Pierluigi Paganini March 22, 2013

Recent cyber attacks against North and South Korea are inflaming the debate on the importance of cyber security, governments are massively investing in the improvement of cyber capabilities to be prepared to mitigate the increasing number of offensives.

China is considered the most aggressive state, according principal security firms and cyber experts, from its country is originated majority of cyber attacks against Western Nations.

Due the nature of the targets, typically industry and government agencies, and the information stolen, security community believes that behind majority of cyber operations there are groups of state sponsored hackers.

We tend to think of China as a cyber power able to crush anyone without considering that it is itself the victim of a large number of attacks.

Xinhua agency revealed that China’s Internet security watchdog observed that in the period between September 2012 and February 2013, 85 government websites and high-profile private companies suffered cyber attacks.

Chinese IT firms, and also defense agencies are daily attacked mainly to steal sensitive information and intellectual properties, in many case foreign governments try to spy on technological evolution of the Asian Giant.

Chinese authorities are concerned regarding the pressure of attacks originated from West, 46% of the incursions were traced back to the United States based, however China’s Internet security watchdog didn’t specified if behind them there is the US Government or independent group of hackers. It must be considered that many attacks are also conducted by groups of hacktivists that fight against internet censorship of government of Beijing.

Surprising the number of overseas Internet Protocol (IP) addresses originating the attacks, CNCERT (National Computer Network Emergency Response Technical Team Coordination Center) identified in 2012 73,000 different addresses involved in hijacking nearly 14.2 million mainframes in China via Trojan or Botnet.

Majority of malware based attacks is originated in US, the attackers gathered unauthorized access to 16,388 web pages in China, the percentage of government websites is 11% in 2012, up 6.1 percent respect previous year.

According last “Weekly Report of CNCERT” The infected computers in mainland China amounted to nearly 1.4 million, among which about 0.4 million were controlled by Trojans or Botnets and about 1 million by Confickers.

Malware isn’t the unique cyber threat that concerning Chinese CERT, its experts detected 22,308 phishing websites, a trend of steady rise driven by the country’s overall technological growth and the spread of consumer electronics devices such as mobile devices.

96.2% of the phishing websites are hosted on foreign severs, of which 83.2% is located in US.

The situation appears specular to the one described my US authorities and that is the principal issue that must be discussed by both diplomacies, Chinese Foreign Ministry said last week “the country hopes to discuss the issue with the Unites States and called for the international community to join efforts to fight hacking”.

Pierluigi Paganini

(Security Affairs – China)