1
Feb

China’s campaign of cyber attacks has reached epidemic proportions. Can anything be done to stop it?

By Adam Segal

In an extraordinary story that has become depressingly ordinary, the New York Times reports that Chinese hackers “persistently” attacked the newspaper, “infiltrating its computer systems and getting passwords for its reporters and other employees.” The attacks began around the time journalists were preparing a story on the massive wealth the family of China’s Prime Minister Wen Jiabao has allegedly accumulated, but the methods, identification, and apparent objectives of the hackers have been seen before in previous attacks on defense contractors, technology companies, journalists, academics, think tanks, and NGOs. Bloomberg, which published a story on the wealth of the family of Xi Jinping, China’s top leader, has also been reportedly attacked.  While just one case in a sweeping cyber espionage campaign that appears endemic, the attack on the Times does highlight both the willingness of Beijing lean out and shape the narrative about China as well as the vulnerability the top leadership feels about how they are portrayed.

As with many cases of cyber espionage, the break-in is assumed to have started with a spear-phishing email, a socially engineered message containing malware attachments or links to hostile websites. In the case of the attack on the security firm RSA in 2011, for example, an email with the subject line “2011 Recruitment Plan” was sent with an attached Excel file. Opening the file downloaded software that allowed attackers to gain control of the user’s computers. They then gradually expanded their access and moved into different computers and networks.

Once in, the hackers are pervasive and fairly intractable. The hackers involved in the attacks on the British defense contractor BAE Systems, for example, were reportedly on its networks for 18 months before they were discovered; during that time they monitored online meetings and technical discussions through the use of web cameras and computer microphones. According to Jill Abramson, executive editor of the Times, there was no evidence that sensitive information related to the reporting on Wen’s family was stolen, but in previous cases hackers encrypted data so that investigators had a difficult time seeing what was actually taken.

Evidence that the hackers are China-based in all of these cases is suggestive, but not conclusive. Some of the code used in the attacks was developed by Chinese hacker groups and the command and control nodes have been traced back to Chinese IP addresses. Hackers are said to clock in in the morning Beijing time, clock out in the afternoon, and often take vacation on Chinese New Year and other national holidays. But attacks can be routed through many computers, malware is bought and sold on the black market, groups share techniques, and one of the cherished clichés of hackers is that they work weird hours. Read more…

Adam Segal is the Maurice R. Greenberg senior fellow in China Studies at the Council on Foreign Relations.

As published in www.foreignpolicy.com on January 31, 2013.

Comments

The People April 1, 2014 - 10:46 am

Melish…

China’s campaign of cyber attacks has reached epidemic proportions. Can anything be done to stop it? By Adam Segal In an extraordinary story…

Leave a Comment

*

We use both our own and third-party cookies to enhance our services and to offer you the content that most suits your preferences by analysing your browsing habits. Your continued use of the site means that you accept these cookies. You may change your settings and obtain more information here. Accept