Attacks/Breaches
4/23/2013
12:30 PM
50%
50%

Cyber Strikes Like Nuclear Bombs, Says Chinese General

Chinese official calls for better Internet security, denies reports that China-affiliated attackers are targeting Western competitors.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
A leading Chinese military officer Monday warned that a failure of Internet security could have "damaging consequences" for all "big cyber countries."

"If the security of the Internet cannot be guaranteed, then ... results may be as serious as a nuclear bomb," said Gen. Fang Fenghui, chief of staff of the People's Liberation Army, in a joint press conference with his U.S. counterpart, Martin Dempsey, chairman of the Joint Chiefs of Staff, according to a statement released by the Joint Chiefs of Staff.

Dempsey is in China to conduct negotiations on a number of fronts, including cybersecurity, North Korea, terrorism and disaster relief -- in the wake of an earthquake Sunday in Sichuan Province that left an estimated 188 people dead and 11,500 injured, and for which the Chinese military has been leading the disaster response.

[ Is China behind hacks? Read China Denies U.S. Hacking Accusations: 6 Facts. ]

On the cybersecurity front, Fang during the press briefing denied reports that a Chinese military unit has been responsible for launching cyberespionage operations and advanced persistent threat attacks against Western competitors.

"None of these activities is tolerated here in China," he said, emphasizing that like the United States, China is itself a victim of online attacks, reported The Wall Street Journal. Furthermore, he noted the difficulty of accurately tracing back attacks to their true origin.

In an apparent first, however, the Chinese military official agreed to discuss the issue of cybersecurity in further high-level government talks. "Gen. Dempsey and I have already talked about the importance of maintaining cybersecurity," Fang said. "I believe it is important that we check out the idea that we should jointly work on this issue," he said.

Fang's remarks came the same day that Verizon released its annual Data Breach Investigations Report (DBIR). That report -- based on information provided by Verizon and the U.S. Computer Emergency Response Team, as well as other national CERTs, the U.S. Secret Service and law enforcement agencies in Europe -- counted 621 confirmed data breaches, 47,000 reported security incidents and 44 million compromised records in 2012.

"State-affiliated actors tied to China are the biggest mover in 2012," said the report. "Their efforts to steal IP [intellectual property] comprise about one-fifth of all breaches in this [2012] data set." The report noted that "a whopping 96% of espionage cases were attributed to threat actors in China."

"State espionage and IP theft is more prevalent than ever," said Jay Jacobs, a senior analyst for the RISK Team at Verizon, speaking by phone.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RoninQuinn
50%
50%
RoninQuinn,
User Rank: Apprentice
4/26/2013 | 10:01:13 PM
re: Cyber Strikes Like Nuclear Bombs, Says Chinese General
I am sorry, but there is simply no comparison here. Am I missing some sort of Cold War 2.0 hidden fear-mongering agenda here?

Cyber Attacks can not destroy "life" on earth. Likening Intellectual Property theft, and banking disruption to Nuke's is just wrong. This has to be one of the dumbest quotes / headlines I have seen in a while.
Lee Hu
50%
50%
Lee Hu,
User Rank: Apprentice
4/25/2013 | 11:57:49 AM
re: Cyber Strikes Like Nuclear Bombs, Says Chinese General
A Chinese military officer promoting Internet security is like Adolf Hitler promoting world peace. The Chinese government was warned over and over again since 2008...we tried to let them save face. But they wouldn't stop. Now, every major Internet security group in the world has identified the Chinese government as behind the espionage and all they have left to say is, "nuh uh."
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2004-2771
Published: 2014-12-24
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

CVE-2014-3569
Published: 2014-12-24
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshak...

CVE-2014-4322
Published: 2014-12-24
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or c...

CVE-2014-6132
Published: 2014-12-24
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML vi...

CVE-2014-6153
Published: 2014-12-24
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.