How the Dots Connect Hacks to ChineseSuspicion Grows Even with No Smoking Gun
Proof that China is behind a string of highly publicized cyberattacks against elite media sites isn't definitive. But the circumstantial evidence that the Chinese government and military are behind many cyberattacks seems highly credible, according to a paper issued by Mandiant.
See Also: A CISO's Guide to Communicating Risk
Mandiant is the IT security company hired by the likes of The New York Times [see N.Y. Times' Transparent Hack Response], the State of South Carolina [see Stolen Password Led to South Carolina Tax Breach] and countless others that have been hacked, and want to know who's behind these breaches and what to do to prevent such attacks.
The paper entitled Chinese Leadership Change and the Advanced Persistent Threat was published late last month before The New York Times, Wall Street Journal, Washington Post and Twitter [see Twitter, Washington Post Report Cyberattacks] revealed that they've been assaulted, most likely by hackers working for or supported by the Chinese government. Written by Mandiant strategic analyst Christopher Lew, the paper draws its conclusions, not by the investigations the company has conducted for clients, but by analyzing the actions of the new Chinese government.
Lew says the background of China's new leaders, including Communist Party General Secretary and President Xi Jinping, and the nature of the Chinese government itself mean that not only will cyber-espionage continue but likely will grow.
Xi also serves as chairman of the Central Military Committee, an important post because the Chinese military, the Peoples Liberation Army, or PLA, provides many of the nation's cyberwarriors.
Cybersphere: Important Battlefield
"The PLA views the cybersphere as an important battlefield in the present and future, and accordingly is training personnel and building infrastructure for cybernetwork operations at a prodigious rate," Lew writes. "On the commercial side, the cutthroat nature of business in the PRC [People's Republic of China] and Chinese companies' spotty records in adhering to intellectual property laws have created an environment conducive to data theft. Together, the availability of trained personnel, tools, methodology and companies that are willing to cut corners or to not ask questions regarding the sources of information make for a profitable hacking industry."
China's growing economy depends on state-owned enterprises that need next-generation technology. That makes corporate cyber-espionage an attractive too. "The need to keep costs of research and development low, to continue rapid economic growth and the general lack of negative consequences for conducting computer network operations all points towards a continuation and expansion of current APT activities."
Lew offers bleak predictions, at least from a Western perspective, on the Chinese use of cyber-attacks:
- Without being caught red-handed and publically condemned at a diplomatic and political level, there will likely be no reason for this or the next generation of leadership to change the environment within China that has generated the advanced-persistent-threat groups.
- Leadership in China will be increasingly determined less by merit or power, but by acceptability to the widest range of factions and interests.
- In future budget and policy discussions within the Chinese Communist Party, entities conducting computer network operations are anticipated to engender widespread support from a variety of factions.
- China will not likely seek to curtail cyber-espionage through legislation or in reaction to the current level of international criticism.
Lew says some Western companies express reluctance to point a finger at the Chinese as an instigator of cyber-attacks because of its attractive and sizeable market. "We understand the importance of China in the global economy and that failure to take advantage of that market could be fatal," he says.
But he concludes his paper with the following: Understanding what the Chinese advanced-persistent-threat groups seek, how they will acquire this information and what their activities mean in the larger scheme of China's strategic issues is the first step to gauge the level and scope of the problem. "From there," he writes, "a mix of preventive measures, both technical and strategic and based off analysis of APT behavior and intents, and effective remediation in the event of the inevitable penetration, can go a long way to combating the current and future threat."