Feeds

China breaks ceasefire, restarts hacking US government

Officials say it's time to move beyond 'jaw jaw'

Business security measures using SSL

After a three-month hiatus, Chinese hackers are once again targeting US government sites, according to government officials and the security firm that first uncovered the attacks.

"They dialed it back for a little while, though other groups that also wear uniforms didn't even bother to do that," Kevin Mandia, the chief executive of Mandiant, told The New York Times. "I think you have to view this as the new normal."

Mandiant identified the hacking attacks as coming from Unit 61398 (also known as the 2nd Bureau of the People's Liberation Army's General Staff Department's 3rd Department). The attack team has used its time off to tweak its code slightly, the company said, and has set up new command and control servers. Attacks are at about 70 per cent of prior levels, Mandiant reports.

Unit 61398 is thought to be behind the attacks on the NYT, as well as successfully infiltrating RSA's SecureID system to enable a break-in at Lockheed Martin's servers. After being publicly identified, the group went dark, and the Chinese government insisted that it was more sinned against than sinning.

Government officials who spoke to the NYT said that patience with the Chinese hackers is running out. A report recommending action is due out on Wednesday from President Obama's former director of national intelligence, Dennis Blair, and former ambassador to China and Republican presidential candidate Jon Huntsman.

"Jawboning alone won't work," Mr. Blair said on Saturday. "Something has to change China's calculus."

Quite what the administration is prepared to do, however, remains in question. While the Pentagon has said it views some hacking attacks as worthy of a physical response, it's hard to imagine any such action would be taken against China or other nations engaging in hacking.

"It is becoming ever clearer that nation-states are institutionalizing cyberespionage and cyberwarfare," Torsten George, VP at security risk management vendor Agiliance told El Reg.

"Government secrets, high-value infrastructure assets, corporate data, IP, customer data are all continually at risk. Incoming threats are not volleys, they are akin to silent AK-47 automatic rifle fire, continuous and destructive."

It's not as though the US doesn't engage in this sort of behavior itself, as we've seen with the Stuxnet attacks. Admittedly, the US hasn't embraced such attacks for purely economic advantage (that we know about for sure) but the government seems to have had enough with China.

"This is something we are going to have to come back at time and again with the Chinese leadership," an official told the NYT, saying China will "have to be convinced there is a real cost to this kind of activity." ®

Providing a secure and efficient Helpdesk

More from The Register

next story
PORTAL TO ELSEWHERE scried in small galaxy far, far away
Supermassive black hole dominates titchy star formation
Boffins say they've got Lithium batteries the wrong way around
Surprises at the nano-scale mean our ideas about how they charge could be all wrong
Bacon-related medical breakthrough wins Ig Nobel prize
Is there ANYTHING cured pork can't do?
Edge Research Lab to tackle chilly LOHAN's final test flight
Our US allies to probe potential Vulture 2 servo freeze
Europe prepares to INVADE comet: Rosetta landing site chosen
No word yet on whether backup site is labelled 'K'
Cracked it - Vulture 2 power podule fires servos for 4 HOURS
Pixhawk avionics juice issue sorted, onwards to Spaceport America
'Duck face' selfie in SPAAAACE: Rosetta's snap with bird comet
Probe prepares to make first landing on fast-moving rock
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.