Category Archives: china espionage

U.S. Not Afraid To Say It: China’s The Cyber Bad Guy : NPR

American officials have long complained about countries that systematically hack into U.S. computer networks to steal valuable data, but until recently they did not name names.

In the last few months, that has changed. China is now officially one of the cyber bad guys and probably the worst.

“We know, and there’s good evidence … of very deliberate, focused cyber espionage to capture very valuable research and development information, or innovative ideas, or source code or business plans for their own advantage,” says Mike McConnell, a former director of national intelligence and before that, the director of the National Security Agency.

It’s the Chinese he’s talking about, though other countries — like Russia — also engage in cyber espionage to gain a competitive edge. China stands out as especially aggressive.

“China does not care what other people think,” says Richard Bejtlich, the chief security officer at MANDIANT, a company that helps firms deal with cyber intrusions.

“Culturally, they are very interested in being seen as responsible, but when it comes to their actual work on the ground, if you try kicking them out of your network on a Friday, they’re back on a Monday,” he says.

via U.S. Not Afraid To Say It: China’s The Cyber Bad Guy : NPR.

Advertisements

Joint Chiefs Chair: Chinese Hackers ‘Not Necessarily Hostile

This headline from CNN – “Joint Chiefs Chair: Chinese Hacking Not Necessarily a Hostile Act” – reads like it came from the Onion. But don’t jump into your bunker yet – the reasoning behind this apparently blissfully naive statement by General Martin Dempsey is at least slightly plausible:

Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff, said he “believe(s) someone in China is hacking into our systems and stealing technology and intellectual property, which at this point is a crime.”

But Dempsey said in testimony to the Senate Armed Services Committee that he cannot attribute the Chinese hacking to China’s military, the People’s Liberation Army (PLA).

Asked by Sen. Lindsey Graham, R-South Carolina, that if it could be proven that the PLA was behind a hacking of the defense infrastructure, whether it would it be considered a “hostile act,” Dempsey said such wasn’t necessarily the case.

Now, you can quibble over the semantics in this. A cyberattack on the United States’ defenses might not come from the Chinese government itself – though one has to wonder how much privacy hackers enjoy, given China’s notoriously censor-happy culture. Moreover, even if a private hacker was good enough to evade the Chinese government’s own crop of cybersecurity experts and bypass our security, it’s fairly obvious that the hacker in question would be able to sell his method for a very high price.

via Joint Chiefs Chair: Chinese Hackers ‘Not Necessarily Hostile’ | TheBlaze.com.


China’s Hacking Of U.S. Remains A Top Concern : NPR

U.S officials have long complained about countries that systematically hack into U.S. computer networks to steal valuable data, but until recently they did not name names.

In the last few months, that has changed. China is now officially one of the cyber bad guys and probably the worst.

“We know and there’s good evidence … of very deliberate, focused cyber espionage to capture very valuable research and development information, or innovative ideas, or source code or business plans for their own advantage,” says Mike McConnell, a former director of national intelligence and before that the director of the National Security Agency.

It’s the Chinese he’s talking about, though other countries also engage in cyber espionage to gain a competitive edge. Russia, for example, but China stands out as especially aggressive.

“China does not care what other people think,” says Richard Bejtlich, the chief security officer at MANDIANT, a company that helps firms deal with cyber intrusions. “Culturally they are very interested in being seen as responsible, but when it comes to their actual work on the ground; if you try kicking them out of your network on a Friday, they’re back on a Monday.”

The increased willingness of the U.S. government to point a finger at the Chinese dates from an official report released last October that identified them “as the world’s most active and persistent perpetrators of economic espionage.”

via China’s Hacking Of U.S. Remains A Top Concern : NPR.


China Cyber Attack Threat

It is clear that cyber warfare will be part of any future conflict and we must become prepared for that type of combat here on the homeland front.

Two recent NPR stories highlighted the continuing potential for cyber attacks.  One focused on the threat that China poses and the other story on what we should be doing in general to legislate cyber defenses for the private sector and our critical infrastructure–the vast majority of which is owned and operated by private business.

It is clear to me that China is actively working to determine the how best to attack our military and industrial complexes.  The cyber war of the future has already begun.  Going back to my military training let’s consider what it is that they are doing.

via China Cyber Attack Threat.


Are Chinese Telecoms acting as the ears for the Sri Lankan government?

