China's decade-old cyberwar against the West

By Robert Lemos, CSO |  Security, China, security

Cyber espionage attacks from China are nothing new, but public awareness of the attacks is growing.

A report by news service Reuters published last week warned that Chinese spies, affiliated with the People's Liberation Army, are stealing massive amounts of data from the systems of Western governments. Information about the nearly decade-long series of attacks, dubbed "Byzantine Hades," appeared in the U.S. State Department memos leaked by Wikileaks last year. A November 2008 memo pointed to the most recent series of attacks, a subset of the operation referred to as "Byzantine Candor," as targeted operations against the U.S. government using social engineering and malicious attachments and links in e-mail messages.

Also see: What a cyber war with China might look like

"BC actors typically gain access with the use of highly targeted socially engineered e-mail messages, which fool recipients into inadvertently compromising their systems," the memo stated. "The intruders then install malware such as customized keystroke-logging software and command-and-control (C&C) utilities onto the compromised systems and exfiltrate massive amounts of sensitive data from the networks."

Attacks on government agencies and U.S. companies emanating from China are not new. In 2010, Google blamed China for a series of attacks that compromised the U.S. search giant and other companies. While initial reports said that nearly three dozen companies were breached, one intelligence official told Reuters that thousands of companies were targeted by the operation, dubbed Aurora by security firm McAfee.

While the Reuters report argues that China is leading the cyber espionage race, the United States capabilities are largely unknown, says Tim Belcher, chief technology officer for security firm NetWitness.

"To think that we don't have mature state capabilities, is naive," Belcher says. "I think where the difference is that most of the rest of the world don't make the distinction between commercial and government targets. They don't look at Google as a private company; they look at Google as an extension of the U.S."

Originally published on CSO |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question