Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Chinese hackers master the art of lying in wait

Jaikumar Vijayan | May 9, 2013
What they are really good at is remaining hidden, security experts say in wake of Pentagon report

The remarkable success that Chinese state-sponsored groups have had in infiltrating U.S. government, military and corporate networks in recent years should not be mistaken as a sign of growing technical superiority over the U.S. in cyberspace, security experts said.

Chinese state-sponsored hacking groups are no more -- or less -- sophisticated than criminal and politically motivated cyber groups anywhere. What's made them different is their targeting of victims, their persistence and their ability to stay hidden in a breached network for extended periods.

The Pentagon on Monday released a report accusing China of performing cyberespionage intended to modernize its defense and high technology industries.

The unusually candid report warned of Chinese policymakers and military planners using stolen information to build a picture of U.S. defense networks, logistics and related military capabilities that could be exploited during a crisis. The espionage activities are helping China build a sophisticated electronic warfare capability designed to neutralize U.S. technological superiority in traditional warfare and other areas, the report cautioned.

The report marked the first time the U.S government has officially said what many others in industry, and even within government, have said for years about the Chinese government's support for cyberespionage.

As ominous sounding as the report is, the reality is more mundane, according to several security experts.

"The Chinese don't have super duper techniques," said John Pescatore, director of emerging security trends at the SANS Institute in Bethesda, Md. "They are not smarter in software than us. If they are, we would see them starting up new companies," instead of engaging in espionage, Pescatore said.

While state-sponsored hackers in China likely have an arsenal of zero-day vulnerabilities and new attack techniques, in most cases, they have only had to exploit commonly available vulnerabilities and techniques to gain a foothold on a target network.

"It's not that the Chinese have some unbeatable way of breaking into a network. What is innovative is their targeting," Pescatore said. U.S. contractors and defense companies that are often the target of Chinese espionage efforts should not be too concerned about where the attacks are coming from, he said. Instead, they should simply focus on shutting down the basic vulnerabilities and configuration errors that enable attackers to breach their networks.

"What we have definitely seen from China over the years is that they use the least amount of force necessary to accomplish their goals," said Dan McWhorter, managing director of threat intelligence at security firm Mandiant. "If you are not very savvy at keeping people out, they will use the lowest level of tools and their easiest means to get in. If you are a sophisticated company, they will up their game."


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.