backtop


Print 50 comment(s) - last by RedemptionAD.. on Feb 25 at 11:56 AM

One third of the world's cyberattacks come from China, Chinese government feigns ignorance

In a newly published document entitled "ADMINISTRATION STRATEGY ON MITIGATING THE THEFT OF U.S. TRADE SECRETS" [PDF], the White House threatens China and other countries with both trade and diplomatic consequences if cyberattacks on U.S. corporations, media, and advocacy groups continue to be traced to their doorstep.

I. Brazen Attacks by Chinese Continue

At a White House press conference, Attorney General Eric Holder paints a grim picture of the state of cyberdefense, commenting, "There are only two categories of companies affected by trade-secret theft: those that know they've been compromised and those that don't know it yet.  A hacker in China can acquire source code from a software company in Virginia without leaving his or her desk."

Many top companies, including General Motors Comp. (GM), E. I. DuPont De Nemours and Comp. (DD), Google Inc. (GOOG), and American Superconductor, Corp. (AMSC), have seen trade secrets stolen by hackers in China.  At the press conference John Powell, general counsel for American Superconductor, shared a particularly troubling tale of how a big Chinese wind company -- formerly the largest client of his firm -- recruited a former employee and used their knowledge to remotely steal trade secrets.  He comments, "It's a real threat and it's a really costly threat."

Eric Holder
AG Eric Holder blasted Chinese cyberagression and called for tough action if attacks continue.
[Image Source: AP]

Pressure is mounting on the U.S. federal government, particularly the Obama administration, to give a stronger response in the wake of brazen attacks from China on U.S. media agencies including The New York Times and The Wall Street Journal.  

Reports have emerged that these attacks may all have been the work of an elite unit of Chinese military hackers.  While the U.S. works hard to imprison many of its most talented "black hat" hackers, China reportedly goes to great lengths to recruit its own black hats, lavishing them with rock star salaries and other perks.

II. Government Struggles With How to Counter Chinese Aggression

The document is ambiguous on how the U.S. will respond, but it makes it clear that Washington D.C. is well aware of the attacks from China on top U.S. corporations.  Currently, the ability to mount a strong counteroffensive is stifled by the relative "greenness" of America's cyber-fighting force. This force is composed mostly of straight-shooting college IT types, many of whom have never hacked into a system they weren't allowed to.  

Over the last year, the National Security Agency (NSA) has been showing up at top hacker conventions trying to convince more talented hackers to join its ranks -- but such efforts remain in their infancy and are being heavily stifled by animosity from the hacker community over punitive computer crimes law enforcement.

Security firm Akama Technologies, Inc. (AKAM) estimates that in 2012 33 percent of attack traffic originated from China.  By contrast, the U.S. -- in second place -- only claimed 13 percent of global attack contract.  Chinese government officials claim that hacking is illegal in China and that its own companies are also victimized by their domestic hackers.  However, many of the attacks appear to be geared towards suppressing dissidents or attacking U.S. media entities that expose secrets of Chinese politicians.

China hackers
Chinese hackers are responsible for a third of the world's cyberattacks. [Image Source: Kealtu]

The result is that the cyberwar between the U.S. and China is playing out as a classic bully-victim situation.  China denies everything while constantly abusing both U.S. government agencies and private companies.  And experts believe the U.S. is doing far precious little to fight back.

Last week, President Obama signed a cybersecurity executive order calling for voluntary corporate information sharing on security risks.  Congress is in the process of establishing a more rigid framework for the sharing.

James Lewis, a former top State Department official who is now a cybersecurity specialist at the Center for Strategic and International Studies, praised the Obama administration's actions in an interview with The Wall Street Journal, stating, "This is what you have to do to get the Chinese to behave differently.  You've got to keep pushing on them; you've got to keep grinding."

Trade pacts like the Trans-Pacific Partnership may provide a forum to push for stricter intellectual property protections.  And Mr. Lewis suggests that the U.S. could put pressure on China by denying Chinese companies access to American banks, or by denying Chinese researchers visas, if attacks continue.

Sources: The White House {PDF], The Wall Street Journal



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

America's Next Top Target
By ninelite on 2/21/2013 3:28:37 PM , Rating: 2
Seems like America always need a target country to distract its people from the local problems, like debt crisis, gu.n control, etc...

Cold War with Russia, Weapon of Mass Destruction at Iraq, War on Terror in Afghanistan & Middle East, and now Cycle Warfare with China. Weather they are being done for the right reason or not, this country will never find peace if its government keep functioning this way.




