China To America: You Hack Us, Too

Difference is China doesn't point fingers, says head of China's computer emergency response team, even though it has "mountains" of evidence that U.S. snoops.

Mathew J. Schwartz, Contributor

June 6, 2013

4 Min Read
Dark Reading logo in a gray background | Dark Reading

The Syrian Electronic Army: 9 Things We Know

The Syrian Electronic Army: 9 Things We Know


(click image for larger view)
The Syrian Electronic Army: 9 Things We Know

Numerous online attacks against China have been traced back to U.S. servers. But unlike authorities in the United States, the Chinese government chooses to not point the finger, according to the head of the country's computer emergency response team.

"We have mountains of data, if we wanted to accuse the U.S., but it's not helpful in solving the problem," Huang Chengqing, the director of the National Computer Network Emergency Response Technical Team Coordination Center of China (CNCERT), told government-run media outlet China Daily Wednesday.

According to data published by CNCERT, in the first three months of 2013, 5.6 million systems in China were infected by malware tied to 13,400 command-and-control servers located overseas. Of those, more than half of infected systems -- 2.9 million PCs -- were controlled by about 4,000 command-and-control servers based in the United States. Meanwhile, 3,500 U.S. systems had been used to take over about 7,700 different websites located in China.

[ China has been blamed for a variety of intrusions. Read China Tied To 3-Year Hack Of Defense Contractor. ]

In the same timeframe, CNCERT reported that 54 U.S.-based IP addresses had "hijacked Chinese official websites to steal data," which according to China Daily included sites related to "government departments, key information systems and research institutions."

Despite the origin of the attacks, "it's hard to judge whether the U.S. government supported or got involved in the hacking," Huang said. "Besides, hackers can easily hide their real location and identities." As a result, he added, "technically it is irresponsible and unfounded for some people to talk about alleged hacking supported by the Chinese authorities." Huang's comments were published in advance of a two-day Chinese-American summit between President Obama and China's newly minted leader, President Xi Jinping, which is scheduled to occur this Friday and Saturday in California. His comments continue the People's Republic of China (PRC) party line, which is that the government isn't sponsoring espionage attacks against the United States.

The blame game against Chinese hackers has intensified in recent months. In February, a report from security firm Mandiant accused a Chinese army unit of having launched advanced persistent threat (APT) attacks against U.S. businesses. In March, Chinese Premier Li Keqiang rejected those accusations, saying that they amounted to a "presumption of guilt," and that "China does not support but indeed oppose such attacks."

But a confidential Department of Defense report from January 2013, portions of which were first published last month by The Washington Post, said that hack attacks attributed to state-sponsored Chinese attackers had been much more widespread than previously acknowledged, and had resulted in the compromise of data relating to cutting-edge military weapons systems and technologies that are critical to national security. Still, arguably every country with the capability to conduct online espionage operations against rival governments does so. What makes China's alleged hacking any different from operations that might be sanctioned by the U.S. government?

"China has been called out because it appears groups within China have been particularly aggressive about such acts, and also are indulging at intrusions and theft in a grand scale (perhaps a function of their large population)," information security expert Eugene Spafford, a professor of computer sciences at Purdue University and former member of the President's Information Technology Advisory Committee, recently told CNN.

"I've heard some officials refer to it as 'large scale hoovering of information.' I imagine that some U.S. officials hoped that the public condemnation might cause second-thoughts by the perpetrators and a lessening of the brazen intrusions, but that doesn't appear to have happened -- at least, news reports indicate that not much has changed," he said.

Apparently responding to that escalation in U.S. rhetoric, Huang said U.S. authorities have publicly aired accusations about the theft of secrets by Chinese hackers, rather than first attempting to work with his agency to launch an investigation. "Some cases can be addressed if they had talked to us, why not let us know? It is not a constructive train of thought to solve problems," he said.

Obviously, Huang's comments could be disingenuous, or reflect that he's not party to the Chinese government's alleged industrial espionage operations.

"The government of the PRC has firmly denied any such activity by their government," said Spafford. "However, I also don't know of any modern country that has admitted to large-scale espionage when accused of such. You may draw your own conclusions."

Either way, don't expect the back-and-forth accusations to stop anytime soon. "A year ago these things were being said behind closed doors and now the arguments are out in the open, which hopefully marks a step forward in achieving some level of detente with respect to cyber espionage," said ESET security researcher Stephen Cobb in a blog post. "Although that is probably a long way off."

Read more about:

2013

About the Author

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights