Chinese hackers master the art of lying in wait
What they are really good at is remaining hidden, security experts say in wake of Pentagon report
Computerworld - The remarkable success that Chinese state-sponsored groups have had in infiltrating U.S. government, military and corporate networks in recent years should not be mistaken as a sign that China is gaining technical superiority over the U.S. in cyberspace, security experts said.
Chinese state-sponsored hacking groups are no more -- or less -- sophisticated than criminal and politically motivated cyber groups anywhere else. What has made them different is the way they target victims, their persistence and their ability to stay hidden in a breached network for extended periods of time.
The Pentagon on Monday released a report accusing China of engaging in cyberespionage as a way of finding and stealing information that could be used to modernize its defense and high-technology industries.
The unusually candid report warned of Chinese policymakers and military planners using stolen information to build a picture of U.S. defense networks, logistics and related military capabilities that could be exploited during a crisis. The espionage activities are helping China build a sophisticated electronic warfare capability designed to neutralize U.S. technological superiority in traditional warfare and other areas, the report cautioned.
The report marked the first time the U.S government has officially said what many people in the private sector, and even within the government, have said for years about the Chinese government's support for cyberespionage.
As ominous as the tone of the report is, the reality is more mundane, according to several security experts.
"The Chinese don't have super-duper techniques," said John Pescatore, director of emerging security trends at the SANS Institute in Bethesda, Md. "They are not smarter in software than us. If they were, we would see them starting up new companies" instead of engaging in espionage, Pescatore said.
While state-sponsored hackers in China likely have an arsenal of attack techniques and zero-day assaults that they can unleash, in most cases, they have only had to use common attack tools and exploit known vulnerabilities to gain a foothold on a target network.
"It's not that the Chinese have some unbeatable way of breaking into a network. What is innovative is their targeting," Pescatore said. U.S. contractors and defense companies that are often the target of Chinese espionage efforts should not be too concerned about where the attacks are coming from, he said. Instead, they should simply focus on shutting down the basic vulnerabilities and configuration errors that enable attackers to breach their networks.
"What we have definitely seen from China over the years is that they use the least amount of force necessary to accomplish their goals," said Dan McWhorter, managing director of threat intelligence at security firm Mandiant. "If you are not very savvy at keeping people out, they will use the lowest level of tools and their easiest means to get in. If you are a sophisticated company, they will up their game."
- DOJ's charges against China reframe security, surveillance debate
- Hacker indictments against China's military unlikely to change anything
- U.S. to formally accuse Chinese military of hacking
- Cyberattacks could paralyze U.S., former defense chief warns
- The NSA blame game: Singling out RSA diverts attention from others
- Jury still out on FISA court
- Suspected China-based hackers 'Comment Crew' rises again
- Chinese hackers master the art of lying in wait
- Spy court OK'd all U.S. wiretap requests it received in 2012
- Groups denounce FBI plan to require Internet backdoors for wiretaps
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Ombud Open Research: eSignature Solutions This complimentary Ombud analyst report will help you understand the momentum in eSignature technologies, select the right eSignature platform for your organization's needs,...
- Analyst Report: High-Tech Companies Grow Quickly Using DocuSign eSignatures This white paper examines use cases from leading high-tech companies such as Salesforce.com, McAfee and LinkedIn and how they leverage eSignatures to close...
- Turning Insight Into Action: Social Media Intelligence The amount of data produced on social media is staggering - and so is the potential business value for enterprises that know what...
- Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed in recent years, and it continues to escalate.
- Enhance Your Virtualization Infrastructure With IBM and Vmware Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage aspects as well All Cyberwarfare White Papers | Webcasts
Computerworld has launched its annual search for outstanding IT leaders who align technology with business goals. Nominate a top IT executive for the 2015 Premier 100 IT Leaders awards now through July 18.