The shoe is on the other foot as the Chinese government said the United States was the biggest source of foreign-based cyber-attacks hitting China in 2010.
Nearly half the
cyber-attacks hitting Chinese systems, whether they are botnets, Trojans or Web
attacks, originate abroad, and the United States is the source for the largest
share, Chinese officials said.
Close to 493,000 Trojan
attacks hit Chinese systems in 2010, with nearly half originating from outside
the country, China's National Computer Network Emergency Response technical
team said Aug. 10, according to a report from the state
news service Xinhua. Of the 221,000 attacks identified as originating from
outside China, 14.7 percent came from the United States and 8.8 percent from
India, CNCERT officials said.
Most of the attacks came in
the form of malicious "Trojan" software used by hackers to gain
access to target computers, according to Zhou Yonglin, head of the CNCERT/CC's
operation and management department. China is facing "serious
threats" as various cyber-viruses and worms continuously mushroom, Zhou
The government officials
said it detected 13,782 IP addresses with botnet viruses in 2010, of which 47
percent, or 6,531 addresses, were receiving instructions from botnets based in
foreign countries. The top three countries were the U.S., with 21.7 percent;
India, with 7.2 percent; and Turkey, with 5.7 percent.
The agency also found that
35,000 Websites in China had been hacked in 2010, a 67 percent increase from
2009. Of the hacked sites, 13 percent, or 4,635 sites, were government-run
Websites and appear to be the work of politically or religiously motivated
individuals in Turkey, Xinhua reported.
The domestic attacks
targeted mainly financial institutions and online payment platforms by tricking
users into giving up their log-in credentials, according to the report.
These figures will be
included in CNCERT's upcoming annual report, expected later this week. The
report follows a similar CNCERT report from April that found that 10 million
PCs in China had been controlled by Trojans in 2010, almost triple the number
of infected computers from 2009. CNCERT has said in the past that the Trojans
were traced back to the U.S., Taiwan and India.
The Chinese government has
steadfastly denied claims from the U.S. security community that it was behind
many of the recent high-profile cyber-attacks. Researchers at Dell Secureworks
have traced back several large campaigns to two groups in China, and said it
found hints that one of the gangs was involved with the attack on RSA Security
Separately, McAfee researchers
claimed to have found evidence that a single country may have been behind a
massive cyber-operation that hit
major companies, nonprofits and government agencies around the world. Even
though McAfee didn't name the country, many fingers are being pointed at China.
Chinese government media
said the accusation was "irresponsible."
The CNCERT report may be a
way for China to fire back at the accusations by pointing out that China
was under attack, too, and that many of the attackers were coming from the
"China needs to join
hands with other countries to fight against cyber-attacks as the country has
become one of the world's biggest victims of the menace," Xinhua reported.
Practically every time a
cyber-attack is revealed, China
gets blamed. While it's likely that China uses the Internet to spy on other
countries, "just about every country around the world" is doing the
same, said Graham Cluley, a security consultant with security technology firm
It's also a challenge to say
definitely where attacks are coming from, since the malicious perpetrators can
easily use proxy servers to hide their tracks. With attacks being launched by
compromised machines around the world, it is difficult to find out who the
person actually giving commands is, or where the person is based.
"We cannot say for
certain that the hackers were located abroad simply because their Internet
Protocol addresses were located in other countries," Zhou said, adding
that by the same token, CNCERT couldn't say the "Chinese hackers"
were actually in China just based on IP addresses.
CNCERT did not provide any
details on the Trojan attacks or the kind of systems that had been targeted by
the Trojans. It also did not explain the methodology used to calculate the
numbers in the report.