recommended reading

Investigators: Chinese Government is Behind 96 Percent of Cyberspy Ops

Andy Wong/AP

Hackers connected to the Chinese regime were responsible for more than 95 percent of cyber espionage cases last year worldwide, according to government authorities and private investigators.

An annual breach report compiled by Verizon traced the operations using known hallmarks of Chinese government interference as well as subpoenaed classified intelligence, company officials said.

"In those instances where we see the data is being used, the data was taken to give an advantage to a local business" in China, said Dave Ostertag, a global investigations manager with Verizon. China does not appear to be plumbing networks for a planned attack on electric grids or other industrial control systems, he said. Some victims in this year’s report do manage such operations, but intruders were probing separate administrative networks, not turning traffic lights green citywide or wreaking other havoc.

The 2012 study, scheduled for release today, breaks down 620 data breaches documented by various organizations such as the U.S. Secret Service and European Cyber Crime Center. Verizon also includes cases where victims hired their own investigative services.

"Ninety-six percent of espionage cases were attributed to threat actors in China and the remaining 4 percent were unknown,” the report states.

In some instances, Verizon obtained insights into hacker affiliations after filing court orders, Ostertag said. The details released as a result confirmed, for example, whether an implicated network address was actually in China and was communicating with a Chinese government network address. Mostly, though, malicious activity left behind telltale signatures already known to computer forensic firms such as Mandiant and Symantec.

The U.S. government is ratcheting up pressure on China, which it calls the world’s most persistent perpetrator of economic espionage, to stop snooping. The White House in February released a strategy threatening intellectual property thieves with diplomatic actions and prosecutions, days after Mandiant published evidence of the Chinese military hacking 141 organizations in English-speaking countries.

But Verizon officials concede other, more active threat groups might be maneuvering more covertly. China consistently denies cyberspying and argues its systems are penetrated too. 

Nearly all nation state-affiliated operations tricked personnel into divulging credentials by pretending to have a social connection to the target. "Over 95 percent of all attacks employed phishing” -- contacting victims through email or social media while feigning familiarity -- “as a means of establishing a foothold in their intended victims’ systems,” the report finds.

In general, attackers cracked accounts by somehow obtaining valid credentials. With spies, bank robbers and hacker activists, "authentication-based attacks factored into about four of every five breaches involving hacking," the report states. 

Of the exploits studied, 92 struck government agencies in various countries. The somewhat brighter finding here is that federal departments were better at password management than commercial victims, Verizon officials said.

"They have password complexity policies that are far more stringent than private sector organizations," where employees often rely on entry codes such as "password," Ostertag said. Also plaguing industry: “Poor password-change programs that allow the passwords to work for longer than they should,” he said.

The 2012 review focused more on cyberspies and China than last year’s study, which dissected the rise of hacktivists. Verizon’s own caseload contained more espionage incidents than ever before, officials said.

As in past years, contributing investigators stripped all records of information that could identify victims. Verizon recruited a record 19 participants, including, for the first time, the U.S. Cyber Emergency Response Team and the U.S. National Cybersecurity and Communications Integration Center. 

Threatwatch Alert

Stolen laptop

3.7M Hong Kong Voters' Personal Data Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.