Who does China blame for a third of all cyber attacks against it? The USA

Graham Cluley

A few years ago, in what we call the BS era (“Before Snowden”), there were frequent accusations levelled against China for attempting to hack into foreign country’s computer systems and steal information.

And, to be fair, there was often good reason to suspect that some attacks were conducted with the endorsement of the Beijing authorities. Invariably, China would deny the claims and say that, in reality, it was a victim of internet attacks and cyber-spying.

However, recent leaks from the NSA have turned the spotlight firmly back to the Western world, and its involvement in cyber espionage.

So it is perhaps with a little less cynicism today that we hear reports from China, pointing the finger of blame strongly back in America’s direction.

At a conference in Beijing, China’s Computer Emergency Response Team (CNCERT) claimed that the United States was the main culprit for what had been a more than 50% increase in cyber attacks launched against the country’s networks.

61,000 Chinese websites were said by the organisation to have been struck by “nationally-organised” attacks involving backdoor trojans originating from overseas during 2013, a “significant” rise of 62.1%.

As a result, almost 11 million Chinese computers were said to have been infected last year by malware produced overseas. Although America ruled the roost as the alleged main source for the attacks (30.2%), South Korea and Hong Kong were also singled out for attention.

Of course, as with all accusations of state-sponsored attacks we have to be careful before apportioning blame.

It is incredibly difficult to prove that a particular country is behind an attack. It’s only too easy for a malicious hacker to commandeer a computer in a different country, and leapfrog their way around the world – disguising their true origin.

Even if an attack is proven to come from, say, Washington DC or Beijing, that’s very different from saying that the US and Chinese authorities authorised it. It might just as easily be an amateur hacktivist or a financially-motivated cybercriminal behind a particular attack.

At the same time, of course, we should not be naive. The internet has opened incredible windows of opportunities for countries to spy on each other – and why wouldn’t they use cyberspace to snoop on each other and gain an advantage?

My belief is that every sophisticated country is using the internet to spy, to steal information and to gain advantage over its rivals. In some cases, they are no doubt spying on their allies as well.

The important thing, of course, is for us to take precautions.

Whether it’s an intelligence agency, a foreign army, a hacktivist or a greedy cybercriminal, we all need to keep our computer systems squeaky clean with the latest patches and security software to reduce the risks to our own computers. Encrypt your sensitive data, and educate your staff in best practices.

That way, it doesn’t matter where in the world the hacks are coming from, you’ve reduced the chance of them succeeding.

By the way, there was some good news in CNCERT’s announcement. They claimed that the number of computers compromised by botnet Trojans (normally used for the purposes of sending spam or launching distributed denial-of-service attacks) had reduced by 22.5%.

If true, that’s actually good news for all of us. Compromised computers, recruited into botnets, plague every single internet user with the spam they send out and the DDoS attacks they launch.

More needs to be done to clean-up the world’s computers from being hijacked by hackers, and if China is reporting that it is making progress in that battle they get my full support.

This article originally appeared on the Lumension blog.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.