title: 'Hacking US China trade punches' published: true publish_date: '31-08-2016 14:56' taxonomy: category:
- Politics tag:
- Digital espionage
- Digital sabotage 'Post Type':
US cyber security firm Mandiant claims to have evidence the Chinese government is behind years of hacking attacks on US corporations, organisations and government agencies. VoR’s Tom Spender reports. The allegations Cybersecurity firm Mandiant has accused a secretive People’s Liberation Army team, known as Unit 61398, of hacking American targets. Mandiant says hundreds if not thousands of English-speaking hackers operate from a Unit 61398 building in suburban Shanghai and have stolen hundreds of terabytes of data from at least 141 organisations. It’s the first time individual hackers have been traced to the immediate vicinity of a Chinese military location. But on Wednesday the Chinese government hit back. Chinese government hits back It claimed the hacks cited by Mandiant were carried out using hijacked Internet Protocol addresses, a common tactic for fooling investigators, and there was no proof of Chinese government involvement. Patrick Chovanec is an associate professor at Tsinghua University in Beijing. “There’s no smoking gun and there will probably never be. But there’s a pattern,”he said. “It looked like it was sponsored by the Chinese government and the implications are much greater than if it was simply private actors." What is the purpose of hacking? “It takes a lot of different forms," explains Chovanec."Some is commercial in nature, going after corporate secrets or customer lists and client information. Some is strategic, vulnerability of critical infrastructure.” Mandiant examined hacks dating from 2006. It says that on average, the prolific hacking group it investigated would remain inside a network, stealing information and passwords, for about a year. Among the group’s targets was a Canadian company which designs software to remotely control critical oil and gas infrastructure. US beefs up defences Yesterday State Department spokeswoman Victoria Nuland said the US was working to strengthen its cyber defences. “We’ve also regularly and repeatedly raised our concerns at the highest level with the Chinese Government about cyber theft, including with senior Chinese officials and the military. We’ll continue to do that,”she said. Tsinghua University’s Patrick Chovanec says cyberattacks fit into China’s overall military strategy. “Rather than try to challenge the US on a conventional basis – tank for tank, bomb for bomb – the strategy, and it makes a lot of sense, is to use asymmetrical means and look for vulnerabilities,”he said. “One of the key vulnerabilities in the US is both the military and civilian dependence on data networks and exchange of information.” Espionage by digital means Rik Ferguson is director of security research at cybersecurity firm Trend Micro. He says advanced countries can be expected to use cutting edge technology to spy on one another. “Three terms are really important: espionage, sabotage and warfare. We don’t get confused about those in real life but it seems there’s a lot of bleeding between the lines in the digital world and we need to be very clear that what we’re talking about in almost every case documented so far – not just in the Mandiant report but in general – is espionage facilitated by digital and electronic means,”he said. “There’s a lot of finger pointing at China for the attacks in the Mandiant report. There’s equally a lot of finger pointing at the US and Israel for malware like Stuxnet. This malware was directly responsible for physical damage to nuclear installations, which is no small thing.” Stuxnet the 'game changer' Ferguson says the Stuxnet attack on Iran’s nuclear programme – widely believed to have been carried out by the US and Israel – may be interpreted by states around the globe as a green light to carry out such actions themselves. “Stuxnet was a gamechanger. The fact that people have not been prepared to explicitly deny involvement in that project definitely gives other people the green light to go ahead and try similar things,”he said. “Stuxnet was an act of sabotage rather than espionage. Luckily for the US, and everybody else guess, so far it’s been the only real example that we’ve seen. I certainly don’t think it will be the last.” The power of sheer numbers Ferguson says China’s high level of internet use and quality of technical education means the government there has a big talent pool to select from. And Patrick Chovanec in Beijing says simply being able to call upon large numbers of people can be effective. “The fact that you can put thousands of people online targeting different websites, they don’t all have to be crack experts for that to be a significant threat,”he said. Chovanec says that for now, the best way for the US to respond to Chinese cyberespionage is to highlight the cost to China itself. “The cost is also to the willingness of global companies to do business in China, to bring higher value activities to China, to expose data to Chinese sources,”he said. China’s Foreign Ministry says that last year 14 million computers and 38,000 websites in China were hacked and remotely controlled by overseas IP addresses. Spokesman Hong Lei said the biggest source of attacks was the US. Meanwhile China’s Defence Ministry said military websites suffered 240,000 cyberattacks in the first three months of last year.