As few as 12 Chinese hacking groups responsible for most US attacks

By Lee Kaelin on December 12, 2011, 11:22 AM

U.S. cyber security analysts and experts say that fewer than 12 different Chinese groups are responsible for most of the China-based cyber attacks that result in critical data being stolen from U.S. companies and government agencies.

Speaking to The Associated Press, the analysts said the intrusions have resulted in the loss of billions of dollars of intellectual property and other critical data. While stealthy and aggressive in nature, the distinct signatures the hackers leave behind make it possible for U.S. cyber security investigators to more or less accurately identify what teams are responsible.

According to the report, the U.S. gives unique names or numbers to the attackers, and at times can tell where the hackers are and even who they may be. However, it's nearly impossible to prosecute hackers in China due to the lack of any form of agreement between the two countries. Even if it was possible to provide definitive proof of where the attacks came from, it's very unlikely that China would act upon it -- not surprisingly given that at least some of these groups are believed to have financial backing from the country's government or military.

China is cited as the leading origin of attacks relating to sensitive or confidential property, while Eastern Europe and Russia are responsible for most fraud pertaining to credit card and financial information theft.

Retired Marine General and former vice chairman of the Joint Chiefs of Staff, James Cartwright, said the industry already felt it was at war. He is a recognized cyber security expert advocating for increased U.S. efforts to hold China and other countries accountable for the cyber attacks that come from within their borders. According to Cartwright, the U.S. "needs to say, if you come after me, I'm going to find you, I'm going to do something about it. It will be proportional, but I'm going to do something."

The recently revealed zero-day vulnerability in Adobe Reader is an excellent example of software flaws being exploited against U.S. military. The vulnerability was used to attack Lockheed Martin via the remote installation of a Trojan dubbed "Sykipot". Symantec's inspection of said Trojan revealed that it contained error messages in Chinese, leading them to believe the attacks could have originated from that country. Furthermore the security firm found evidence that the attacks have lasted at least two years and perhaps as far back as 2006, adding weight to the theory that the attacks are part of a well-funded and motivated effort.

User Comments: 7

Got something to say? Post a comment
Techno Viking said:

If it really is only 12 groups it should be easier to stop them. We all know that they wont be caught/prosecuted easily though.

amstech amstech, TechSpot Enthusiast, said:

Everybody is hacking everybody.

It's been happening for years and it's only going to get worse.

The US has a poor educational system that does not produce good programmers, if they don't come from RIT they shouldn't be allowed to graduate as a programmer who thinks they understand all forms of programming langauge, from the basics to the elite.

Guest said:

The United States doesn't have to do anything openly.

They can just pay individuals to goto China and spy/sabatage them.

If it is China's gvmnt, then United States should EMP these clowns, then send a pizza to let them know we can be azzholes too..

Tomorrow_Rains said:

I agree

I definitely agree with you.

As a computer science student and graduate even going for my masters i'm barely breezing by because the educational system only teaches you enough to go work for a bank. literally.

Archean Archean, TechSpot Paladin, said:

You guys will be surprised if you do a little research on what US Govt. actually do to others, just that others do not cry foul generally, and try to respond in kind. To be fair, everyone does this to their enemy or enemies, so what the heck?

Guest said:

It is hard to prosecute a criminal in China, but let's face it: if the chinese authorities would want to prosecute an american citizen - would USA extradite it in order to face charges in China? I think not.

caravel said:

You guys will be surprised if you do a little research on what US Govt. actually do to others, just that others do not cry foul generally, and try to respond in kind. To be fair, everyone does this to their enemy or enemies, so what the heck?

+1 but they also do it to whoever they count among their "friends" this week...

This happens all the time, yet these press articles are mostly vague and misleading propaganda, giving a skewed and one sided perspective. The aim is to get the ignorant masses stirred into a xenophobic frenzy with a sense of being attacked by outsiders. There is no evidence to support any of these supposed "hacking groups" being endorsed by the regime (or even existing) - we are simply expected to take their word for it... I would bet money that most are individuals who do this simply because they can get away with it or those involved in corporate espionage. If someone can get away with hacking into a major US defence company, without worrying about the US tracking him down or Chinese authorities turning him over, he's going to do it. Even if the regime do turn up on his doorstep one day, they're more likely to hire him before they'll turn him over to the US. That's nothing unusual - as there is no such thing as good/evil when it comes to hacking, just the very good and the best.

In the case of Gary McKinnon, are we to assume that he was really working for MI6...? Should the US now consider Britain an enemy because the hacker was operating from British soil? Or does this customary sabre rattling only apply to regimes that the US opposes...

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.