Chinese Cyber-Spying Shows Why U.S. Must Bolster Network Defenses

Despite Chinese government denials, the persistent, long-term threat of cyber-attacks from China makes it clear that U.S. businesses must find ways to detect and deter network incursions.  

Cyber-attacks said to be from state-sponsored Chinese hackers underscore the reasons why U.S. companies and government agencies should rapidly adopt the measures outlined in President Barack Obama's executive order on cyber-security signed on Feb. 12.

Obama recounted the theft of a vast range of intellectual property, trade secrets and operational details during his State of the Union address and called for federal agencies and companies in the private sector to join together in protecting the U.S. critical infrastructure.

Following the executive order, which does not have the force of law but can be enforced within the government's executive branch, the president called for greatly improved information sharing between the public and private sectors.

A report released on Feb. 19 by Mandiant Corp a week after Obama signed his executive lent further urgency to calls for the country to bolster IT security. But it also does more. The report shows many of the reasons why U.S. companies have to start taking security seriously.

Serious gaffes such as power-generation facilities that are taken offline for monthsbecause nobody thought to install antivirus software are simply unacceptable. Unfortunately, they're all too common as executives worry about minor expenses for security.

Meanwhile their networks are under constant attack, if not by Chinese hackers seeking trade secrets, then by criminals seeking any information they can sell or credit card numbers to steal. But clearly the greatest threat to even small companies are the state-sponsored cyber-attacks that seek to drain them of their intellectual property.

While the Mandiant report states that the company has traced the Chinese hacking activity to an area near Shanghai, this isn't the first time researchers have found their tracks. In 2011 researchers from Google found other state-sponsored hackers working out of Jinan, China. That same group of Chinese hackers was also reported to be responsible for a series of attacks against the United Nations and the U.S. government in an operation labeled "Shady Rat."

Since those revelations, Mandiant has traced just how the Chinese break into companies, and it makes clear that without a coordinated response, those attackers may get the upper hand. Mandiant has confirmed earlier findings that once Chinese hackers penetrate a corporate network, they will stay for long periods of time and take anything they find of value.

Mandiant reports that the Chinese hackers maintain access to companies for a year or longer. In one case they kept a stealthy watch at a target's network for nearly five years. The targeted industries are those that China has identified as strategic for future growth, according to the report.

"This group has a very wide appetite for intellectual property," said Dan McWhorter, managing director for threat intelligence at Mandiant. He said that the group will steal nearly anything that might be useful, including things such as time sheets and logistics information.

McWhorter added that companies have to move beyond just defending themselves against possible attacks and move to the point where they can detect when an attack is taking place and then determine the best response to it. "The focus has been about defense," he said. "But it's easier to play offense than defense. Detection and response are very important."

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...