Chinese Connections

By Ericka Chickowski  |  Print this article Print

The days of worms, viruses and identity theft may have seemed serious at the time, but recently the IT security threat level has ratcheted up significantly. Now U.S. defense contractors are under attack, White House email accounts are hacked, and the U.S. Department of Defense classifies cyberwarefare as an act of war. It's a whole new level of threat.

Chinese Connections

There's no direct evidence that Chinese-sponsored hackers were responsible for any of the defense contractor's woes, but it would certainly fit the trend of increasing pressure from China's underground attacks. The country was linked to a previous attack on Lockheed to steal plans for the F-35 Joint Strike Fighter and numerous documents leaked over the last few years from the DoD have reported that the agency has numerous examples of Chinese-sponsored probing attacks levied against critical infrastructure targets within the U.S.

In fact, last week Google accused Chinese-sponsored hackers of targeting Gmail accounts of White House staffers. On Thursday China naturally denied the allegations, claiming in its state-run press that the allegation was "a fabrication out of thin air."

But the accusation and the verbal denial sent from China were serious and potentially grounded enough to bring U.S. Secretary of State Hillary Clinton out for a press conference that had her explain that an FBI investigation was underway and that the White House was looking into the matter.

Meanwhile, DoD officials last week told the Wall Street Journal that it was changing its policies to classify cyberwarfare activity as official acts of war.

"Given that malicious code can be used as a weapon and that attackers are capable of breaking into and controlling systems that are part of the national infrastructure, the Pentagon's strategy makes perfect sense," wrote Dr. Eugene Schultz, CTO at Emagined Security, in a recent update from the SANS Institute.

The DoD official did not link its policy change or announcement with the Google attack or the attacks against government defense contractors, but the timing was curious enough to raise the hackles of Chinese officials. On Friday the country accused the United States itself of conducting its own cyberwarfare activities against the Middle East, a statement that many consider a political move to distract from accusations lodged against it.

Lesson: Be Prepared

According to some, the events of last week underscore a big transition the security industry must face.

"I do think that this (Lockheed) attack and many others is really a symptom of a sea change in the security threat landscape," says Brent Remai, vice president of marketing for security firm FireEye. "It's amazing how many of these attacks have happened in just the last three months. The whole industry's moved from just worms and viruses causing disruption of companies to spyware and bots that were really more for cybercrime and financial gain to now evolving even broader into state-sponsored attacks and cyber espionage, going after (intellectual property)."


With this progression of the threat, vendors and partners are going to need to help their customers negotiate this change. So far, Remai says, they've been pretty unsuccessful.

"The security landscape is not really keeping up with the evolution of the sophistication of the attacks," he says. "Most people's defenses are signature-based and very reactive. Fundamentally they cannot stop the advanced zero day and targeted attacks."