Attacks/Breaches
4/23/2013
12:30 PM
Connect Directly
RSS
E-Mail
50%
50%

Cyber Strikes Like Nuclear Bombs, Says Chinese General

Chinese official calls for better Internet security, denies reports that China-affiliated attackers are targeting Western competitors.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
A leading Chinese military officer Monday warned that a failure of Internet security could have "damaging consequences" for all "big cyber countries."

"If the security of the Internet cannot be guaranteed, then ... results may be as serious as a nuclear bomb," said Gen. Fang Fenghui, chief of staff of the People's Liberation Army, in a joint press conference with his U.S. counterpart, Martin Dempsey, chairman of the Joint Chiefs of Staff, according to a statement released by the Joint Chiefs of Staff.

Dempsey is in China to conduct negotiations on a number of fronts, including cybersecurity, North Korea, terrorism and disaster relief -- in the wake of an earthquake Sunday in Sichuan Province that left an estimated 188 people dead and 11,500 injured, and for which the Chinese military has been leading the disaster response.

[ Is China behind hacks? Read China Denies U.S. Hacking Accusations: 6 Facts. ]

On the cybersecurity front, Fang during the press briefing denied reports that a Chinese military unit has been responsible for launching cyberespionage operations and advanced persistent threat attacks against Western competitors.

"None of these activities is tolerated here in China," he said, emphasizing that like the United States, China is itself a victim of online attacks, reported The Wall Street Journal. Furthermore, he noted the difficulty of accurately tracing back attacks to their true origin.

In an apparent first, however, the Chinese military official agreed to discuss the issue of cybersecurity in further high-level government talks. "Gen. Dempsey and I have already talked about the importance of maintaining cybersecurity," Fang said. "I believe it is important that we check out the idea that we should jointly work on this issue," he said.

Fang's remarks came the same day that Verizon released its annual Data Breach Investigations Report (DBIR). That report -- based on information provided by Verizon and the U.S. Computer Emergency Response Team, as well as other national CERTs, the U.S. Secret Service and law enforcement agencies in Europe -- counted 621 confirmed data breaches, 47,000 reported security incidents and 44 million compromised records in 2012.

"State-affiliated actors tied to China are the biggest mover in 2012," said the report. "Their efforts to steal IP [intellectual property] comprise about one-fifth of all breaches in this [2012] data set." The report noted that "a whopping 96% of espionage cases were attributed to threat actors in China."

"State espionage and IP theft is more prevalent than ever," said Jay Jacobs, a senior analyst for the RISK Team at Verizon, speaking by phone.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RoninQuinn
50%
50%
RoninQuinn,
User Rank: Apprentice
4/26/2013 | 10:01:13 PM
re: Cyber Strikes Like Nuclear Bombs, Says Chinese General
I am sorry, but there is simply no comparison here. Am I missing some sort of Cold War 2.0 hidden fear-mongering agenda here?

Cyber Attacks can not destroy "life" on earth. Likening Intellectual Property theft, and banking disruption to Nuke's is just wrong. This has to be one of the dumbest quotes / headlines I have seen in a while.
Lee Hu
50%
50%
Lee Hu,
User Rank: Apprentice
4/25/2013 | 11:57:49 AM
re: Cyber Strikes Like Nuclear Bombs, Says Chinese General
A Chinese military officer promoting Internet security is like Adolf Hitler promoting world peace. The Chinese government was warned over and over again since 2008...we tried to let them save face. But they wouldn't stop. Now, every major Internet security group in the world has identified the Chinese government as behind the espionage and all they have left to say is, "nuh uh."
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6335
Published: 2014-08-26
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and ...

CVE-2014-0480
Published: 2014-08-26
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL ...

CVE-2014-0481
Published: 2014-08-26
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a d...

CVE-2014-0482
Published: 2014-08-26
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors relate...

CVE-2014-0483
Published: 2014-08-26
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.