Putting Chinese hacking into perspective:
When 600 senior IT security managers were asked which state actor was most likely to engage in cyberattacks, the top response was the US (36 percent), even among traditional US allies.
It's a slightly bizarre assumption that "traditional US allies" would, for that reason, blame someone else. Now I’m obviously not denying that some actors in China are hacking, though right now I think that in China if anything is identified as having a sales value some group or individual will be right on to it before anyone in the government has realised. That’s not to say the Chinese state isn’t hacking but here, as elsewhere, it’s a matter of catching up. Anyway, per Bruce Schneier, the Google attacks exploited a back door left to enable US government surveillance. Ultimately it’s just about predators and prey.
The whole article’s worth a read. The development of hacking from techno hippies and slightly crazed idealists to crooks and spooks looks remarkably like the evolution of the drug trade back in the seventies.
I don't think the notion of "which state will engage in cyberattack" is meaningful. Attacks happen, continuously. Who benefits is a separate question and one of secondary importance. That the US is ahead is probably a sort of race memory of the era when the NSA could claim to pull in the world's telecoms - when it all went by satellite or microwave, or later, by fibre routes crossing the US. But you can't spy on fibre that doesn't cross your territory with anything like the ease you can with radio. You need physical taps and (obviously) independent connectivity back to your home base.
It is true that a lot - in fact, a hell of a lot - of malware activity originates from Chinese networks. I will shortly do another post pulling together data on this. However, this is insufficient to imply intent, or to conclude that they benefit. Being a netadmin for a big Chinese institution is probably hellish, because the Chinese Internet is a sink of horrors and there's no reason they'll leave you alone.
A few years ago, Beijing was the biggest concentration of compromised Windows machines on earth. It probably still is, but I've not seen the data for the last couple of years. The explanation is that, despite the heavily concentrated and state-influenced telecoms industry, there are a hell of a lot of organisations hooking up to the Internet, and there are a hell of a lot of people getting Windows PCs with Internet connections, many of whom are running out-of-date installs that don't get patched because they didn't pay for them.
They get hacked, they get recruited in botnets, the next day it's a Chinese hacker story. It used to be the same with some EU networks and some US states. But it tells you next to nothing that the 5,000 windows boxes hammering your SSL server are on Jin-rong Street's Beijing province network - you need to deal with the C&C server that gives them their orders, which could be literally anywhere, and which will require more advanced investigation to find.
Posted by: Alex | February 04, 2010 at 11:51 PM
That the US is ahead is probably a sort of race memory of the era when the NSA could claim to pull in the world's telecoms - when it all went by satellite or microwave, or later, by fibre routes crossing the US
Interestingly, I read somewhere recently (the NYRB?) that they never actually managed to crack the USSR's codes, and so were basically having to resort to patterns analysis.
That said, my father-in-law worked for C&W in the 70s and 80s installing telecommunications satellite dishes - he certainly mixed with the edges of the spook world at the time.
Posted by: Richard J | February 05, 2010 at 09:30 AM
The development of hacking from techno hippies and slightly crazed idealists to crooks and spooks looks remarkably like the evolution of the drug trade back in the seventies.
Word.
Posted by: Barry Freed | February 05, 2010 at 03:08 PM