RE: America's Next Top Target
By Milliamp on 2/21/2013 3:44:29 PM , Rating: 5
It is like the part of the matrix where they said the first version of the matrix was a utopian world but people rejected it.

The cold hard truth is people are hard wired to need a foe to slay and in the absence of one they turn on each other instead. Observe the people around you for a while and see how frequently they categorize people as either us or them based on all kinds of things large and small. We do it with a consistency that is alarmingly robotic and its fascinating to observe at times.


RE: America's Next Top Target
By kerpwnt on 2/21/2013 6:06:36 PM , Rating: 3
Don't you know? We've always been at war with Eastasia.


RE: America's Next Top Target
By Ammohunt on 2/21/2013 8:12:42 PM , Rating: 2
This is human nature; its a basic need of human to be superstitious as well humans can’t exist without some sort of mythos if its not religion its 911 truthers, aliens any number of conspiracy theories even atheism in itself fills that void. People’s lives are too easy the base rot in our society comes from people being bored because of that easy life so they fill it with nastiness towards others.


RE: America's Next Top Target
By SlyNine on 2/21/2013 9:40:16 PM , Rating: 5
You guys are going off the deep-end here. Your statements are nothing but conjectur.

It's a nice hypothisis but please keep in mind it could be total BS and you could be completely wrong.

Perhaps social factors play a bigger role.

Perhaps China really is a problem.

Perhaps Government are trying to distract Americas with a "bigger" problem.

But please stop this pseudopsychology. You sound like nut jobs.


RE: America's Next Top Target
By ninelite on 2/21/2013 11:18:13 PM , Rating: 4
We are just guessing along with the government here.
Does the US government has solid proof that Chinese government launched the cyber attack?
How about proof on the Weapon of Mass Destruction?
Or proof that War on Terror can reduced the world-wide terrorist attacks?
Instead of raising taxes and wasting money on all these "conjecture," I would feel much better if they focus on the debt crisis, gun control and all kind of local problems. Fix our own problems before nose around others'.


RE: America's Next Top Target
By espaghetti on 2/22/2013 8:47:41 AM , Rating: 2
The most we got out of Iraq was this:

http://www.nbcnews.com/id/25546334/#.USd1OWeDl8E

It's not exactly a weapon of mass destruction.


RE: America's Next Top Target
By Breathless on 2/22/2013 12:38:19 PM , Rating: 3
We don't have a problem with gun control. We have a problem with douchebags trying to control our guns.


RE: America's Next Top Target
By NellyFromMA on 2/22/2013 1:05:27 PM , Rating: 2
WRong arguement. We have a problem with the mentally unstable obtaining weapons for mass assaults, both legall and illegally.

You'll have a WAY better time getting an acceptable outcome on this if you actually address the REAL issue.


RE: America's Next Top Target
By Jaybus on 2/22/2013 4:15:37 PM , Rating: 2
I can tell you that the servers I manage for a pharmaceutical company came under attack from IPs located in China immediately following a trip one of our execs made to Shanghai to discuss licensing and approval for a cancer drug. We get attempts every day, but they come from all over. After his trip, actually DURING his trip, attempts skyrocketed with more than 90% of the attempts coming from China. It was not a high profile trip, by any means. No PR or anything. It is not proof that a particular entity did it, but somebody in China did. Coincidence? I very much doubt it.


RE: America's Next Top Target
By Ammohunt on 2/22/2013 12:15:07 PM , Rating: 2
Like you posses some secret truths please....get over yourself. The OP had a good point that was valid and within the realm of the human condition and the conversation.


By BifurcatedBoat on 2/22/2013 1:32:54 PM , Rating: 2
Maybe it's very simple, and people - like other animals - are usually looking to get ahead at someone/something else's expense. So is it surprising that China would be doing it? Not really. Is it surprising that we would be doing it? Not really. What's more surprising is not standing up for yourself and trying to protect your position.


RE: America's Next Top Target
By Noya on 2/21/2013 10:51:43 PM , Rating: 2
quote:
is people are hard wired to need a foe to slay and in the absence of one they turn on each other instead. Observe the people around you for a while and see how frequently they categorize people as either us or them based on all kinds of things large and small.


It's our animal instincts to dominate, to defeat others.

In my opinion, it's simply the uncontrolled breeding of the weaker (all survive vs. high intelligent), less intelligent members of society that make the majority of society to have this mental condition.

With that said, aggressive governments (US) have always exploited the fact that the majority cannot see through the charades of good vs. bad, us vs. them, Left vs. Right and play along with the corrupt system that continues to move farther to the right than it has ever been in the last century.


