Report: Chinese Far Outstrip U.S. Cyber-Spy Fight for Military, Business Secrets
By Kevin Fogarty
PCWorldApr 14, 2011 3:24 pm PDT
While most of the IT world was fretting over the break-in at Epsilon that probably netted some organized crime group a few million pre-confirmed email addresses, U.S. IT espionage specialists were finishing up a report showing the Epsilon hack is small potatoes compared to China.
Secret State Dept. cables held by WikiLeaks and given to Reuters by someone else, traced a series of attacks back to the Chinese government – one trace even identifying the specific unit of the Chinese military that launched it.
Code-named “Byzantine Hades,” the breaches represent attacks that have been going on since at least 2006 and are accelerating.
The change in target means corporate security has to change, too according to Scott Aken, vice president for cyber operations at SAIC.
Rather than assuming a good perimeter means tight security, end-user companies have to assume attackers will get through the first layer of defense, he said. Real protection means having security that can slow down or wall out attackers who already look like legitimate users.
“Sophisticated attackers infiltrate a network, steal valid credentials on the network, and operate freely – just as an insider would,” Aken said in the report. “Having defensive strategies against these blended insider threats is essential, and organizations need insider threat tools that can predict attacks based on human behavior.”
The most common method of attack is spear-phishing – directing phony email requests at people with legitimate access to get entry credentials for a specific network.
Once into a network, hackers install keyloggers and command-and-control programs that gather other usernames and passwords, and give attackers control over systems attached to the network, where they can work unimpeded.
The technique is so successful military and civilian security specialists have almost given up keeping attackers out completely.
The Center for Strategic and International Studies (CSIS) in Washington – a think tank specializing in security – have been negotiating with the Chinese over digital conflicts between the two countries’ militaries, law enforcement and trade groups. So far with no progress on the cyberwar front.
CSIS itself was the target of a spear-phishing attack containing malicious code that could be tentatively traced to China.
Though it contains little about American capabilities or practice, the report concludes that in agressiveness, volume and success rate, the Chinese cyberattackers are scoring far higher than their U.S. counterparts.
Which doesn’t mean the Epsilon email snatch was small potatoes. It was big potatoes.
Epsilon is just lucky they didn’t take the whole kitchen.