China Alleges Cyberattacks from U.S. on Its Military
Apparently weary of being blamed for hacking into U.S. military, media and other business computers, China is now making some pointed accusations of its own. China is reproaching the U.S. for launching hack attacks against its military networks.
Specifically, China said two of its Ministry of Defense Web sites saw more than 10,000 cyberattacks a month in 2012. And, the Communist nation continued, nearly two-thirds of those attacks originated in the U.S.
That said, China is not all about blaming the U.S. government for the alleged cyber trespasses. Still, China wants answers. In a statement on China's Defense Ministry Web site Thursday, spokesman Geng Yansheng pointed to "U.S. media reports," he said revealed the U.S. planned to craft a policy endorsing pre-emptive cyberattacks against China. Geng did not reveal which U.S. media reports indicated an escalation of cyberwarfare.
Espionage Hard to Prove
"According to IP addresses, in 2012 the Defense Ministry and China Military Online Web sites each month face 144,000 foreign attacks, of those, ones coming from the U.S. represented 62.9 percent," Geng said.
"These practices are not conducive to the joint efforts of the international community to enhance Internet security. We hope the United States will explain and clarify."
Is America hacking the Chinese? Is China hacking the U.S.? Is there any truth in this blame game or is it just politicking?
Graham Cluley, a senior security analyst at Sophos, told us most countries are probably engaging in cyber sleuthing.
"I would be surprised if any developed nation wasn't involved in some level of Internet espionage," Cluley told us from the floor of the RSA security conference in San Francisco. "After all, its relatively easy to do and a low risk compared to having spies on the ground. Of course, the problem is always 'proving' a particular attack was state-sponsored rather than being done by lone hackers of their own choosing."
The Mandiant Report
Thursday's statement was the most pointed allegation since the recent Mandiant report that indicted China for cyber espionage. According to Mandiant, the Chinese military appears to be hacking into U.S. interests. The 60-page report alleges members of "Comment Crew" and "Shanghai Group" have been tied to a 12-story building in Shanghai that's connected with the People's Liberation Army Unit 61398.
Mandiant's analysis led the firm to conclude that APT1, a prolific cyber-espionage group that has conducted attacks on a number of victims since at least 2006, is likely sponsored by the Chinese government and is one of the most persistent of China's threat actors.
"APT1 focuses on compromising organizations across a broad range of industries in English-speaking countries," Mandiant said. "APT1 has systematically stolen hundreds of terabytes of data Relevant Products/Services from at least 141 organizations."
According to Mandiant, APT1 maintains an extensive infrastructure of computer systems around the world. In over 97 percent of the 1,905 times Mandiant observed APT1 intruders connecting to their attack infrastructure, APT1 used IP addresses registered in Shanghai and systems set to use the Simplified Chinese language.
The size of APT1's infrastructure implies a large organization with at least dozens, but potentially hundreds of human operators. In an effort to underscore that there are actual individuals behind the keyboard, the Mandiant reveals three personas that are associated with APT1 activity. Mandiant is also releasing more than 3,000 indicators to bolster defenses against APT1 operations.