RE: America's Next Top Target
By vortmax2 on 2/22/2013 6:48:21 PM , Rating: 2
quote:
It's our animal instincts to dominate, to defeat others.


If we continue to teach that we're 'only' animals, then we will continue to act like animals. Get ready, it's only going to get worse...


RE: America's Next Top Target
By RedemptionAD on 2/25/2013 11:56:36 AM , Rating: 2
The actual issue in the majority is lack of pattern recognition. That is in effect what allows people to be controlled and/or manipulated.

Governments have always have used such methods for legitimate uses like national security or to buy time so that prior plans for the greater good of the country have time to take effect. The abuse of the technique is what can be used to mask corruption and other nefarious uses.


RE: America's Next Top Target
By NellyFromMA on 2/22/2013 1:04:28 PM , Rating: 2
Kind of like these forums.


RE: America's Next Top Target
By NellyFromMA on 2/22/2013 1:03:55 PM , Rating: 2
Yeah man, lets totally distract ourselves form the fact that the REAL problem of China infiltrating our system IS A DOMESTIC ISSUE!!!!

HELLO!?!?!?!


The US needs to take action
By masamasa on 2/21/2013 2:13:14 PM , Rating: 2
If they don't take action it's clear both private and public industry are going to continue to be targeted and more and more valuable IP will be stolen. Pleading innocence through ignorance is hardly an acceptable response. Time to bring the hammer down.




RE: The US needs to take action
By bodar on 2/21/2013 10:45:55 PM , Rating: 2
What is this hammer you speak of? China knows we can't sanction them or afford to go to war with them. And as the article notes, our hackers are not fond of the government, so open cyber warfare is probably a non-option.

Perhaps these companies should consider taking some of the money they've been making by offshoring jobs and invest in their IT security and infrastructure to better protect their IP. Because what they're doing isn't working obviously. While no network is impervious to hacking and this isn't something you can just throw money at, maybe they should give a serious look at their IT budgets. Just sayin'.

What happened to that whole idea of not looking to the government to solve our problems? ;)


RE: The US needs to take action
By Jeffk464 on 2/21/2013 11:14:00 PM , Rating: 2
quote:
Perhaps these companies should consider taking some of the money they've been making by offshoring jobs


Yup, US companies have been shafting american workers by sending our jobs to China so it doesn't overly hurt my feeling to see them in turn get shafted by China.


RE: The US needs to take action
By MadMan007 on 2/21/2013 11:26:14 PM , Rating: 2
I see people say 'The US needs China' all the time but very rarely do I see the flip side - China needs the US. And it's true. If relations were to go to hell quickly, China's economy would be in deep doodoo. As for the debt they hold, although they might use it as a threat sometimes, the truth is China would be as screwed as the US if they stopped buying Treasuries - it would severely damage the value of their current holdings.

It's MAED - mutually assured economic destruction.


RE: The US needs to take action
By Jeffk464 on 2/22/2013 12:27:57 AM , Rating: 2
So why does both the US and China behave like China has all the leverage?


RE: The US needs to take action
By BifurcatedBoat on 2/22/2013 1:35:42 PM , Rating: 2
The US does not really need China. The average American worker would be ultimately more prosperous if he didn't have to compete with Chinese labor, even though goods would be typically more expensive.


RE: The US needs to take action
By MadMan007 on 2/24/2013 2:14:03 AM , Rating: 2
You're right, as a whole the US would be better off. The 1% wouldn't, and they've managed to convince a lot of the 99% to believe things that are against the 99%'s best interests. But hey, cheap stuff!!


RE: The US needs to take action
By Ramstark on 2/22/2013 6:50:46 PM , Rating: 2
And China really doesn't need the US. They can just outgrow US companies and move their products through Asia, Europe and Latin America. Chinese companies are the ones gaining traction in all this markets, and don't forget that they are also competing against small (if high tech) countries like South Korea and Japan.
Don't be too hasty to name your country as necessary to another one...


RE: The US needs to take action
By knutjb on 2/23/2013 12:58:52 AM , Rating: 2
This comment is apparently spam and we do not allow spam comments.

really,


RE: The US needs to take action
By knutjb on 2/23/2013 1:00:01 AM , Rating: 2
This comment is apparently spam and we do not allow spam comments. Fix your filters


RE: The US needs to take action
By MadMan007 on 2/24/2013 2:16:24 AM , Rating: 2
China needs consumers for its exports. The US is still the biggest economy and 70% of it is consumer. The rest of the world won't make up for that and China is already doing the other exports you mentioned.

