Skip to main content

Hitachi ID Systems Blogs

Posts Tagged ‘look there – not here’

Now China claims US hacks

Thursday, February 28th, 2013

Sometimes press releases are so dumb that they are funny.

Recently, the security firm Mandiant provided a detailed analysis of systematic, industrial-scale attacks against US and other private interests by a large, government-supported, well funded Chinese military agency. This was a wonderfully interesting read because it was full of evidence, analysis, clear links to a state actor as the aggressor, estimates of the scope and duration of attacks against private sector targets and more. Brilliant stuff.

Obviously, China denied the allegations (and why wouldn’t they?). Of course, none of that detracts from the detailed and convincing evidence, so clearly the Chinese feds are just engaged in mindless damage control and PR. No big deal – that’s the sort of stuff governments do.

Forceful public denials didn’t seem to convince anyone, though, so now they have a new tactic – complain that US hackers are attacking them instead. They claim 144,000 “attacks” per month against a couple of military-related web sites.

Call me crazy, but I’m dubious. First, no evidence was provided, so who knows if the number just came out of some marketing hack’s rear end or represents anything factual?

Second, what constitutes an attack? Our corporate web site is hit by thousands of script kiddie connection attempts daily, presumably hoping to take advantage of a buffer overflow or bug in some software or other, which isn’t even installed on our site. This sort of “attack” traffic is just a normal part of the web traffic for most sites. Should we consider these connections to be “attacks” or just random “probes?” If they come from compromised machines that happen to be in the US, does that mean that “the US is attacking us?” I hardly think so.

So clearly the Chinese government’s public relations hacks are behaving like children, as you would expect them to:

  • They don’t seem to know what an “attack” is.
  • They don’t seem to understand the value of “evidence.”
  • They are engaging in a transparent effort to save face, after having been caught with their hand in the cookie jar.
  • They cannot seem to differentiate between “state actors” and “IPs registereed in that jurisdiction.”
  • Of course, they have provided no evidence that Mandiant’s report is in any way untrue. Think about it — if that report was wrong, they could just march some reporters from the BBC or CNN or something into the building where the operation is purported to be taking place and show them that there are no hackers here. Easy, case closed, Mandiant would have egg on their face. What? They haven’t done that? Surprise, surprise!

The discussion above is not meant to imply, by the way, that the US military does not engage in “cyber warfare” — just that they are much more sophisticated and effective than this silly press release suggests. Think Stuxnet, not script kiddie. I’m not sure that they target China much either. Probably not enough Chinese-speaking US hackers to do that effectively. I think they are much more concerned with military and nuclear targets in Iran than Chinese commercial interests.

page top page top