Getting Hotter: China vs US Cyberwar

China-vs.-US-Cyberwar-Heats-Up.jpg

US-China diplomatic ties have once again taken a nosedive owing to the continuing disagreements over the OPM hack. Even as suspicion in the United States against China is mounting, Beijing continues to dismiss accusations and take umbrage at the potentially defamatory claims.

Many within the Chinese elite believe that China itself has been the target of hackers all over the world and America’s suspicions make for a decline in the quality of Sino-US cooperation. Gao Cheng of the National Institute of International Strategy of China Academy of Social Sciences writes on his micro blog, “I can only say, if it was not done by China, the US just slandered China viciously.”

The Attack On OPM

The attack on the data housed by the Office of Personnel Management constitutes one of the most intrusive and sustained security breaches to have ever been carried out against the United States. The breach was discovered in April 2015, but it is believed to have started last year. It is estimated that over 24 million people stand affected by the hack, including former, current and prospective employees of the US government.
Comparisons with a similar attack against KeyPoint Government Solutions last year have caused authorities to opine that the two consecutive acts of cyber warfare might be the work of the same people. KeyPoint Government Solutions is a contractor for OPM and the two attacks display several similarities, including the modus operandi and the telltale digital signatures that hackers leave behind, even when they are able to mask their origins.

China Continues To Be A Prime Suspect

Even though the US government has refrained from making an official statement regarding potential suspects in order to preserve US-China ties, the popular opinion is that Beijing is most likely behind the data theft.
Speaking with CNN in July 2015, James Clapper, the Director of National Intelligence, stated that China continues to be the “leading suspect” in the matter of the cyber attack.
Mr. Clapper is the most prominent American official to have openly blamed China for the cyber attack. Most government personnel are careful not to upset the US-China balance and have remained tight-lipped about their suspicions in the months since news of the attack broke.

All's Fair In Cyber War

Even as the attack on OPM continues to make waves as the worst attack on US cybersecurity of all time, experts share that these kinds of attacks are only natural. In fact, the only thing unusual about the 2014-2015 hack is the duration and intensity of the attack; American cybersecurity authorities have shared that if US-China role reversal were an option, American hackers would not waste any time in leveraging the same kind of attack against the Chinese.
Cyber espionage is clearly the new frontier of geopolitical rivalries, as US Secretary of State John Kerry recently shared his belief that it is “very likely” that both Russia and China are accessing his e-mails. The Secretary of State has, however, been careful not to accuse China of the OPM attack and has only commented to say that there has been “no finger-pointing” in official gatherings discussing and investigating the possible sources of the breach.
In response to an enquiry by CNN, James Clapper admitted that the US would probably like to be able to even the score, stating, “You have to kind of salute the Chinese for what they did.”
What Were The Hackers Looking For?
If past experiences are to be believed, state-backed hacks from China are nothing new. In 2013, a cybersecurity firm by the name of Mandiant made news when it released information about as many as 141 US firms across 20 niches being targeted by Chinese military-supported hackers.
Chinese hackers are known to target trade secrets, business plans and economic information. Trade-oriented cyber espionage forms an integral aspect of the state’s security strategy. The bureau chief of the Washington Post’s Beijing office shares that, “The economy is so central to the Communist Party's legitimacy that spying for the sake of benefiting state-owned companies for example is part of the government's national strategy.”
The cyber attack on OPMs files has resulted in the loss of personal and identifying information pertaining to millions of US citizens, including, but not limited to- addresses, social security numbers, background checks, information on spouses and family members, medical histories, professional profiles etc.

Beijing Denies Allegations

Beijing has maintained that China played no part in the attack on the data held at OPM and has cautioned the US against making any unwarranted claims. Even as the US-China cyber war heats up, government officials dismiss allegations about Beijing’s role in the data breach. Hong Lei, a spokesperson for the Chinese Foreign Ministry, speaking at a news conference in June 2015, called for a more supportive US-China relationship, stating, “We wish the United States would not be full of suspicions, catching wind and shadows, but rather have a larger measure of trust and cooperation”.
Citing the impossibility in conclusively determining the source of a cyber attack of this nature, Chinese officials have also stated that it is “irresponsible and unscientific” of the Obama administration to point fingers at Beijing with its “groundless accusations”. Mr. Lei has spoken of the US suspicions being “without deep investigation and research.”

