Thursday, February 21, 2013

Chinese Army Latest in Hack Blame Game

Who should be blamed for the surging malicious exploits against US corporations and organizations over the last few years? Look no further than the People's Liberation Army of the People's Republic of China. Or, at least, that particular army unit that operates out of a downbeat office block in a suburb of Shanghai.

Regular readers will remember that Iran was getting the blame last month for a series of attacks on US financial institutions. But this doesn't just mean the news media is fickle in handing out blame. These latest accusations arise from a report published Tuesday by the security vendor Mandiant, which states:

APT1 is likely government-sponsored and one of the most persistent of China's cyber threat actors. We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support.

No prizes for guessing that:

People's Liberation Army (PLA's) Unit 61398 is similar to APT1 in its mission, capabilities, and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate.

Which brings us back to that office block.

Mandiant, the company that aided The New York Times in investigating its own recent hacking, is Kevin Mandia's creation. Mandia is not only a former Pentagon security officer, but also a former special investigator with the US Air Force.

The report is impressively thorough, and at least the information on which the allegations are based is transparently offered. In the case of the Iran accusations, we were offered little more than unattributed citations to government officials.

Whether China, Iran, or nongovernment actors are responsible, US enterprises should certainly be on notice, as never before, that their networks are being infiltrated with malicious intent. After all, if Burger King's Twitter feed can succumb ("Just got sold to McDonalds... FREDOM IS FAILURE" [sic]), nothing is sacred.

Back in 2011, McAfee was warning: "Every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact." Eighteen months later, is the enterprise any closer to a solution -- or improved defenses, at least? Perhaps more importantly, are we any closer to securing vital networks like the power grid?

You see, at the end of the day, what matters is not so much whether the People's Liberation Army is running exploits against The New York Times or whether the Leader of the Revolution (in Iran) is personally going under the handle "Martyr Izz ad-Din al-Qassam Cyber Fighters."

After all, it might be in US interests to make these accusations stick. It might be in China's interests to direct US attention on Iran, or vice versa. And, of course, it might be in some third party's interest to stir trouble.

What matters to enterprises and organizations is security, and that begins at home.

Related posts:

? Kim Davis Follow me on TwitterVisit my LinkedIn pageFriend me on Facebook, Community Editor, Internet Evolution

Thinkernetter

Wednesday February 20, 2013 7:31:25 PM

Great points, Kim, in acknowledging our need to "recognize" the threat and to build systems that increase our protection against the threats that could disrupt our power grids, economy, etc.?

Hopefully it is a wake-up call to the vulnerabilities and to a realization that these threats will grow, not diminish.? And, as Alison suggests, set up a collaborative network.? Note:? I totally agree, Alison, that fines are not going to impact the Chinese army.

This is somewhat similar to the awareness and reaction to the espionage and space threats we experienced with the Russians and the space program.? We woke up when we realized they were ahead of us.

DHagar

Thinkernetter

Wednesday February 20, 2013 5:02:16 PM

The AP is reporting that the president is planning to release his official response, if as Kim points out in his comment, the government can prove to its satisfaction that China is behind the attacks. Looks as though he's talking about fines, for the most part. While I realize you can't really publicly disclose a lot of things that go on in the diplomatic community, I don't think fining the Chinese Army is going to stop this from happening again.

Thinkernetter

Wednesday February 20, 2013 4:15:08 PM

I wonder how solid people think the Mandiant information is.? Tracing malefactors to a location said to be near a Chinese army base: is that good enough to conclude that the army was responsible, or that the hacks were officially sanctioned?

Thinkernetter

Wednesday February 20, 2013 3:29:39 PM

One of the most encouraging after-shocks was the fact that the New York Times, followed by the Wall Street Journal, cataloged a lot of information about the hacking and the steps it took afterward. This willingness to share was refreshing. But even more than that, it's smart. By pooling our efforts instead of viewing all this info as 'competitive,' we stand -- as a nation -- less likely to be brought under by a cyberenemy, no matter where it resides or who they are.

The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

previous posts from Security Clan Editor's Blog

Shodan is the search engine of a CISO's nightmares. It's showing us just how vulnerable our systems are. Is Google stealing your images? Surely not; it's only indexing them. But wait. The newly re-tooled Google Image Search sometimes delivers a full-size image. So how can Google call that an index entry and not... an image?

US banks are to get a break from the recent wave of DDoS attacks.

The password system is broken. That seems to be one thing we all agree on. But we're stuck with passwords (or at best, passwords plus security tokens) until someone comes up with something better. Now Google has joined the quest for alternative validation solutions.

IETV: the thinkerNet on film

Second Shooter
YouTube Payment Plan Could Get Complicated

2|4|13 ? | ? 2:10 ? | ? 5 comments

YouTube's move to a partial pay-for-view model could help relieve a dearth of good new content but it could also complicate debates in many parts of the world over payment by content providers for delivery of their material to customers.

an IBM information resource

sponsored content

big blue blog

Listen up, I?m not going to get all bent out of shape over what we?re apparently now referring to as ?Golfgate.?

an IBM information resource

sponsored content

CIOs & CMOs: Closing the Gap, Transforming the Enterprise
The past five years have transformed the roles of CIOs and CMOs. Those executives holding both of these C-suite positions are facing jobs with bigger challenges and more responsibility, thanks to reliance on digital technologies, the shift to analytics and big-data, and the changing nature of customer relationships in businesses of all kinds.

READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE!

REGISTER HERE
Wanted! Site Moderators
Internet Evolution is looking for a handful of readers to help moderate the message boards on our site ? as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?

Please email: moderators@internetevolution.com

Source: http://www.internetevolution.com/author.asp?section_id=679&doc_id=259279&f_src=internetevolution_sitedefault

Darla Moore newsweek Tony Scott UFC 151 empire state building Hurricane prince harry

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.