Chinese hackers master the art of lying in wait
What they are really good at is remaining hidden, security experts say in wake of Pentagon report
Computerworld - The remarkable success that Chinese state-sponsored groups have had in infiltrating U.S. government, military and corporate networks in recent years should not be mistaken as a sign that China is gaining technical superiority over the U.S. in cyberspace, security experts said.
Chinese state-sponsored hacking groups are no more -- or less -- sophisticated than criminal and politically motivated cyber groups anywhere else. What has made them different is the way they target victims, their persistence and their ability to stay hidden in a breached network for extended periods of time.
The Pentagon on Monday released a report accusing China of engaging in cyberespionage as a way of finding and stealing information that could be used to modernize its defense and high-technology industries.
The unusually candid report warned of Chinese policymakers and military planners using stolen information to build a picture of U.S. defense networks, logistics and related military capabilities that could be exploited during a crisis. The espionage activities are helping China build a sophisticated electronic warfare capability designed to neutralize U.S. technological superiority in traditional warfare and other areas, the report cautioned.
The report marked the first time the U.S government has officially said what many people in the private sector, and even within the government, have said for years about the Chinese government's support for cyberespionage.
As ominous as the tone of the report is, the reality is more mundane, according to several security experts.
"The Chinese don't have super-duper techniques," said John Pescatore, director of emerging security trends at the SANS Institute in Bethesda, Md. "They are not smarter in software than us. If they were, we would see them starting up new companies" instead of engaging in espionage, Pescatore said.
While state-sponsored hackers in China likely have an arsenal of attack techniques and zero-day assaults that they can unleash, in most cases, they have only had to use common attack tools and exploit known vulnerabilities to gain a foothold on a target network.
"It's not that the Chinese have some unbeatable way of breaking into a network. What is innovative is their targeting," Pescatore said. U.S. contractors and defense companies that are often the target of Chinese espionage efforts should not be too concerned about where the attacks are coming from, he said. Instead, they should simply focus on shutting down the basic vulnerabilities and configuration errors that enable attackers to breach their networks.
"What we have definitely seen from China over the years is that they use the least amount of force necessary to accomplish their goals," said Dan McWhorter, managing director of threat intelligence at security firm Mandiant. "If you are not very savvy at keeping people out, they will use the lowest level of tools and their easiest means to get in. If you are a sophisticated company, they will up their game."
- DOJ's charges against China reframe security, surveillance debate
- Hacker indictments against China's military unlikely to change anything
- U.S. to formally accuse Chinese military of hacking
- Cyberattacks could paralyze U.S., former defense chief warns
- The NSA blame game: Singling out RSA diverts attention from others
- Jury still out on FISA court
- Suspected China-based hackers 'Comment Crew' rises again
- Chinese hackers master the art of lying in wait
- Spy court OK'd all U.S. wiretap requests it received in 2012
- Groups denounce FBI plan to require Internet backdoors for wiretaps
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Platfora Big Data Analytics for Network Security Platfora amplifies the effectiveness of network security analysis, providing Big Data Analytics capability to augment existing security infrastructure for known threats, and advanced...
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- ESG Lab Report: Virident FlashMAX Connect Performance Advantage with vCache on a single Oracle instance View Now>>
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer... All Cyberwarfare White Papers | Webcasts