U.S. cyber security analysts and experts say that fewer than 12 different Chinese groups are responsible for most of the China-based cyber attacks that result in critical data being stolen from U.S. companies and government agencies.
Speaking to The Associated Press, the analysts said the intrusions have resulted in the loss of billions of dollars of intellectual property and other critical data. While stealthy and aggressive in nature, the distinct signatures the hackers leave behind make it possible for U.S. cyber security investigators to more or less accurately identify what teams are responsible.
According to the report, the U.S. gives unique names or numbers to the attackers, and at times can tell where the hackers are and even who they may be. However, it's nearly impossible to prosecute hackers in China due to the lack of any form of agreement between the two countries. Even if it was possible to provide definitive proof of where the attacks came from, it's very unlikely that China would act upon it – not surprisingly given that at least some of these groups are believed to have financial backing from the country's government or military.
China is cited as the leading origin of attacks relating to sensitive or confidential property, while Eastern Europe and Russia are responsible for most fraud pertaining to credit card and financial information theft.
Retired Marine General and former vice chairman of the Joint Chiefs of Staff, James Cartwright, said the industry already felt it was at war. He is a recognized cyber security expert advocating for increased U.S. efforts to hold China and other countries accountable for the cyber attacks that come from within their borders. According to Cartwright, the U.S. "needs to say, if you come after me, I'm going to find you, I'm going to do something about it. It will be proportional, but I'm going to do something."
The recently revealed zero-day vulnerability in Adobe Reader is an excellent example of software flaws being exploited against U.S. military. The vulnerability was used to attack Lockheed Martin via the remote installation of a Trojan dubbed "Sykipot". Symantec's inspection of said Trojan revealed that it contained error messages in Chinese, leading them to believe the attacks could have originated from that country. Furthermore the security firm found evidence that the attacks have lasted at least two years and perhaps as far back as 2006, adding weight to the theory that the attacks are part of a well-funded and motivated effort.