Until China's domestic demand gets large enough, they are dependent upon their trade partners and without them China's economy would collapse.


RE: The US needs to take action
By Jeffk464 on 2/21/2013 11:10:29 PM , Rating: 2
Guarantee China will call our bluff, we will do nothing, and things will keep going the way they've been going.

We've done this dance before.


RE: The US needs to take action
By retrospooty on 2/22/2013 10:00:21 AM , Rating: 2
" The US needs to take action ... If they don't take action it's clear both private and public industry are going to continue to be targeted and more and more valuable IP will be stolen. "

How about improve security so you dont get hacked?

When I was a kid, I ran a recycle site at a local grocery store. The company that ran it had shipping issues and often would let the storage bins fill up, so we had to store cans and bottles in bags unsecured left outside overnight. Of course, every morning we came in and it was all stolen. After a few times the local police said "Look, we cant do anything about this if you are going to leave valuable items outside for the taking, people will take it... Dont call us again unless someone actually breaks in to your property".

Same thing.


shoudnt title be" CHINA PWNED NOOB USA-LOL"
By anandtech02148 on 2/21/2013 7:46:16 PM , Rating: 2
how do you hack China when you can barely get your students to speak proper english and acquired another language like Mandarin, they only care about YOLO.
Americans is no darling, Stuxnet was just a passe, i'm pretty sure there other american made virus going viral like the Harlem Shake.
can someone translate some mandarin news outlet regarding the tools in america's newsmedia.




By ianweck on 2/21/2013 7:52:07 PM , Rating: 2
What's the Mandarin phrase for "idiot troll"?


RE: shoudnt title be" CHINA PWNED NOOB USA-LOL"
By Noya on 2/21/2013 10:40:12 PM , Rating: 2
quote:
going viral like the Harlem Shake


Wow, I visited my sister and nieces a few hours ago and they just had to bring the "Harlem Shake" up as if I was missing out on something amazing...so sad how idiotic the majority of this country is.


By MadMan007 on 2/21/2013 11:28:22 PM , Rating: 2
Was it just your niece who was really into it? If so I'd dismiss it as typical kid stuff, she'll be over it in a month. Then again, adults have gotten into silly fads too - Macarena anyone?


By Omega215D on 2/22/2013 8:10:21 AM , Rating: 2
Yeah well it's happening all over the world as well. Like that Gangnam style thing.


By Jeffk464 on 2/21/2013 11:08:36 PM , Rating: 2
pretty sure stuxnet was Israel, not US.


Rules of Engagement
By SuckRaven on 2/21/2013 6:53:02 PM , Rating: 2
Sadly, if the United States continues to play by its own rules on this one, it will lose, and lose big time. It's unfortunate, but some countries just don't play by the same rule-book, and when you are the juggernaut that is China, you really don't have to. After all...if they already have all of our manufacturing secrets, and now most of our tech secrets, what can we really do to them except what has already been said and done. More economic and political sanctions? Go cry to the the U.N.? Too bad so sad. And, who will really end up being hurt by those economic sanctions anyway? Oh wait...it's the U.S. & A. Why? Because all of our crap is made in China, and has been for decades. Seems like the good ol' boys here have really painted themselves into a pretty corner.




RE: Rules of Engagement
By Strunf on 2/22/2013 7:49:59 AM , Rating: 2
The funny part is that China is playing by the same rules as the US, the US being the juggernaut that it is has been stealing back and forth while at the same try its best to protect its own interests just like... China. China is the new USSR... I for one welcome our new overlords!


We can't threaten trade sanctions
By Milliamp on 2/21/2013 3:10:07 PM , Rating: 3
We can't threaten trade sanctions easily because economically they are too powerful.

For starters I have enough experience with enough large companies to know many of the few core people tasked with building and running critical pieces of infrastructure are pretty understaffed.

Secondly, we have to take a hard look at how we design software intended for client based platforms. Instead of saying "look at this cool new trick we are able to extend our browser to do" we need to say "the browser is a critically important sandbox and needs to stay that way, are we sure this is a feature is a good idea?"

Maybe we need to have some commonly used software instanced inside a dedicated VM. People can have one browser that is pretty locked down that will handle most web surfing and standard client/server model stuff and another one that handles things like enterprise applications and Java.

Because at the end of the day if you can't secure the platforms employees are using every day you cannot secure the trade secrets contained on them against theft.

I think IPv6 offers a unique approach to this as well. Using multiple IP addresses per computer offers the ability to do some cooler things with firewall rules and zones.

All IP addresses ending with :0001:xx/128 could be determined to be client/server model only.

