Chinese hackers master art of lying low

State-sponsored cybercriminals use simple weapons to infiltrate U.S. networks, and then quietly steal data while remaining undetected.

China's remarkable success at infiltrating U.S. government, military and corporate networks in recent years shouldn't be seen as a sign that the country is gaining on the U.S. lead in cybertechnology expertise.

State-sponsored hacking groups in China are no more -- or less -- sophisticated than criminal and politically motivated cybercrime gangs elsewhere. The difference, experts say, is how the Chinese hackers target victims, their persistence and their ability to lie low and secretly maintain access to breached networks for long periods of time.

The U.S. Department of Defense earlier this month, in a departure from its usually thinly veiled innuendos, openly accused state-sponsored hacking groups in China of launching cyberattacks aimed at extracting information from the U.S. government, military and businesses.

Outside of the Pentagon, such allegations aren't new. Security experts and major corporations like Google and Microsoft have long maintained that hackers in China use cyberattacks to steal military, government and corporate secrets.

The Chinese government has denied that it coordinates hacking campaigns.

However, said Anup Ghosh, CEO and founder of security firm Invincea, "the acknowledgement by the Pentagon is a first step in publicly declaring the threat."

Though the tone of the government's report on Chinese cybercrime is ominous, the reality of cyber expertise in the country is more mundane, say security experts.

"It's not that the Chinese have some unbeatable way of breaking into a network," said John Pescatore, director of emerging security trends at the SANS Institute. "What is innovative is their targeting."

Pescatore said U.S. contractors and defense and high-tech companies that could be targets of Chinese espionage efforts should be less concerned about the origin of the attacks than about the need to shut down basic vulnerabilities and fix configuration errors in their corporate networks.

While China likely does have an arsenal of attack techniques and zero-day assault tools, it usually "uses the lowest level of tools and the easiest means to get in" to networks, said Dan McWhorter, managing director of threat intelligence at security firm Mandiant. If the Chinese hackers do come up against a sophisticated company, "they will up their game," he added.

Many of the hackers operating out of China have become adept at stealing legitimate corporate network credentials and then using them to log in as an employee, McWhorter said.

After they strike, the attackers are quick to erase all signs of a break-in, making it difficult for a company to even know that it was compromised. Therefore, the hackers are able to extract a lot of data without attracting suspicion, McWhorter said.

If a company does discover such a breach, IT managers must exercise great care not to tip off the hackers, he said.

Unlike the exploits of many European cybergangs, most of the malicious hacking activity originating in China focuses on industrial espionage and theft of trade secrets. McWhorter said Chinese hackers generally don't bother taking financial data and other personal information from individuals.

Jeremy Kirk of the IDG News Service contributed to this story.

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.

Read more about security in Computerworld's Security Topic Center.

Tags MicrosoftGoogleGovernment/IndustriesCybercrime and HackingU.S. Department of Defense

Show Comments