Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Does U.S. business stand a chance of keeping Chinese cyber-spies out of its data?

Ellen Messmer | May 23, 2014
The U.S. Department of Justice, working with the FBI, this week took the unprecedented step of indicting five Chinese army officers for allegedly breaking into the networks of American companies and a labor union to steal trade secrets of use to Chinese businesses.

Such charges sprang to life in the Snowden leaks, one being that the NSA hacked into Huawei's network, points out Richard Stiennon, senior research analyst with IT-Harvest.

Where do we go from here?

On the plus side, Stiennon says that the U.S. in the new indictment has provided details in methodologies and targets that were only hinted at in veiled warnings before. He says the spear-phishing attacks used by the accused PLA members "were not sophisticated at all. There are plenty of simple technologies available to counter them."

Is there really hope for a resolution in which China might agree to follow cyber-espionage "rules of the road" along the lines of what the U.S. would want?

"There's definitely room for agreement here," says Kroll's Ryan, noting that some countries actually do have such agreements in place. The U.S. has enough cyber-intelligence-gathering ability that it could probably detect if China were adhering to such rules.

If confrontations over state-sponsored hacking keep mounting, it's possible that Congress might step in and change the law to allow the NSA and other U.S. government agencies to share stolen information gained through cyber-espionage with U.S. companies for their advantage. Though arguments can be made to change current law, that would not necessarily be the best decision, Ryan adds.

Tom Cross, director of research at network security and monitoring firm Lancope, expressed hope that there might be a way to carve out "a set of international norms regarding cyber espionage." There needs to be dialog about "what is and is not an acceptable target" that might eventually lead to a "clear legal framework."

The Chinese military's Unit 61398 in Shanghai believed to do be doing all this hacking of U.S. companies became widely heard of a year ago when Mandiant, since acquired by FireEye, issued a report based on its own research. The Chinese strongly refuted the report's findings.

Nart Villenueve, senior threat intelligence researcher at FireEye, says the five suspects named in the new indictment are just some of the players associated with what his firm calls the "APT1" group. There are many more groups doing something similar around the world, he adds. One clear value in the actions taken this week by the DoJ against cyber-espionage is that they show the scale of what is happening to U.S, companies, among others.

The Chinese cyber-attacks are typically carried out remotely from China behind network hops in servers, many of them compromised machines in the U.S., for purposes of plausible deniability, Villenueve says. FireEye's research indicates the cyberattacks typically adhere to a workday schedule. "The attackers are most active 8 AM to 5 PM, Chinese stand time," he says. Villenueve says he doesn't know if it's possible for the U.S. and China to reach an agreement on cyber-espionage rules of the road, though talk about cyber-treaties has been floated for a long time.

 

Previous Page  1  2  3  4  Next Page 

Sign up for Computerworld eNewsletters.