China To America: You Hack Us, Too

  /     /     /  
Publicated : 22/11/2024   Category : security


China To America: You Hack Us, Too


Difference is China doesnt point fingers, says head of Chinas computer emergency response team, even though it has mountains of evidence that U.S. snoops.



(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Numerous online attacks against China have been traced back to U.S. servers. But unlike authorities in the United States, the Chinese government chooses to not point the finger, according to the head of the countrys computer emergency response team.
We have mountains of data, if we wanted to accuse the U.S.
, but its not helpful in solving the problem, Huang Chengqing, the director of the National Computer Network Emergency Response Technical Team Coordination Center of China (CNCERT), told government-run media outlet
China Daily
Wednesday.
According to data published by
CNCERT
, in the first three months of 2013, 5.6 million systems in China were infected by malware tied to 13,400 command-and-control servers located overseas. Of those, more than half of infected systems -- 2.9 million PCs -- were controlled by about 4,000 command-and-control servers based in the United States. Meanwhile, 3,500 U.S. systems had been used to take over about 7,700 different websites located in China.
[ China has been blamed for a variety of intrusions. Read
China Tied To 3-Year Hack Of Defense Contractor
. ]
In the same timeframe, CNCERT reported that 54 U.S.-based IP addresses had hijacked Chinese official websites to steal data, which according to
China Daily
included sites related to government departments, key information systems and research institutions.
Despite the origin of the attacks, its hard to judge whether the U.S. government supported or got involved in the hacking, Huang said. Besides, hackers can easily hide their real location and identities. As a result, he added, technically it is irresponsible and unfounded for some people to talk about alleged hacking supported by the Chinese authorities. Huangs comments were published in advance of a two-day Chinese-American summit between President Obama and Chinas newly minted leader, President Xi Jinping, which is scheduled to occur this Friday and Saturday in California. His comments continue the Peoples Republic of China (PRC)
party line
, which is that the government isnt sponsoring espionage attacks against the United States.
The
blame game against Chinese hackers
has intensified in recent months. In February, a report from security firm Mandiant
accused a Chinese army unit
of having launched advanced persistent threat (APT) attacks against U.S. businesses. In March, Chinese Premier Li Keqiang
rejected those accusations
, saying that they amounted to a presumption of guilt, and that China does not support but indeed oppose such attacks.
But a confidential Department of Defense report from January 2013, portions of which were first published last month by
The Washington Post
, said that hack attacks attributed to state-sponsored Chinese attackers had been
much more widespread
than previously acknowledged, and had resulted in the compromise of data relating to cutting-edge military weapons systems and technologies that are critical to national security. Still, arguably every country with the capability to
conduct online espionage operations
against rival governments does so. What makes Chinas alleged hacking any different from operations that might be sanctioned by the U.S. government?

China has been called out
because it appears groups within China have been particularly aggressive about such acts, and also are indulging at intrusions and theft in a grand scale (perhaps a function of their large population), information security expert Eugene Spafford, a professor of computer sciences at Purdue University and former member of the Presidents Information Technology Advisory Committee, recently told CNN.
Ive heard some officials refer to it as large scale hoovering of information. I imagine that some U.S. officials hoped that the public condemnation might cause second-thoughts by the perpetrators and a lessening of the brazen intrusions, but that doesnt appear to have happened -- at least, news reports indicate that not much has changed, he said.
Apparently responding to that escalation in U.S. rhetoric, Huang said U.S. authorities have publicly aired accusations about the theft of secrets by Chinese hackers, rather than first attempting to work with his agency to launch an investigation. Some cases can be addressed if they had talked to us, why not let us know? It is not a constructive train of thought to solve problems, he said.
Obviously, Huangs comments could be disingenuous, or reflect that hes not party to the Chinese governments alleged industrial espionage operations.
The government of the PRC has firmly denied any such activity by their government, said Spafford. However, I also dont know of any modern country that has admitted to large-scale espionage when accused of such. You may draw your own conclusions.
Either way, dont expect the back-and-forth accusations to stop anytime soon. A year ago these things were being said behind closed doors and now the
arguments are out in the open
, which hopefully marks a step forward in achieving some level of detente with respect to cyber espionage, said ESET security researcher Stephen Cobb in a blog post. Although that is probably a long way off.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
China To America: You Hack Us, Too