Attacks/Breaches
4/23/2013
12:30 PM
Connect Directly
RSS
E-Mail
50%
50%

Cyber Strikes Like Nuclear Bombs, Says Chinese General

Chinese official calls for better Internet security, denies reports that China-affiliated attackers are targeting Western competitors.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
A leading Chinese military officer Monday warned that a failure of Internet security could have "damaging consequences" for all "big cyber countries."

"If the security of the Internet cannot be guaranteed, then ... results may be as serious as a nuclear bomb," said Gen. Fang Fenghui, chief of staff of the People's Liberation Army, in a joint press conference with his U.S. counterpart, Martin Dempsey, chairman of the Joint Chiefs of Staff, according to a statement released by the Joint Chiefs of Staff.

Dempsey is in China to conduct negotiations on a number of fronts, including cybersecurity, North Korea, terrorism and disaster relief -- in the wake of an earthquake Sunday in Sichuan Province that left an estimated 188 people dead and 11,500 injured, and for which the Chinese military has been leading the disaster response.

[ Is China behind hacks? Read China Denies U.S. Hacking Accusations: 6 Facts. ]

On the cybersecurity front, Fang during the press briefing denied reports that a Chinese military unit has been responsible for launching cyberespionage operations and advanced persistent threat attacks against Western competitors.

"None of these activities is tolerated here in China," he said, emphasizing that like the United States, China is itself a victim of online attacks, reported The Wall Street Journal. Furthermore, he noted the difficulty of accurately tracing back attacks to their true origin.

In an apparent first, however, the Chinese military official agreed to discuss the issue of cybersecurity in further high-level government talks. "Gen. Dempsey and I have already talked about the importance of maintaining cybersecurity," Fang said. "I believe it is important that we check out the idea that we should jointly work on this issue," he said.

Fang's remarks came the same day that Verizon released its annual Data Breach Investigations Report (DBIR). That report -- based on information provided by Verizon and the U.S. Computer Emergency Response Team, as well as other national CERTs, the U.S. Secret Service and law enforcement agencies in Europe -- counted 621 confirmed data breaches, 47,000 reported security incidents and 44 million compromised records in 2012.

"State-affiliated actors tied to China are the biggest mover in 2012," said the report. "Their efforts to steal IP [intellectual property] comprise about one-fifth of all breaches in this [2012] data set." The report noted that "a whopping 96% of espionage cases were attributed to threat actors in China."

"State espionage and IP theft is more prevalent than ever," said Jay Jacobs, a senior analyst for the RISK Team at Verizon, speaking by phone.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RoninQuinn
50%
50%
RoninQuinn,
User Rank: Apprentice
4/26/2013 | 10:01:13 PM
re: Cyber Strikes Like Nuclear Bombs, Says Chinese General
I am sorry, but there is simply no comparison here. Am I missing some sort of Cold War 2.0 hidden fear-mongering agenda here?

Cyber Attacks can not destroy "life" on earth. Likening Intellectual Property theft, and banking disruption to Nuke's is just wrong. This has to be one of the dumbest quotes / headlines I have seen in a while.
Lee Hu
50%
50%
Lee Hu,
User Rank: Apprentice
4/25/2013 | 11:57:49 AM
re: Cyber Strikes Like Nuclear Bombs, Says Chinese General
A Chinese military officer promoting Internet security is like Adolf Hitler promoting world peace. The Chinese government was warned over and over again since 2008...we tried to let them save face. But they wouldn't stop. Now, every major Internet security group in the world has identified the Chinese government as behind the espionage and all they have left to say is, "nuh uh."
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3587
Published: 2014-08-22
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists bec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.