The title is inspired by the article Are Chinese Telecoms Acting as the Ears for Central Asian Authoritarians? published in Eurasianet.org, examining the probable role of Chinese telecoms firms, notably Huawei and ZTE, in espionage and surveillance. The article notes that both ZTE and Huawei have signed contracts worth tens of millions of US dollars with governments in Central Asia, not known for their democratic credentials. The article also flags an on-going US congressional committee probe into the two companies in particular, and how the telecoms products (like USB dongles) and possibly even services  (including underlying network technologies and infrastructure) aid espionage. As the article avers,

via Are Chinese Telecoms acting as the ears for the Sri Lankan government? – Groundviews.


Hacked: How China is stealing Americas business secrets

Sen. John Kerry is fed up with Chinas penchant for looting technology from U.S. businesses — up to $400 billion worth of data each year. When will it stop?POSTED ON FEBRUARY 16, 2012, AT 3:52 PMChinese gamers at an internet cafe: Sen. John Kerry D-Mass. says Chinese hackers are illegally stealing business secrets from American firms. Photo: Imaginechina/Corbis SEE ALL 54 PHOTOSChinese Vice President Xi Jinping, slated to be the next leader of the worlds most populous nation, is getting an earful from U.S. officials over Chinas shady business practices. During Xis first official tour of the U.S. this week, Sen. John Kerry D-Mass. accused a Chinese company of bankrupting a U.S. competitor by ransacking its software. And thats just the tip of the iceberg, alleges Kerry, implicating China in “cyber-attacks, access-to-market issues, espionage [and] theft.” And, indeed, a flurry of recent reports indicate that Chinese hackers, backed by the government, are stealing business secrets from the U.S. Here, a guide:

via Hacked: How China is stealing Americas business secrets – The Week.


Cyber-Spies Intercepted Sensitive Files, Emails From Nortel: Report – Security – News & Reviews – eWeek.com

Attackers breached Nortel and had free rein to spy on its internal network and communications from 2000 to 2009, according to an internal report. As usual, China is the prime suspect.

Chinese hackers allegedly breached telecommunications company Nortel in 2000 and these cyber-spies gained access to reams of sensitive technical documents, as well as internal communications and email, for nearly 10 years, according to a report in The Wall Street Journal.

The attackers, suspected of being based in China, breached the network using stolen credentials and installed spying software deep within the company’s networking environment to gain access to all documents and communications, the Journal reported Feb. 14. The breach appears to date as far back as 2000, Brian Shields, the former senior advisor for systems security at Nortel who led the internal investigation, told the paper.

via Cyber-Spies Intercepted Sensitive Files, Emails From Nortel: Report – Security – News & Reviews – eWeek.com.


McConnell, Chertoff and Lynn: Chinas Cyber Thievery Is National Policy—And Must Be Challenged – WSJ.com

By MIKE MCCONNELL, MICHAEL CHERTOFF AND WILLIAM LYNNOnly three months ago, we would have violated U.S. secrecy laws by sharing what we write here—even though, as a former director of national intelligence, secretary of homeland security, and deputy secretary of defense, we have long known it to be true. The Chinese government has a national policy of economic espionage in cyberspace. In fact, the Chinese are the worlds most active and persistent practitioners of cyber espionage today.Evidence of Chinas economically devastating theft of proprietary technologies and other intellectual property from U.S. companies is growing. Only in October 2011 were details declassified in a report to Congress by the Office of the National Counterintelligence Executive. Each of us has been speaking publicly for years about the ability of cyber terrorists to cripple our critical infrastructure, including financial networks and the power grid. Now this report finally reveals what we couldnt say before: The threat of economic cyber espionage looms even more ominously.

via McConnell, Chertoff and Lynn: Chinas Cyber Thievery Is National Policy—And Must Be Challenged – WSJ.com.


Sykipot Trojan targets US DoD smart cards

SECURITY RESEARCH OUTFIT Alienvault has revealed that Chinese cyber criminals are using malware to hack smart cards used by the US Department of Defence (DoD).

The latest strain of the backdoor access Trojan called Sykipot is being used to gain remote access to protected resources. A spear phishing technique is used to persuade the target to open a pdf file that lets the malware loose. It then uses a basic keylogger to steal credentials of cards used in the reader.

via Sykipot Trojan targets US DoD smart cards – The Inquirer.


China’s Cyber Command | China Power

Chinese analysts and officials like to point out that it was the United States that first set up Cyber Command and thus, in their view, militarized cyberspace. Yet Chinese military thinkers are clearly thinking about what type of organizations and institutions they will need to conduct offensive cyber operations and to defend their own networks against attacks. An interesting piece in China Defense Daily lays out some of the characteristics necessary for “a highly effective command system for cyber war mobilization.”

— Military and civilian networks are interconnected, and the resources needed for cyber war permeate society; military units, social organizations, and even individuals “will all possibly become combat forces during a cyber war.”

via China’s Cyber Command | China Power.