.png)
CYBERWAR: The Chinese Communist Party has been developing cyberwarfare capabilities since the late 1990s. Cyberwarfare being conducted by a nation-state against the U.S. and abroad is gaining recognition as a serious threat to both national security and the US economy. (Courtesy of U.S. Department of Defense)
Cyberwarfare being conducted by a nation-state against private sector industries and government agencies in the United States and abroad is gaining recognition as a serious threat to both national security and the US economy.
A House intelligence committee hearing earlier this month concluded with calls urging collaboration between the intelligence community and the private sector, to put a halt to massive cyber-attacks being initiated by China.
According to House Permanent Select Committee on Intelligence Chairman Mike Rogers (R-Mich.), "The United States faces a significant and ongoing cybersecurity threat today; one that presents issues of national and economic security." In an opening statement, the chairman stated his concern "about the ‘death by a thousand cuts’ that we are suffering right now from cyber-espionage, being conducted every day against nearly every sector of our economy."
Rogers honed in specifically on the Chinese regime. "Attributing this espionage is not easy. But talk to any private sector cyber-analyst, and they’ll tell you that there is little doubt that this massive campaign is being conducted by the Chinese government.
“I don’t believe that there is a precedent in history for such a massive and sustained intelligence effort by a government agency, to blatantly steal commercial data and intellectual property,” Rogers concluded, adding that few victims are willing to talk about it publicly for fear of retaliation from China’s communist regime.
Rogers concluded by calling the level of China’s economic espionage "intolerable," adding that the United States and its Asian and European allies "have an obligation to confront Beijing, and demand they put a stop to this piracy."
Executive Chairman Arthur W. Coviello Jr., of private sector security specialists RSA, also attended the Oct. 4 hearing. RSA made the news in March, when security personnel "identified an extremely sophisticated cyber-attack" against their servers.
At a security conference earlier this month, RSA fell short of naming China specifically, blaming two separate hacker groups working for a nation-state for the attack.
The combined cost of the breach and subsequent recovery measures reached $66 million, according to a Washington Post article.
The compromise is believed to be related to a cyber-attack against defense contractor Lockheed Martin in May.
Despite what appears to be mounting evidence, such statements and accusations are frequently disputed by Chinese officials.
Hu Qiheng, president of the Internet Society of China, China’s official representative of the Internet industry, claimed to state-run media Xinhua that the U.S.’s accusation of China’s cyber-attacks are purely groundless, an effort intended to defame China and exaggerate the so-called “China threat.”
Investigative Evidence
Source: McAfee's White Paper 'Revealed: Operation Shady RAT.' (Courtesy of McAfee, Inc.)
A whitepaper by McAfee, titled, "Revealed: Operation Shady RAT"(remote administration tools), is an investigation report on the targeted intrusions into 70-plus global companies, governments, and nonprofit organizations during the last five years. The collaborating evidence suggests that the Chinese regime is the state actor behind the theft of protected information.
The report said several locations in China were found to have leveraged command-and-control (C&C) servers on purchased hosted services in the United States to compromise servers in the Netherlands, waging attacks to acquire proprietary and highly confidential information. The U.S. government, defense contractors, and electronics and energy industries were among those targeted.
In another McAfee publication titled, "Night Dragon: Global Energy Cyber-attacks," the security company identified an attacker based in Heze, Shandong Province, China. The perpetrator similarly used U.S.-based servers to host the "zwShell" C&C application that controlled computers across victim companies.
The attackers used techniques of social engineering and "spear phishing," an email spoof attack method, to penetrate target networks.
According to the report, McAfee determined that all of the identified data exfiltration activity occurred from Beijing-based IP addresses, and operated inside the victim companies on weekdays, from 9:00 a.m. to 5:00 p.m. Beijing time. This suggests that the involved individuals were “company men” working at a regular job, rather than freelance or unprofessional hackers.
In addition, the attackers employed hacking tools of Chinese origin that are prevalent on Chinese underground hacking forums.
A keyword search on a Chinese search engine using “Black Guest” (pun to English word Hacker) will generate a multitude of websites, discussion forums, and blogs providing study aids, and advice for Chinese hackers, from novice to master level.Next…Engaging the West
