China reacts to military hackers' indictment, accuses US of hypocrisy
Posted on 20 May 2014.
Yesterday, for the first time ever, the US Justice Department filed criminal charges against known state actors for hacking, as it accused five Chinese military hackers of cyber espionage against US firms.

The Chinese government has reacted predictably by accusing the US of hypocrisy and double standards.

"The US accusation against Chinese personnel is purely ungrounded with ulterior motives," stated China's Foreign Ministry's spokesperson Qin Gang.

"China is a victim of severe US cyber theft, wiretapping and surveillance activities. Large amounts of publicly disclosed information show that relevant US institutions have been conducting cyber intrusion, wiretapping and surveillance activities against Chinese government departments, institutions, companies, universities and individuals," he commented, and added that China is urging the US to withdraw the indictment.

The Chinese government has also released (via the state-controlled Xinhuanet) the latest data about US cyber attacks aimed at Chinese computers and networks:

Latest data from the National Computer Network Emergency Response Technical Team Coordination Center of China (NCNERTTCC) showed that from March 19 to May 18, a total of 2,077 Trojan horse networks or botnet servers in the U.S. directly controlled 1.18 million host computers in China.

The NCNERTTCC found 135 host computers in the U.S. carrying 563 phishing pages targeting Chinese websites that led to 14,000 phishing operations. In the same period, the center found 2,016 IP addresses in the U.S. had implanted backdoors in 1,754 Chinese websites, involving 57,000 backdoor attacks.

The U.S. attacks, infiltrates and taps Chinese networks belonging to governments, institutions, enterprises, universities and major communication backbone networks. Those activities target Chinese leaders, ordinary citizens and anyone with a mobile phone. In the meantime, the U.S. repeatedly accuses China of spying and hacking.
China has also pulled out of the China-US Working group for the time being.

The UD DOJ's indictment claims that Chinese state-owned enterprises directly benefited from the information stolen by these military hackers.

Also, it must be noted that the indictment was raised for the hacking of US enterprises, not government and military networks. The US government has repeatedly said that while it engages in surveillance and spying for the sake of national security, it has never shared any of the gleaned information with US-based businesses in order for them to gain a competitive advantage on the market.

While no-one expects the charged individuals to stand trial in the US, the indictment was apparently made to push the Chinese government to curb economic cyber espionage. On the other hand, the move could backfire and result in China and other countries (such as, for example, Brazil) raising the same charges against NSA spies and contractors.

Finally, the move is seen by some as a way for the US government to reframe the surveillance debate. As you might remember, before Snowden's revelations, the US was constantly and repeatedly accusing China of hacking, and some China-based companies of facilitating those incursions. But only last week, another revelation stemming from Snowden's trove of NSA documents showed that the NSA has been planting backdoors in American-made network devices destined for the foreign market.

While this situation untangles, it has been revealed that China has announced that it has banned the use of Windows 8 on government computers. The ban was made public last week, so the decision isn't connected with this latest conflict.

China's Central Government Procurement Center has not commented whether Windows 7 will be banned, as well, but it's known that they have been working on an alternative OS based on Linux for government purposes.









Spotlight

Lessons learned developing Lynis, an open source security auditing tool

Posted on 15 October 2014.  |  Lynis unearths vulnerabilities, configuration errors, and provides tips for system hardening. It is written in shell script, installation is not required and can be performed with a privileged or non-privileged account.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //