China may be winning cyber war

Report cites accelerated 'Byzantine Hades' attacks on U.S. systems

The pace of cyber-espionage between China and the United States has picked up in recent years and security experts say China may have taken the upper hand, according to a report by Reuters.

Brian Grow and Mark Hosenball write that China has stolen terabytes of sensitive U.S. data as part of a campaign of attacks that are accelerating. The stolen information includes usernames and passwords for State Department computers and designs for multi-billion dollar weapons systems, the authors write.

Grow and Hosenball cite leaked State Department cables — obtained by Wikileaks and handed over to Reuters — tracing attacks to China and interviews with security experts. U.S. investigators have given a name to China's attacks — “Byzantine Hades.”

Related stories:

How Google attacks changed the security game

Advanced persistent threats are a new way of life

Among the examples they site are the Aurora attacks on Google, announced in January 2010, in which the systems of anywhere from 100 to 100 companies were breached. China has been widely suspected in the attacks.

Aurora is an example of an advanced persistent threat, an under-the-radar targeted attack that uses social engineering tricks to gain access to systems. The approach can be used in spear-phishing attacks on high-value targets, who would likely have access to sensitive information. The Reuters report said spear-phishing is China’s most common form of attack.

Of course, saying which country really has the upper hand is difficult, since so much of it is done in secrecy. Grow and Hosenball point out that little is known about what the United States is carrying out in cyberspace, and the same could be said of any country.

As Marc Fossi, executive editor of Symantec’s Internet Security Threat Report, told GCN’s William Jackson recently: “The targeted attacks we’ve heard about are only the ones we’ve heard about.”


About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

Nominate Today!

Nominations for the 2018 Federal 100 Awards are now being accepted, and are due by Dec. 23. 


Reader comments

Wed, Apr 20, 2011

If we are behind it is because we are fat and lazy. We outspend these creeps tremendously. There is no excuse. Oh by the way, if there is a war on, should we not acknowledge it and fight back? Are we spineless too?

Tue, Apr 19, 2011

Once upon a time, valuable systems weren't connected to the Internet. The operating systems were flavors of UNIX arcana managed by the very few who understood the OS. Today, these systems are connected to the Internet, and an "all Microsoft" mindset permeates the enterprise. Microsoft continues to fix those security holes it is willing to address every Tuesday. Further, a near endless quantity of zero day exploits wait in the wings. Lastly, Microsoft willingly gave the Chinese government the source code for their flagship product, the Windows operating system. So with an insecure monoculture as a primary attack vector, we're supposed to be surprised by the results?

Tue, Apr 19, 2011 RayW

Of course they are. A closed society always has an advantage in covert warfare over an open society. Plus, with the inability of our government to dispose of any media types who rock the boat, the US tends to have more sensationalism type exposés that are sometimes bogus, sometimes spun to sound worse than they are or to hide other parties at the expense of another. All points of data and clues that others can use in a multitude of ways normal folks would not think of and knowing what we are trying to do (plus the political clout that comes from it).

Then you have the big push to put everything out on facebook, twitter, and other open uncontrolled sites, the "cloud", centralized data bases, mandated centralized CAC security check points, all intranet routed through a central point to access the internet, monoculture computing (if it ain't Microsoft, you can’t use it mentality), open computers that can be controlled or updated remotely even when you are trying to work, it all makes it easy to focus all your hacking talent into narrow fields to glean all the data you can use and then some, and to access many systems throughout the government, not just one system.

But then what do I know? I am just a dumb engineer having to fight with the system that is designed to protect us from all this, but makes it harder to work, and apparently more vulnerable, all in the name of saving money in certain funding pots, and looking like something is being done.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group