Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

China Looks for Cooperation to Battle Cross-Border Cyber Attacks

Battle over Attribution Continues, China a Major Victim of Cyber Attacks

A senior cyber-security official in China said recently that the country wants to work with other nations to improve cyber security. Yet along with this pledge came another example of the back and forth between nation-states that has become a common feature of many public discussions about security. This time however, it was China pointing fingers at the United States.

Battle over Attribution Continues, China a Major Victim of Cyber Attacks

A senior cyber-security official in China said recently that the country wants to work with other nations to improve cyber security. Yet along with this pledge came another example of the back and forth between nation-states that has become a common feature of many public discussions about security. This time however, it was China pointing fingers at the United States.

China Cyber Security CooperationAccording to a report by the National Computer Network Emergency Response Coordination Center of China (CNCERT/CC), nearly 15 percent of the roughly 493,000 attacks that hit Chinese systems in 2010 came from America. Some 221,000 of the attacks originate from IP addresses outside China, China’s state-run Xinhua News Agency reported, and some 4,500 Chinese government Websites were targeted by hackers.

Zhou Yonglin, chief of CNCERT/CC’s operation and management department, noted that it is difficult to determine however where attacks truly come from.

“We cannot say for certain that the hackers were located abroad simply because their Internet Protocol addresses (IPs) were located in other countries,” Zhou told Xinhua. “Likewise, we cannot say that Chinese hackers are actually in China simply because their IPs are located in China.”

During the past few years, conversations in the West about state-sponsored cybercrime and espionage have routinely centered on China as a suspect. In 2010, Google blamed China for Operation Aurora. Before that, there was GhostNet, an espionage operation linked to China that targeted political targets in more than 100 countries. More recently some have speculated that China may be the mastermind behind Operation Shady RAT –though McAfee, the vendor that uncovered it, was careful not to place blame.

“I don’t think we should be naïve,” Graham Cluley, senior technology consultant at Sophos, blogged on August 3rd. “I’m sure China does use the internet to spy on other countries. But I’m equally sure that just about every country around the world is using the internet to spy. Why wouldn’t they? It’s not very hard, and it’s certainly cost effective compared to other types of espionage.”

The fact is, explained Websense’s Patrik Runald, the U.S. and China are the top two countries hosting crimeware and receiving stolen data. But just because a server is in a particular country does not mean the attacker is, he said.

“Rather than looking at things from a U.S. vs. China angle—it’s more about cybercriminals vs. companies,” said Runald, the company’s senior manager of security research. “The wildly successful techniques used in state-sponsored attacks are moving down a malware adoption lifecycle. Yesterday’s million-dollar, well-planned, high-profile attack is quickly becoming a $25 exploit kit available online to armies of low-level hackers.”

Perhaps an equally important question is whether or not the political aspects of the battles over attribution harm efforts to get governments to cooperate with one another. In the wake of the disclosure of Operation Aurora in 2010, U.S. Secretary of State Hillary Clinton called on China to investigate the allegations and be transparent, even as she avoided directly accusing the Chinese government of involvement. Google itself was in the middle of a dispute with China regarding the company’s operations in the country when it took the unusual step of accusing Beijing outright. Such are the thin political and economic lines surrounding discussions on cyber-security.

“Cooperation between countries depends on history and outside political factors,” Runald said. “For example, there is already international cooperation on spam rings. Each case will vary. It will depend on the nature of the attacks and the organizations. Outside of the political arena, I think international corporate collaboration is key. For example, we have Websense Security Labs teams in San Diego, EMEA and China, so we are watching 24/7. For us, working with international teams is a huge strength.”

Related Reading: China’s Cyber Threat Growing

Related Reading: Massive Series of Cyber Attacks Targeting 70+ Global Organizations Uncovered

Related Reading: Digging Deeper into Operation Shady RAT

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.