Thursday, February 21, 2013

China's growing hacking army

China may have to rein in their growing army of hackers and even admit they have been party to the widespread breaches of computer systems around the world.

This is the opinion of a former investment banker who founded the Beijing-based investment consultancy firm BDA in 1994. Speaking at The Wall Street Journal's Unleashing Innovation conference in Singapore on Wednesday, Duncan Clark suggests that Beijing would soon have to face up to the concerns surrounding hacking attacks originating in China. If not they would likely lose credibility and goodwill as it rises as a global power.

"End of plausible deniability"

Referring to a damning and recently released document detailing China's widespread hacking attacks, Clark said, "We're approaching the end of plausible deniability for this [hacking] stuff."

"It's true that other parties exploit China's internet…it's not just China. But it's pretty 'smoking gun' stuff now about the [People's Liberation Army]."

"Ultimately, they have to own these problems" if they are going to deliver on their aims of having Chinese corporations going overseas and expand their soft power, Clark says [WSJ blog].

While many observers in the West will have few doubts about where many of the cyberattacks are emanating, China continually insists that it is not responsible and maintains a line that it too is under constant attacks from other countries.

It is perhaps naive to believe, that even with growing evidence showing China to be responsible for a growing number of cyberattacks, the country might change its ways.

Smoking gun

This week Mandiant Corporation published a report detailing cyberattacks on companies spanning many industries ranging from information technology and telecommunications to aerospace and energy. These attacks were, according to the report, linked to the People's Liberation Army [PLA].

At least 141 companies had been breached, 115 in the US alone, since 2006, the report claimed. According to Mandiant Corp., the publishers of the report, a group linked to the PLA had attacked unnamed companies spanning industries ranging from information technology and telecommunications to aerospace and energy.

In a blog Mandiant said their report showed China was running an "enterprise-scale computer espionage campaign". "We consider it to be one of the most prolific in terms of the sheer quantity of information it has stolen," Mandiant said.

The details in the report convinced Mandiant "that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them".


Unsurprisingly, China denies any involvement in the attacks detailed in the report. Foreign Ministry spokesman Hong Lei dismissed the report. "Hacking attacks are transnational and anonymous, … Determining their origins are extremely difficult. We don't know how the evidence in this so-called report can be tenable.

Yet all signs point to China as being behind such attacks. One report in the GBTimes published this week highlights an advertisement posted on Zhejiang University School of Computer Science and Technology's website calling for computer science graduates to apply for positions at the PLA's now infamous military Unit 61398, identified by Mandiant as being the unit responsible for so many of the cyberattacks [BBC / Sky News / FT].

The 12 storey building located at 208 Datong Road in the Pudong District of Shanghai is a rather non-descript location for the centre of China's cyber-espionage  though previous reports have identified universities and other mundane locations as being the source of similar attacks in the past.

Past accusations

A report published by security firm McAfee details that a project it names as Operation Shady RAT had targeted at least 72 defence contractors, businesses and organisations including the United Nations and the International Olympic Committee. While McAfee only pointed to "State actors" as being behind the attacks, many analysts assumed that to be China.

Operation Aurora was another series of attacks said to have targeted Adobe Systems, Juniper Networks, Rackspace, Yahoo, Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical. Amongst the most prominent victims was Google which publicly disclosed the attack on January 12, 2010, in a blog post and specifically identified China as being behind the hacking attacks.

One of the organisations targeted was Northrop Grumman, an American global aerospace and defence technology company which regularly publishes reports on China's cyber-espionage efforts.

In 2012 Northrop Grumman published "Chinese Capabilities for Computer Network Operations and Cyber Espionage" a follow-up to a 2009 report which also labelled China as being a major cyber-threat [USCC China Cyber-Espionage].

"Critical risks"

The document highlights Chinese capabilities in computer network operations and states that they have advanced to such a standard as to pose a "genuine risk to US military operations in the event of a conflict."

