Chinese hackers master the art of lying in wait
What they are really good at is remaining hidden, security experts say in wake of Pentagon report
Computerworld - The remarkable success that Chinese state-sponsored groups have had in infiltrating U.S. government, military and corporate networks in recent years should not be mistaken as a sign that China is gaining technical superiority over the U.S. in cyberspace, security experts said.
Chinese state-sponsored hacking groups are no more -- or less -- sophisticated than criminal and politically motivated cyber groups anywhere else. What has made them different is the way they target victims, their persistence and their ability to stay hidden in a breached network for extended periods of time.
The Pentagon on Monday released a report accusing China of engaging in cyberespionage as a way of finding and stealing information that could be used to modernize its defense and high-technology industries.
The unusually candid report warned of Chinese policymakers and military planners using stolen information to build a picture of U.S. defense networks, logistics and related military capabilities that could be exploited during a crisis. The espionage activities are helping China build a sophisticated electronic warfare capability designed to neutralize U.S. technological superiority in traditional warfare and other areas, the report cautioned.
The report marked the first time the U.S government has officially said what many people in the private sector, and even within the government, have said for years about the Chinese government's support for cyberespionage.
As ominous as the tone of the report is, the reality is more mundane, according to several security experts.
"The Chinese don't have super-duper techniques," said John Pescatore, director of emerging security trends at the SANS Institute in Bethesda, Md. "They are not smarter in software than us. If they were, we would see them starting up new companies" instead of engaging in espionage, Pescatore said.
While state-sponsored hackers in China likely have an arsenal of attack techniques and zero-day assaults that they can unleash, in most cases, they have only had to use common attack tools and exploit known vulnerabilities to gain a foothold on a target network.
"It's not that the Chinese have some unbeatable way of breaking into a network. What is innovative is their targeting," Pescatore said. U.S. contractors and defense companies that are often the target of Chinese espionage efforts should not be too concerned about where the attacks are coming from, he said. Instead, they should simply focus on shutting down the basic vulnerabilities and configuration errors that enable attackers to breach their networks.
"What we have definitely seen from China over the years is that they use the least amount of force necessary to accomplish their goals," said Dan McWhorter, managing director of threat intelligence at security firm Mandiant. "If you are not very savvy at keeping people out, they will use the lowest level of tools and their easiest means to get in. If you are a sophisticated company, they will up their game."
- DOJ's charges against China reframe security, surveillance debate
- Hacker indictments against China's military unlikely to change anything
- U.S. to formally accuse Chinese military of hacking
- Cyberattacks could paralyze U.S., former defense chief warns
- The NSA blame game: Singling out RSA diverts attention from others
- Jury still out on FISA court
- Suspected China-based hackers 'Comment Crew' rises again
- Chinese hackers master the art of lying in wait
- Spy court OK'd all U.S. wiretap requests it received in 2012
- Groups denounce FBI plan to require Internet backdoors for wiretaps
- Platfora Big Data Analytics for Network Security Platfora amplifies the effectiveness of network security analysis, providing Big Data Analytics capability to augment existing security infrastructure for known threats, and advanced...
- Operationalizing the Buzz: Big Data 2013 The 2013 EMA/9sight Big Data research surveyed 259 business and technology stakeholders around the world.
- The Principles of the Business Data Lake The Business Data Lake is a new approach to information management, analytics and reporting that better matches the culture of business and better...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Cyberwarfare White Papers | Webcasts