Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:22 PM
Connect Directly

Report: Chinese Military Behind Google, Other Cyberattacks

Most attacks traced to Chinese island tourist attraction that also houses state-of-the-art military installation

A new report handed to Congress today concludes that the Chinese military -- the People's Liberation Army -- is behind most cyberattacks on the U.S., including the infamous Operation Aurora attacks that hit Google, Adobe, Intel, and other companies.

The "China, Cyber Espionage and U.S. National Security" white paper, authored by independent research group Medius Research and commissioned by political action organization Patriot Majority, says most cyberattacks out of China originate from Hainan Island, a tourist attraction with a massive high-tech military installation located on the South China Sea.

"Hainan Island is a pretty good showcase of military modernization. It combines several capabilities, including a space launch and a submarine [base]," says Richard Parker, lead researcher for the Medius report. And a recent study by Canadian researchers traced the IP addresses of cyberattacks to four command servers to Hainan Island, he notes.

The Medius report drew its findings from background interviews with government officials, as well as from previous research, such as the 2009 Canadian study that revealed the Hainan Island connection, and a report from the U.S.-China Economic and Security Review Commission.

Chinese officials have denied any government ties to Google and other cyberattacks. Aside from U.S. intelligence community and security industry theories that these attacks are typically state-sponsored, there also have been reports of civilian groups in China conducting their own hacking operations. The Medius report says the line between China's indie hacker culture and the government is blurred, and civilians are "informally contracted."

"The idea that the [Chinese] government is not involved seems a little ludicrous," Medius' Parker says. "I understand that there is an independent hacking culture in China," but the military is the main mechanism for this, he says. Hainan Island has a population of 8 million people; in addition to its underground submarine base and space launch facility, it houses an air force base. These elements "make the island key not only to force projection but also to intelligence gathering and high-technology warfare that combines cyber warfare, space warfare and electronic warfare," according to the report.

The report says the U.S.-China Economic and Security Review Commission report from last year provides key actions for Congress to take -- namely to hold hearings on the commission's recommendations and take any legislative action it can before the commission publishes its next report later this year.

Among the recommendations by the commission: that Congress assess its ability to meet the challenge of cyberattacks out of China and review the effectiveness of how law enforcement and the intelligence community trace the origins of cyberattacks.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
PUBLISHED: 2019-07-19
** DISPUTED ** An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. The (1) management SSH and (2) management TELNET features allow remote attackers to cause a denial of service (connection slot e...
PUBLISHED: 2019-07-19
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
PUBLISHED: 2019-07-19
A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7, ...