Battle over Attribution Continues, China a Major Victim of Cyber Attacks
A senior cyber-security official in China said recently that the country wants to work with other nations to improve cyber security. Yet along with this pledge came another example of the back and forth between nation-states that has become a common feature of many public discussions about security. This time however, it was China pointing fingers at the United States.
According to a report by the National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), nearly 15 percent of the roughly 493,000 attacks that hit Chinese systems in 2010 came from America. Some 221,000 of the attacks originate from IP addresses outside China, China’s state-run Xinhua News Agency reported, and some 4,500 Chinese government Websites were targeted by hackers.
Zhou Yonglin, chief of CNCERT/CC’s operation and management department, noted that it is difficult to determine however where attacks truly come from.
“We cannot say for certain that the hackers were located abroad simply because their Internet Protocol addresses (IPs) were located in other countries,” Zhou told Xinhua. “Likewise, we cannot say that Chinese hackers are actually in China simply because their IPs are located in China.”
During the past few years, conversations in the West about state-sponsored cybercrime and espionage have routinely centered on China as a suspect. In 2010, Google blamed China for Operation Aurora. Before that, there was GhostNet, an espionage operation linked to China that targeted political targets in more than 100 countries. More recently some have speculated that China may be the mastermind behind Operation Shady RAT –though McAfee, the vendor that uncovered it, was careful not to place blame.
“I don’t think we should be naïve,” Graham Cluley, senior technology consultant at Sophos, blogged on August 3rd. “I’m sure China does use the internet to spy on other countries. But I’m equally sure that just about every country around the world is using the internet to spy. Why wouldn’t they? It’s not very hard, and it’s certainly cost effective compared to other types of espionage.”
The fact is, explained Websense’s Patrik Runald, the U.S. and China are the top two countries hosting crimeware and receiving stolen data. But just because a server is in a particular country does not mean the attacker is, he said.
“Rather than looking at things from a U.S. vs. China angle—it’s more about cybercriminals vs. companies,” said Runald, the company’s senior manager of security research. “The wildly successful techniques used in state-sponsored attacks are moving down a malware adoption lifecycle. Yesterday’s million-dollar, well-planned, high-profile attack is quickly becoming a $25 exploit kit available online to armies of low-level hackers.”
Perhaps an equally important question is whether or not the political aspects of the battles over attribution harm efforts to get governments to cooperate with one another. In the wake of the disclosure of Operation Aurora in 2010, U.S. Secretary of State Hillary Clinton called on China to investigate the allegations and be transparent, even as she avoided directly accusing the Chinese government of involvement. Google itself was in the middle of a dispute with China regarding the company’s operations in the country when it took the unusual step of accusing Beijing outright. Such are the thin political and economic lines surrounding discussions on cyber-security.
“Cooperation between countries depends on history and outside political factors,” Runald said. “For example, there is already international cooperation on spam rings. Each case will vary. It will depend on the nature of the attacks and the organizations. Outside of the political arena, I think international corporate collaboration is key. For example, we have Websense Security Labs teams in San Diego, EMEA and China, so we are watching 24/7. For us, working with international teams is a huge strength.”
Related Reading: China’s Cyber Threat Growing
Related Reading: Massive Series of Cyber Attacks Targeting 70+ Global Organizations Uncovered
Related Reading: Digging Deeper into Operation Shady RAT