The report also underlines the ongoing cyber-espionage which posed critical risks. "The Chinese military's close relationship with large Chinese telecommunications firms creates an avenue for state sponsored or state directed penetrations of supply chains for electronics supporting US  military, government, and civilian industry – with the potential to cause the catastrophic failure of systems and networks supporting critical infrastructure for national security or public safety."

Such concerns are behind decisions to discourage or thwart business deals with companies like Huawei, a Chinese telecoms firm believed by many to have uncomfortably close ties with China's military [tvnewswatch: Mixed response to Huawei, ZTE security threat].

The PLA's hacking operations are far reaching and multi-layered according to the reports. Indeed they have adopted a multi-layered approach to offensive information warfare [Public Intelligence].

"Hacking menace"

Such threats are significant and growing. In his upcoming book Google's chairman Eric Schmidt labels China a hacking menace which will put "both the government and the companies of the United States as a distinct disadvantage." [tvnewswatch: Eric Schmidt labels China hacking menace]

Almost anyone who is connected to the Internet is vulnerable. In recent weeks Facebook admitted they had been targeted in a series of "sophisticated" attacks [BBC]

Facebook said user information was unlikely to have been stolen and that it had taken measures to prevent further attacks. "We have no evidence that Facebook user data was compromised in this attack," Facebook said in a blog post. "As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day."

The firm also said it was "not alone in this attack" something that appeared correct after Apple later revealed it to had been targeted. Apple said they had been hit by the same hacker who had attacked the social network [Telegraph]. Bloomberg, which has itself been the target of cyberattacks said to have originated in China, reported the Apple and Facebook attacks may have come from Eastern Europe, though it is possible, even as China claims to hide the origin of attacks and make it look as though they are coming from somewhere else. North Korea has been blamed for cyberattacks in the past, though it is just as possible hacker could have made it appear as such [tvnewswatch: North Korea believed behind DoS attacks].

In the last few weeks several US newspapers have also been hacked including the New York Times and the Washington post. Just as with Bloomberg the targeted attacks are seen as retaliation for the publishing of critical articles about China.

Mitigating risk

While there is no absolute defence from such attacks, users both big and small need to take note of security notices and update software in a timely manner. Recently security holes in Java, Adobe Flash and Adobe Reader have left many open to hackers. Operating systems themselves are often found to have vulnerabilities and it is important to patch these immediately. While anti-virus software is not perfect, all computer users should employ at least some protection. Even Macs can be hit by malware, and smartphones are increasingly being targeted.


It is unlikely that the US or other countries are guilt free when it comes to cyber-espionage. However, it appears that attacks coming from China are a great deal more damage and pose a greater threat. As such it is unsurprising that some are calling for retaliatory steps. "Trade secret theft threatens American businesses, undermines national security and places the security of the US economy in jeopardy," a report published by White House this week stated. "These acts also diminish US export prospects around the globe and put American jobs at risk." [Fox News / WSJ].

The cyberwar, that appears, at least on the surface, to be one sided, is unlikely to end any time soon. Only when the disadvantages of such attacks outweigh the advantages will such hacking attempts diminish.

If, as promised by the Obama administration, the US follow through with threats of trade and diplomatic action over corporate espionage then China might reduce its attacks. But when millions of dollars of intellectual property is at stake China has much to gain, and far less to lose unless strong punitive measures are taken by its hacking victims.

see also: tvnewswatch: Cyber talks fail to reach concensus [Nov 2011] / tvnewswatch: Cyber-warfare threat posed by China [Jan 2010] / tvnewswatch: Cyberwar declared as China's attacks increase [Mch 2010] / tvnewswatch: Setting rules of engagement in cyberwar [Feb 2011] / tvnewswatch:Chinas hackers seek revenge for Baidu attack [Jan 2010] / 
tvnewswatch: Responses to growing cyberwar [June 2011] / tvnewswatch: Britain under threat from cyberattacks [Oct 2010]

tvnewswatch, London, UK

No comments: