As few as 12 different Chinese groups, largely backed or directed by the government, do the bulk of the China-based cyberattacks stealing critical data from US companies and government agencies, according to US cybersecurity analysts and experts.
The aggressive, but stealthy attacks, which steal billions of US dollars in intellectual property and data, often carry distinct signatures allowing US officials to link them to certain hacker teams. And, analysts say the US often gives the attackers unique names or numbers and at times can tell where the hackers are and even who they might be.
Sketched out by analysts who have worked with US companies and the government on computer intrusions, the details illuminate recent claims by US intelligence officials about the escalating cyberthreat emanating from China. And the widening expanse of targets, coupled with the expensive and sensitive technologies they are losing, is putting increased pressure on the US to take a much harder stand against Beijing.
It is impossible for the US to prosecute hackers in China, since it requires reciprocal agreements between the two countries and it is always difficult to provide ironclad proof that the hacking came from specific people.
Several analysts described the Chinese attacks, speaking on condition of anonymity because of the sensitivity of the investigations and to protect the privacy of clients. China has routinely rejected allegations of cyberspying and says it is also a target.
“Industry is already feeling that they are at war,” said James Cartwright, a retired US Marine General and former Joint Chiefs of Staff vice chairman.
A recognized expert on cyberissues, Cartwright has come out strongly in favor of increased US efforts to hold China and other countries accountable for the cyberattacks that come from within their borders.
“Right now we have the worst of worlds,” Cartwright said. “If you want to attack me you can do it all you want, because I can’t do anything about it. It’s risk free and you’re willing to take almost any risk to come after me.”
He said the US “needs to say: ‘If you come after me, I’m going to find you, I’m going to do something about it. It will be proportional, but I’m going to do something ... and if you’re hiding in a third country, I’m going to tell that country you’re there, if they don’t stop you from doing it, I’m going to come and get you.’”
Cyberexperts agree and say that companies are frustrated that the government is not doing enough to pressure China to stop the attacks or go after hackers in that country.
Much like during the Cold War with Russia, officials say the US needs to make it clear that there will be repercussions for cyberattacks.
The government “needs to do more to increase the risk,” said Jon Ramsey, head of the counter threat unit at the Atlanta-based Dell SecureWorks, a computer security consulting company. “In the private sector we’re always on defense. We can’t do something about it, but someone has to. There is no deterrent not to attack the US.”
Cyberattacks originating in China have been a problem for years, but until a decade or so ago analysts said the probes focused mainly on the US government — a generally acknowledged intelligence gathering activity similar to the US and Russia spying on each other during the Cold War.
However, in the past 10 to 15 years, the attacks have gradually broadened to target defense companies and then other critical industries, including those in energy, finance and other sectors.
According to Ramsey and other cyberanalysts, hackers in China have different digital fingerprints, often visible through the computer code they use or the command and control computers that they use to route their malicious software through.
US government officials have been reluctant to tie the attacks directly back to the Chinese government, but analysts and officials quietly say that they have tracked enough intrusions to specific locations to be confident they are linked to Beijing — either the government or the military. And, they add that they can sometimes glean who benefited from a particular stolen technology.
One of the analysts said investigations show that the dozen or so Chinese teams appear to get “taskings,” or orders, to go after specific technologies or companies within a particular industry. At times, two or more of the teams appear to get the same shopping list and compete to be the first to get it or the one with the greatest haul.
Analysts and US officials agree that a majority of the cyberattacks seeking intellectual property or other sensitive or classified data are done by China-based hackers. While much of the cyberattacks stealing credit card or financial information come from Eastern Europe or Russia.
According to experts, the malicious software or high-tech tools used by the Chinese have not gotten much more sophisticated in recent years. However, the threat is -persistent, often burying malware deep in computer networks so it can be used again and again over the course of several months or even years.
The tools include malware that can record keystrokes, steal and decrypt passwords, as well as copy and compress data so it can be transferred back to the attacker’s computer. The malware can then delete itself or disappear until needed again.
