Chinese hackers master art of lying low

State-sponsored cybercriminals use simple weapons to infiltrate U.S. networks, and then quietly steal data while remaining undetected.

By , Computerworld |  Security

China's remarkable success at infiltrating U.S. government, military and corporate networks in recent years shouldn't be seen as a sign that the country is gaining on the U.S. lead in cybertechnology expertise.

State-sponsored hacking groups in China are no more -- or less -- sophisticated than criminal and politically motivated cybercrime gangs elsewhere. The difference, experts say, is how the Chinese hackers target victims, their persistence and their ability to lie low and secretly maintain access to breached networks for long periods of time.

The U.S. Department of Defense earlier this month, in a departure from its usually thinly veiled innuendos, openly accused state-sponsored hacking groups in China of launching cyberattacks aimed at extracting information from the U.S. government, military and businesses.

Outside of the Pentagon, such allegations aren't new. Security experts and major corporations like Google and Microsoft have long maintained that hackers in China use cyberattacks to steal military, government and corporate secrets.

The Chinese government has denied that it coordinates hacking campaigns.

However, said Anup Ghosh, CEO and founder of security firm Invincea, "the acknowledgement by the Pentagon is a first step in publicly declaring the threat."

Though the tone of the government's report on Chinese cybercrime is ominous, the reality of cyber expertise in the country is more mundane, say security experts.

"It's not that the Chinese have some unbeatable way of breaking into a network," said John Pescatore, director of emerging security trends at the SANS Institute. "What is innovative is their targeting."

Pescatore said U.S. contractors and defense and high-tech companies that could be targets of Chinese espionage efforts should be less concerned about the origin of the attacks than about the need to shut down basic vulnerabilities and fix configuration errors in their corporate networks.

While China likely does have an arsenal of attack techniques and zero-day assault tools, it usually "uses the lowest level of tools and the easiest means to get in" to networks, said Dan McWhorter, managing director of threat intelligence at security firm Mandiant. If the Chinese hackers do come up against a sophisticated company, "they will up their game," he added.

Many of the hackers operating out of China have become adept at stealing legitimate corporate network credentials and then using them to log in as an employee, McWhorter said.

Originally published on Computerworld |  Click here to read the original story.
Join us:






Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Ask a Question