Report: China ready for cyber war

Jake Widman
Saturday, 24 October 2009 07:25

Business IT - Security

The report's authors say that the kinds of breaches already discovered are too disciplined and require too much planning to be the work of ordinary cybercriminals.

"The problem is characterized by disciplined, standardized operations, sophisticated techniques, access to high-end software development resources, a deep knowledge of the targeted networks, and an ability to sustain activities inside targeted networks, sometimes over a period of months," the study says.

"The depth of resources necessary to sustain the scope of computer network exploitation targeting the U.S. and many countries around the world coupled with the extremely focused targeting of defense engineering data, U.S. military operational information, and China-related policy information is beyond the capabilities or profile of virtually all organized cybercriminal enterprises and is difficult at best without some type of state sponsorship," the report continues.

The authors write that through 2007, cyber attackers had successfully "exfiltrated" up to 20 TB of "sensitive but unclassified" data from U.S. government and defense industry networks.

The report also offers an "operational profile of an advanced cyber intrusion" -- i.e., a description of an actual large-scale attack on a particular defense firm. "Over a multi-day period during this incident, intruders staged a complex data exfiltration operation and while the activity associated with this incident occurred within a relatively short span of time, the preparations and reconnaissance necessary to support it had likely been ongoing for months," the authors write.

The attackers went right after particular files and took them, without any apparent need to look around for the right directories or to just grab what they could get.

"The company’s internal analysis of the incident indicates that the attacks came through, or originated from, China and many of the techniques are consistent with the operational profile attributed to other attacks believed to originate from China," says the report.