China A Cyber Victim Too

Beijing has long maintained that China is itself the victim- and not a perpetrator- of cyber attacks. The Chinese ministry has denied allegations claiming that it is behind the attack on OPM and has instead asked for the United States’ support because it, too, is a target of hackers. Mr. Lei, in a meeting with the press, said that for US-China ties to improve the Obama administration needs to be “less suspicious and stop making any unverified allegations, but show more trust and participate more in cooperation.”
Beijing continues to stand by the position that the need of the hour is global cooperation against hackers so that both the American and the Chinese governments alike can be protected against cyber breaches.
The director of Shanghai’s Fudan University’s Center for American Studies, Shen Dingli, has echoed a popular Chinese sentiment by claiming that America, too, is known to execute cyber attacks against the Chinese. “Just don’t pretend America is the only victim, America also victimizes others,” said Mr. Dingli, continuing, “The US government will target the Chinese government. If they happen to see the information of a few million Chinese government workers, would they not download it? I think they would.”

A spokesperson of the Chinese Embassy to the United States, Zhu Haiquan, has shared the view that the threat of cyber attacks “will only be addressed by international cooperation based on mutual trust and mutual respect.”
Chinese Media Responds. It is not just Chinese government officials in Beijing and abroad who have taken exception to the general attitude of suspicion towards China: the mainstream Chinese media, too, believes that China has been wrongfully blamed and continues to be a victim of propaganda.

The state-centric newspaper The Global Times has lashed out at American publications for carrying unverified news of China being responsible for the hacks. The newspaper has criticized The Wall Street Journal and The Washington Post by name, specifically. The newspaper has taken a critical view of what it claims is a pattern whereby America is quick to blame China for its problems, stating, “In fact, it is not the first time that the American media and institutions blame China for internet security breaches. However, no evidence has been presented so far.”
President Jinping’s Upcoming Visit

The most pressing question on everyone’s mind is if the souring US-China relations are going to affect Chinese President Xi Jinping’s visit to the United States next month. The Chinese leader is expected to sit down in talks with President Obama to discuss issues that are of importance to both countries, such as trade and human trafficking and of course, cybersecurity.
However, seeing as to how the two countries have come to loggerheads in recent times, political commentators are wondering whether as much can be expected from the exchange as was previously envisioned.

The cyber attack is not the only factor to have caused a strain to the US-China relationship: Beijing’s decision to devalue the Chinese currency, the Yuan, has caused a severe blow to the American economy’s prospects abroad and has not gone down well with Washington. Then there is also the matter of Operation Foxhunt- Beijing’s multi-country endeavor to crack down on corruption by tracking down Chinese criminals who have fled abroad and recovering ill-gotten funds and assets. The “strong arm tactics” and coercive measures employed by Beijing’s undercover operators in the United States have caused Washington to issue a warning to the Chinese government to reign in its agents, furthering causing the US-China rift to widen. Another thorn in the US-China equation has been the acrimony between the two states over the latter’s actions in the South China Sea: Beijing’s decision to build artificial islands in the sea has met with severe opposition criticism from the other claimants in the dispute and the US’s decision to intervene has further alienated the two global powers.

In the wake of these developments, political experts are not very hopeful vis-à-vis President Jinping’s scheduled visit to the United States.
Ein News:http://http://bit.ly/1F06eYC

 

« Pentagon Will Counterattack Cyber Strikes
Should the US Use Hidden Data to Warn Industry of Attacks? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

RSA Conference

RSA Conference

RSA Conference conducts information security events around the globe that connect you to industry leaders and highly relevant information.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

Menlo Security

Menlo Security

Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email.

Semperis

Semperis

Semperis is an enterprise identity protection company that enables organizations to quickly recover from accidental or malicious changes and disasters that compromise Active Directory.

Snyk

Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world.

SMESEC

SMESEC

SMESEC is a lightweight Cybersecurity framework for protecting small and medium-sized enterprises (SME) against Cyber threats.

StepStone

StepStone

StepStone is one of the leading online job platforms in Germany, and other countries, covering all industry sectors including IT and cybersecurity.

Blockchain Solutions

Blockchain Solutions

Blockchain Solutions Limited is a technological One Stop Solution provider, for Blockchain technology.

Aergo

Aergo

Aergo offers an easier and more proven way to adopt blockchain and transform your business while building on your existing IT and cloud assets.

Avertium

Avertium

Avertium is the managed security and consulting provider that companies turn to when they want more than check-the-box cybersecurity.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

Swiss It Security Group

Swiss It Security Group

Swiss It Security Group offers clients complete IT security concepts based on innovative solutions and technology, with a focus on protection, detection and defence.

AnyTech365

AnyTech365

AnyTech365 is a leading European IT Security and Support company helping end users and small businesses have a worry-free experience with all things tech.

inWebo

inWebo

inWebo is the specialist in multi-factor strong authentication (MFA). We guarantee the security of data and identities in a digital world with increasingly important economic and political stakes.

Avanade

Avanade

Avanade is a leading provider of innovative digital, cloud and advisory services, industry solutions and design-led experiences across the Microsoft ecosystem.

runZero

runZero

runZero delivers the most complete security visibility possible, providing you the ultimate foundation for successfully managing exposures and compliance.