Skip the navigation

Chinese hackers master the art of lying in wait

What they are really good at is remaining hidden, security experts say in wake of Pentagon report

May 8, 2013 11:39 AM ET

Computerworld - The remarkable success that Chinese state-sponsored groups have had in infiltrating U.S. government, military and corporate networks in recent years should not be mistaken as a sign that China is gaining technical superiority over the U.S. in cyberspace, security experts said.

Chinese state-sponsored hacking groups are no more -- or less -- sophisticated than criminal and politically motivated cyber groups anywhere else. What has made them different is the way they target victims, their persistence and their ability to stay hidden in a breached network for extended periods of time.

The Pentagon on Monday released a report accusing China of engaging in cyberespionage as a way of finding and stealing information that could be used to modernize its defense and high-technology industries.

The unusually candid report warned of Chinese policymakers and military planners using stolen information to build a picture of U.S. defense networks, logistics and related military capabilities that could be exploited during a crisis. The espionage activities are helping China build a sophisticated electronic warfare capability designed to neutralize U.S. technological superiority in traditional warfare and other areas, the report cautioned.

The report marked the first time the U.S government has officially said what many people in the private sector, and even within the government, have said for years about the Chinese government's support for cyberespionage.

As ominous as the tone of the report is, the reality is more mundane, according to several security experts.

"The Chinese don't have super-duper techniques," said John Pescatore, director of emerging security trends at the SANS Institute in Bethesda, Md. "They are not smarter in software than us. If they were, we would see them starting up new companies" instead of engaging in espionage, Pescatore said.

While state-sponsored hackers in China likely have an arsenal of attack techniques and zero-day assaults that they can unleash, in most cases, they have only had to use common attack tools and exploit known vulnerabilities to gain a foothold on a target network.

"It's not that the Chinese have some unbeatable way of breaking into a network. What is innovative is their targeting," Pescatore said. U.S. contractors and defense companies that are often the target of Chinese espionage efforts should not be too concerned about where the attacks are coming from, he said. Instead, they should simply focus on shutting down the basic vulnerabilities and configuration errors that enable attackers to breach their networks.

"What we have definitely seen from China over the years is that they use the least amount of force necessary to accomplish their goals," said Dan McWhorter, managing director of threat intelligence at security firm Mandiant. "If you are not very savvy at keeping people out, they will use the lowest level of tools and their easiest means to get in. If you are a sophisticated company, they will up their game."

Our Commenting Policies