IP addresses ending :0002:xx/128 would allow things like P2P applications and applications that need to function in listening state.

This allows some assumptions to be made by external firewalls and administrators and on the machine itself some of these applications can be quarantined to potentially read only VM instances to mitigate damages when infections inevitably happen. Whole disk encryption may not be required but basic disk/directory encryption should be supported by every OS.

Not of these things completely eliminate risk of attack but if I download document.pdf.exe with my browser and read/run it there is absolutely no excuse today for why it has full access to my system.

The prevalent mentality of the past is simply to give users restricted accounts but it clearly doesn't solve all of the problem. You must also build into the platform verbose methods to quarantine individual applications that user is using.




Leaving the back door open.
By drycrust3 on 2/22/2013 2:01:06 AM , Rating: 2
quote:
One third of the world's cyberattacks come from China,

One factor that is easily overlooked is the security of the average Chinese PC: it is poor. If anyone was wanting to find a country where there were lots of insecure computers with which to build a botnet from, China would be close to top of the list.
The result of this poor security is that recipients of cyber attacks point the finger at China, even though the people directing the cyber attacks could be anywhere on the planet, including Iran, North Korea, Russia, or even China.
One way to hinder the cyber attacks would be for Microsoft to allow security patches be downloaded by bootleg versions of Windows in China, and another would be to allow downloading of much better versions of antivirus software packages than those freely available in China.




Tell me about it
By Woobagong on 2/22/2013 3:22:22 AM , Rating: 2
I got used to this a long time ago

C&C Chinese Hacker Units
http://www.youtube.com/watch?v=7uHo-QYqkrY




Funny
By Strunf on 2/22/2013 7:44:38 AM , Rating: 2
Kinda of funny to see Americans complaining of industrial espionage... you didn't really invent the process but the US kinda refined it.

The head line should read 1/3 of world cyberattacks come from China 2/3 come from the US.




Action?
By navair2 on 2/24/2013 9:18:50 PM , Rating: 2
You know what "action" I'd like to see? Make it illegal to buy anything made in China...




Powerless
By chmilz on 2/21/13, Rating: -1
RE: Powerless
By StormyKnight on 2/21/2013 2:43:13 PM , Rating: 2
Obedience to corporations? You mean the same corporations they're raising taxes on? The same corporations they are closing tax loopholes on? The current administration is not corporate friendly, so there are no allegiances.

Define a militarized police forces and angencies and what that has to do with anything?

In what way is the government fighting the Chinese and U.S. citizens (otherwise than raising everyone's taxes)?

And good will with hacker groups such as anonymous that break into corporations? Why would you or the government want goodwill with a group that maliciously attacks those whom they do not like?


RE: Powerless
By roykahn on 2/22/2013 12:54:32 AM , Rating: 2
quote:
The current administration is not corporate friendly


I don't understand how you measure friendliness then.

Corporations have increased in power, more than an individual. Corporate lobbying is as strong as ever, regulations are lax, consumer protection is stymied. Presidential campaigns are massively funded by corporations and their owners. Foreign affairs are still being pursued for the purpose of ensuring investment and profit (for example Middle East oil). Tax loopholes aren't given enough attention, off-shore tax havens are as popular as ever, intellectual property rights are granted almost at will and enforced rather harshly in many cases. Government subsidies to many industries continues, government bailouts to failing corporations. The top marginal tax rate is being kept low, income inequality is increasing. Super-PACS, the American Legislative Exchange Council, Citizens United.

Despite all of the above and more, the government still isn't corporate friendly. Riiiight! Maybe the US can send more troops overseas to ensure US-based corporations have more control over the world's natural resources. I hear they've got some nice oil and gas deposits in Africa...oops...I mean they've got some terrorists in Africa that are in need of assassination.


RE: Powerless
By FITCamaro on 2/21/2013 4:32:02 PM , Rating: 2
No they can't do anything as long as China is their biggest creditor.


RE: Powerless
By ianweck on 2/21/2013 5:36:23 PM , Rating: 2
You mean their biggest foreign creditor.


RE: Powerless
By MadMan007 on 2/21/2013 11:29:43 PM , Rating: 2
Indeed, the biggest US creditor is...the US, by far.


RE: Powerless
By Solandri on 2/22/2013 2:23:16 AM , Rating: 2
quote:
No they can't do anything as long as China is their biggest creditor.

There's a saying:

If you owe the bank a thousand dollars and can't pay, you have a problem.

If you owe the bank a billion dollars and can't pay, the bank has a problem.


"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki