as behind the espionage and all they have left to say is, "nuh uh."
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4467
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

CVE-2014-4476
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4477
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4479
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4480
Published: 2015-01-30
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.