US fingers few Chinese hacker groups

2011-12-12 12:50
Washington - As few as 12 different Chinese groups, largely backed or directed by the government there, do the bulk of the China-based cyber attacks stealing critical data from US companies and government agencies, according to US cyber security analysts and experts.

The aggressive, but stealthy attacks, which steal billions of dollars in intellectual property and data, often carry distinct signatures allowing US officials to link them to certain hacker teams. And, analysts say the US often gives the attackers unique names or numbers, and at times can tell where the hackers are and even who they may be.

Sketched out by analysts who have worked with US companies and the government on computer intrusions, the details illuminate recent claims by American intelligence officials about the escalating cyber threat emanating from China.

And the widening expanse of targets, coupled with the expensive and sensitive technologies they are losing, is putting increased pressure on the US to take a much harder stand against the Asian giant.

It is largely impossible for the US to prosecute hackers in China, since it requires reciprocal agreements between the two countries, and it is always difficult to provide ironclad proof that the hacking came from specific people.

Accountable

Several analysts described the Chinese attacks, speaking on condition of anonymity because of the sensitivity of the investigations and to protect the privacy of clients. China has routinely rejected allegations of cyber spying and says it also is a target.

"Industry is already feeling that they are at war," said James Cartwright, a retired Marine general and former vice chair of the Joint Chiefs of Staff.

A recognised expert on cyber issues, Cartwright has come out strongly in favour of increased US efforts to hold China and other countries accountable for the cyber attacks that come from within their borders.

"Right now we have the worst of worlds," said Cartwright. "If you want to attack me you can do it all you want, because I can't do anything about it. It's risk free, and you're willing to take almost any risk to come after me."

The US, he said, "needs to say, if you come after me, I'm going to find you, I'm going to do something about it. It will be proportional, but I'm going to do something... and if you're hiding in a third country, I'm going to tell that country you're there, if they don't stop you from doing it, I'm going to come and get you".

Cyber experts agree, and say that companies are frustrated that the government isn't doing enough to pressure China to stop the attacks or go after hackers in that country.

Much like during the Cold War with Russia, officials say the US needs to make it clear that there will be repercussions for cyber attacks.

Broadened

The government "needs to do more to increase the risk", said Jon Ramsey, head of the counter threat unit at the Atlanta-based Dell SecureWorks, a computer security consulting company.

"In the private sector we're always on defence. We can't do something about it, but someone has to. There is no deterrent not to attack the US."

Cyber attacks originating in China have been a problem for years, but until a decade or so ago analysts said the probes focused mainly on the US government - a generally acknowledged intelligence gathering activity similar to Americans and Russians spying on each other during the Cold War.

But in the last 10 to 15 years, the attacks have gradually broadened to target defence companies, and then other critical industries including those in energy, finance and other sectors.

According to Ramsey and other cyber analysts, hackers in China have different digital fingerprints, often visible through the computer code they use, or the command and control computers that they use to route their malicious software.

US government officials have been reluctant to tie the attacks directly back to the Chinese government, but analysts and officials quietly say that they have tracked enough intrusions to specific locations to be confident they are linked to Beijing - either the government or the military. And, they add that they can sometimes glean who benefited from a particular stolen technology.

One of the analysts said investigations show that the dozen or so Chinese teams appear to get "taskings", or orders, to go after specific technologies or companies within a particular industry. At times, two or more of the teams appear to get the same shopping list, and compete to be the first to get it, or the one with the greatest haul.

China-based

Analysts and US officials agree that a majority of the cyber attacks seeking intellectual property or other sensitive or classified data are done by China-based hackers. While much of the cyber attacks stealing credit card or financial information come from Eastern Europe or Russia.

According to experts, the malicious software or high-tech tools used by the Chinese haven't become much more sophisticated in recent years. But the threat is persistent, often burying malware deep in computer networks so it can be used repeatedly over the course of several months or even years.

The tools include malware that can record keystrokes, steal and decrypt passwords, and copy and compress data so it can be transferred back to the attacker's computer. The malware can then delete itself or disappear until needed again.

Several specific attacks linked to China include:

- Two sophisticated attacks against Google's systems that stole some of the internet giant's intellectual property and broke into the Gmail accounts of several hundred people, including senior US government officials, military personnel and political activists.

- In 2010, computer security firm Mandiant reported that data was stolen from a Fortune 500 manufacturing company during business negotiations when the company was trying to buy a Chinese company.

- Earlier this year, McAfee traced an intrusion to an internet protocol address in China and said intruders took data from global oil, energy and petrochemical companies.

Damage

For the first time, US intelligence officials called out China and Russia in November, saying they are systematically stealing American high-tech data for their own economic gain. The unusually forceful public report seemed to signal a new, more vocal US government campaign against the cyber attacks.

The next step, said Cartwright, must be a full-throated US policy that makes it clear how the US will deal with cyber attacks, including the attackers as well as the nations the attacks are routed through.

Once an attack is detected, he said the US should first go through the State Department to ask the country to stop the attack. If the country refuses, he said, the US will have the right to stop the computer server from sending the attack by whatever means possible while still avoiding any collateral damage.
- SAPA
Read more on:    us  |  china  |  cybercrime
NEXT ON NEWS24X
SHARE:

Read News24’s Comments Policy

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
4 comments
Add your comment
Comment 0 characters remaining
 

Inside News24

 
/News
 

LOL! Best outdoor girl fails

It’s not only guys who have FAIL moments! Here are some of the funniest outdoor fails where girls are the victims!

 
 

Where were you when you last felt alive?

90-year-old's incredible travels
10 facts about swimming you didn't know
Halloween night run
Exciting new zipline for Cape Town!

Jobs in Cape Town [change area]

Property [change area]

Travel - Look, Book, Go!

Magical Massinga

Spend 5 nights at the gorgeous Massinga Beach Lodge in Mozambique and only pay for 4 from R13 220 per person sharing. Includes return flights, accommodation, transfers and romantic turndown. Book now!

Kalahari.com - shop online today

Save up to R2100 on electronics! – As seen in the catalogue

Wishing for tech gadgets this festive? Save up to R2100 on hot tech products at kalahari.com. While stocks last. Shop now!

Toys 4 for the price of 3

Buy 4 toys and get the cheapest FREE! Offer valid while stocks last. Shop now!

Seen something you like in our catalogue?

Find the perfect gift and save up to R5000 – As seen on the catalogue. Hurry and shop now!

Mind blowing deals on electronics!

Save up to 35% on electronics. Offer valid while stocks last. Shop now!

Hot offer: Up to 50% off irons

Save up to 50% on all Philips irons. While stocks last. Shop now!

OLX Free Classifieds [change area]

Samsung Galaxy s4

Mobile, Cell Phones in South Africa, Western Cape, Cape Town. Date October 24

Best bargain in big bay

Real Estate, Houses - Apartments for Sale in South Africa, Western Cape, Cape Town. Date October 25

VW Golf 6, 1.6 Trendline (Excellent condition)

Vehicles, Cars in South Africa, Western Cape, Cape Town. Date October 25

Horoscopes
Aquarius
Aquarius

There may be some tension that is caused through social conflicts -- personal interests versus obligations. You may feel an...read more

There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.








Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.