Several specific attacks linked to China include:
Two sophisticated attacks against Google’s systems that stole some of the Internet giant’s intellectual property and broke into the Gmail accounts of several hundred people, including senior US government officials, military personnel and political activists.
Last year computer security firm Mandiant reported that data was stolen from a Fortune 500 manufacturing company during business negotiations when the company was trying to buy a Chinese company.
Earlier this year, McAfee traced an intrusion to an Internet protocol address in China and said intruders took data from global oil, energy and petrochemical companies.
Chinese Foreign Ministry spokesperson, Liu Weimin (劉為民) did not respond yesterday to the specific allegations about government--supported cyberattacks, but said Internet security is an issue the world needs to address collectively.
The international community should “prevent the Internet from becoming a new battlefield,” Liu said at a daily media briefing in Beijing.
For the first time, US intelligence officials called out China and Russia last month, saying they are systematically stealing US high-tech data for their own economic gain.
The next step, Cartwright said, must be a full-throated US policy that makes it clear how the US will deal with cyberattacks, including the attackers as well as the nations the attacks are routed through.
The government is aiming to recruit 1,096 foreign English teachers and teaching assistants this year, the Ministry of Education said yesterday. The foreign teachers would work closely with elementary and junior-high instructors to create and teach courses, ministry official Tsai Yi-ching (蔡宜靜) said. Together, they would create an immersive language environment, helping to motivate students while enhancing the skills of local teachers, she said. The ministry has since 2021 been recruiting foreign teachers through the Taiwan Foreign English Teacher Program, which offers placement, salary, housing and other benefits to eligible foreign teachers. Two centers serving northern and southern Taiwan assist in recruiting and training
WIDE NET: Health officials said they are considering all possibilities, such as bongkrekic acid, while the city mayor said they have not ruled out the possibility of a malicious act of poisoning Two people who dined at a restaurant in Taipei’s Far Eastern Department Store Xinyi A13 last week have died, while four are in intensive care, the Taipei Department of Health said yesterday. All of the outlets of Malaysian vegetarian restaurant franchise Polam Kopitiam have been ordered to close pending an investigation after 11 people became ill due to suspected food poisoning, city officials told a news conference in Taipei. The first fatality, a 39-year-old man who ate at the restaurant on Friday last week, died of kidney failure two days later at the city’s Mackay Memorial Hospital. A 66-year-old man who dined
EYE ON STRAIT: The US spending bill ‘doubles security cooperation funding for Taiwan,’ while also seeking to counter the influence of China US President Joe Biden on Saturday signed into law a US$1.2 trillion spending package that includes US$300 million in foreign military financing to Taiwan, as well as funding for Taipei-Washington cooperative projects. The US Congress early on Saturday overwhelmingly passed the Further Consolidated Appropriations Act 2024 to avoid a partial shutdown and fund the government through September for a fiscal year that began six months ago. Under the package, the Defense Appropriations Act would provide a US$27 billion increase from the previous fiscal year to fund “critical national defense efforts, including countering the PRC [People’s Republic of China],” according to a summary
‘CARRIER KILLERS’: The Tuo Chiang-class corvettes’ stealth capability means they have a radar cross-section as small as the size of a fishing boat, an analyst said President Tsai Ing-wen (蔡英文) yesterday presided over a ceremony at Yilan County’s Suao Harbor (蘇澳港), where the navy took delivery of two indigenous Tuo Chiang-class corvettes. The corvettes, An Chiang (安江) and Wan Chiang (萬江), along with the introduction of the coast guard’s third and fourth 4,000-tonne cutters earlier this month, are a testament to Taiwan’s shipbuilding capability and signify the nation’s resolve to defend democracy and freedom, Tsai said. The vessels are also the last two of six Tuo Chiang-class corvettes ordered from Lungteh Shipbuilding Co (龍德造船) by the navy, Tsai said. The first Tuo Chiang-class vessel delivered was Ta Chiang (塔江)