Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

China Looks for Cooperation to Battle Cross-Border Cyber Attacks

Battle over Attribution Continues, China a Major Victim of Cyber Attacks

A senior cyber-security official in China said recently that the country wants to work with other nations to improve cyber security. Yet along with this pledge came another example of the back and forth between nation-states that has become a common feature of many public discussions about security. This time however, it was China pointing fingers at the United States.

Battle over Attribution Continues, China a Major Victim of Cyber Attacks

A senior cyber-security official in China said recently that the country wants to work with other nations to improve cyber security. Yet along with this pledge came another example of the back and forth between nation-states that has become a common feature of many public discussions about security. This time however, it was China pointing fingers at the United States.

China Cyber Security CooperationAccording to a report by the National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), nearly 15 percent of the roughly 493,000 attacks that hit Chinese systems in 2010 came from America. Some 221,000 of the attacks originate from IP addresses outside China, China’s state-run Xinhua News Agency reported, and some 4,500 Chinese government Websites were targeted by hackers.

Zhou Yonglin, chief of CNCERT/CC’s operation and management department, noted that it is difficult to determine however where attacks truly come from.

“We cannot say for certain that the hackers were located abroad simply because their Internet Protocol addresses (IPs) were located in other countries,” Zhou told Xinhua. “Likewise, we cannot say that Chinese hackers are actually in China simply because their IPs are located in China.”

During the past few years, conversations in the West about state-sponsored cybercrime and espionage have routinely centered on China as a suspect. In 2010, Google blamed China for Operation Aurora. Before that, there was GhostNet, an espionage operation linked to China that targeted political targets in more than 100 countries. More recently some have speculated that China may be the mastermind behind Operation Shady RAT –though McAfee, the vendor that uncovered it, was careful not to place blame.

“I don’t think we should be naïve,” Graham Cluley, senior technology consultant at Sophos, blogged on August 3rd. “I’m sure China does use the internet to spy on other countries. But I’m equally sure that just about every country around the world is using the internet to spy. Why wouldn’t they? It’s not very hard, and it’s certainly cost effective compared to other types of espionage.”

The fact is, explained Websense’s Patrik Runald, the U.S. and China are the top two countries hosting crimeware and receiving stolen data. But just because a server is in a particular country does not mean the attacker is, he said.

“Rather than looking at things from a U.S. vs. China angle—it’s more about cybercriminals vs. companies,” said Runald, the company’s senior manager of security research. “The wildly successful techniques used in state-sponsored attacks are moving down a malware adoption lifecycle. Yesterday’s million-dollar, well-planned, high-profile attack is quickly becoming a $25 exploit kit available online to armies of low-level hackers.”

Advertisement. Scroll to continue reading.

Perhaps an equally important question is whether or not the political aspects of the battles over attribution harm efforts to get governments to cooperate with one another. In the wake of the disclosure of Operation Aurora in 2010, U.S. Secretary of State Hillary Clinton called on China to investigate the allegations and be transparent, even as she avoided directly accusing the Chinese government of involvement. Google itself was in the middle of a dispute with China regarding the company’s operations in the country when it took the unusual step of accusing Beijing outright. Such are the thin political and economic lines surrounding discussions on cyber-security.

“Cooperation between countries depends on history and outside political factors,” Runald said. “For example, there is already international cooperation on spam rings. Each case will vary. It will depend on the nature of the attacks and the organizations. Outside of the political arena, I think international corporate collaboration is key. For example, we have Websense Security Labs teams in San Diego, EMEA and China, so we are watching 24/7. For us, working with international teams is a huge strength.”

Related Reading: China’s Cyber Threat Growing

Related Reading: Massive Series of Cyber Attacks Targeting 70+ Global Organizations Uncovered

Related Reading: Digging Deeper into Operation Shady RAT

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.