backtop


Print 50 comment(s) - last by RedemptionAD.. on Feb 25 at 11:56 AM

One third of the world's cyberattacks come from China, Chinese government feigns ignorance

In a newly published document entitled "ADMINISTRATION STRATEGY ON MITIGATING THE THEFT OF U.S. TRADE SECRETS" [PDF], the White House threatens China and other countries with both trade and diplomatic consequences if cyberattacks on U.S. corporations, media, and advocacy groups continue to be traced to their doorstep.

I. Brazen Attacks by Chinese Continue

At a White House press conference, Attorney General Eric Holder paints a grim picture of the state of cyberdefense, commenting, "There are only two categories of companies affected by trade-secret theft: those that know they've been compromised and those that don't know it yet.  A hacker in China can acquire source code from a software company in Virginia without leaving his or her desk."

Many top companies, including General Motors Comp. (GM), E. I. DuPont De Nemours and Comp. (DD), Google Inc. (GOOG), and American Superconductor, Corp. (AMSC), have seen trade secrets stolen by hackers in China.  At the press conference John Powell, general counsel for American Superconductor, shared a particularly troubling tale of how a big Chinese wind company -- formerly the largest client of his firm -- recruited a former employee and used their knowledge to remotely steal trade secrets.  He comments, "It's a real threat and it's a really costly threat."

Eric Holder
AG Eric Holder blasted Chinese cyberagression and called for tough action if attacks continue.
[Image Source: AP]

Pressure is mounting on the U.S. federal government, particularly the Obama administration, to give a stronger response in the wake of brazen attacks from China on U.S. media agencies including The New York Times and The Wall Street Journal.  

Reports have emerged that these attacks may all have been the work of an elite unit of Chinese military hackers.  While the U.S. works hard to imprison many of its most talented "black hat" hackers, China reportedly goes to great lengths to recruit its own black hats, lavishing them with rock star salaries and other perks.

II. Government Struggles With How to Counter Chinese Aggression

The document is ambiguous on how the U.S. will respond, but it makes it clear that Washington D.C. is well aware of the attacks from China on top U.S. corporations.  Currently, the ability to mount a strong counteroffensive is stifled by the relative "greenness" of America's cyber-fighting force. This force is composed mostly of straight-shooting college IT types, many of whom have never hacked into a system they weren't allowed to.  

Over the last year, the National Security Agency (NSA) has been showing up at top hacker conventions trying to convince more talented hackers to join its ranks -- but such efforts remain in their infancy and are being heavily stifled by animosity from the hacker community over punitive computer crimes law enforcement.

Security firm Akama Technologies, Inc. (AKAM) estimates that in 2012 33 percent of attack traffic originated from China.  By contrast, the U.S. -- in second place -- only claimed 13 percent of global attack contract.  Chinese government officials claim that hacking is illegal in China and that its own companies are also victimized by their domestic hackers.  However, many of the attacks appear to be geared towards suppressing dissidents or attacking U.S. media entities that expose secrets of Chinese politicians.

China hackers
Chinese hackers are responsible for a third of the world's cyberattacks. [Image Source: Kealtu]

The result is that the cyberwar between the U.S. and China is playing out as a classic bully-victim situation.  China denies everything while constantly abusing both U.S. government agencies and private companies.  And experts believe the U.S. is doing far precious little to fight back.

Last week, President Obama signed a cybersecurity executive order calling for voluntary corporate information sharing on security risks.  Congress is in the process of establishing a more rigid framework for the sharing.

James Lewis, a former top State Department official who is now a cybersecurity specialist at the Center for Strategic and International Studies, praised the Obama administration's actions in an interview with The Wall Street Journal, stating, "This is what you have to do to get the Chinese to behave differently.  You've got to keep pushing on them; you've got to keep grinding."

Trade pacts like the Trans-Pacific Partnership may provide a forum to push for stricter intellectual property protections.  And Mr. Lewis suggests that the U.S. could put pressure on China by denying Chinese companies access to American banks, or by denying Chinese researchers visas, if attacks continue.

Sources: The White House {PDF], The Wall Street Journal



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

We can't threaten trade sanctions
By Milliamp on 2/21/2013 3:10:07 PM , Rating: 3
We can't threaten trade sanctions easily because economically they are too powerful.

For starters I have enough experience with enough large companies to know many of the few core people tasked with building and running critical pieces of infrastructure are pretty understaffed.

Secondly, we have to take a hard look at how we design software intended for client based platforms. Instead of saying "look at this cool new trick we are able to extend our browser to do" we need to say "the browser is a critically important sandbox and needs to stay that way, are we sure this is a feature is a good idea?"

Maybe we need to have some commonly used software instanced inside a dedicated VM. People can have one browser that is pretty locked down that will handle most web surfing and standard client/server model stuff and another one that handles things like enterprise applications and Java.

Because at the end of the day if you can't secure the platforms employees are using every day you cannot secure the trade secrets contained on them against theft.

I think IPv6 offers a unique approach to this as well. Using multiple IP addresses per computer offers the ability to do some cooler things with firewall rules and zones.

All IP addresses ending with :0001:xx/128 could be determined to be client/server model only.

IP addresses ending :0002:xx/128 would allow things like P2P applications and applications that need to function in listening state.

This allows some assumptions to be made by external firewalls and administrators and on the machine itself some of these applications can be quarantined to potentially read only VM instances to mitigate damages when infections inevitably happen. Whole disk encryption may not be required but basic disk/directory encryption should be supported by every OS.

Not of these things completely eliminate risk of attack but if I download document.pdf.exe with my browser and read/run it there is absolutely no excuse today for why it has full access to my system.

The prevalent mentality of the past is simply to give users restricted accounts but it clearly doesn't solve all of the problem. You must also build into the platform verbose methods to quarantine individual applications that user is using.




"If you look at the last five years, if you look at what major innovations have occurred in computing technology, every single one of them came from AMD. Not a single innovation came from Intel." -- AMD CEO Hector Ruiz in 2007














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki