recommended reading

Investigators: Chinese Government is Behind 96 Percent of Cyberspy Ops

Andy Wong/AP

Hackers connected to the Chinese regime were responsible for more than 95 percent of cyber espionage cases last year worldwide, according to government authorities and private investigators.

An annual breach report compiled by Verizon traced the operations using known hallmarks of Chinese government interference as well as subpoenaed classified intelligence, company officials said.

"In those instances where we see the data is being used, the data was taken to give an advantage to a local business" in China, said Dave Ostertag, a global investigations manager with Verizon. China does not appear to be plumbing networks for a planned attack on electric grids or other industrial control systems, he said. Some victims in this year’s report do manage such operations, but intruders were probing separate administrative networks, not turning traffic lights green citywide or wreaking other havoc.

The 2012 study, scheduled for release today, breaks down 620 data breaches documented by various organizations such as the U.S. Secret Service and European Cyber Crime Center. Verizon also includes cases where victims hired their own investigative services.

"Ninety-six percent of espionage cases were attributed to threat actors in China and the remaining 4 percent were unknown,” the report states.

In some instances, Verizon obtained insights into hacker affiliations after filing court orders, Ostertag said. The details released as a result confirmed, for example, whether an implicated network address was actually in China and was communicating with a Chinese government network address. Mostly, though, malicious activity left behind telltale signatures already known to computer forensic firms such as Mandiant and Symantec.

The U.S. government is ratcheting up pressure on China, which it calls the world’s most persistent perpetrator of economic espionage, to stop snooping. The White House in February released a strategy threatening intellectual property thieves with diplomatic actions and prosecutions, days after Mandiant published evidence of the Chinese military hacking 141 organizations in English-speaking countries.

But Verizon officials concede other, more active threat groups might be maneuvering more covertly. China consistently denies cyberspying and argues its systems are penetrated too. 

Nearly all nation state-affiliated operations tricked personnel into divulging credentials by pretending to have a social connection to the target. "Over 95 percent of all attacks employed phishing” -- contacting victims through email or social media while feigning familiarity -- “as a means of establishing a foothold in their intended victims’ systems,” the report finds.

In general, attackers cracked accounts by somehow obtaining valid credentials. With spies, bank robbers and hacker activists, "authentication-based attacks factored into about four of every five breaches involving hacking," the report states. 

Of the exploits studied, 92 struck government agencies in various countries. The somewhat brighter finding here is that federal departments were better at password management than commercial victims, Verizon officials said.

"They have password complexity policies that are far more stringent than private sector organizations," where employees often rely on entry codes such as "password," Ostertag said. Also plaguing industry: “Poor password-change programs that allow the passwords to work for longer than they should,” he said.

The 2012 review focused more on cyberspies and China than last year’s study, which dissected the rise of hacktivists. Verizon’s own caseload contained more espionage incidents than ever before, officials said.

As in past years, contributing investigators stripped all records of information that could identify victims. Verizon recruited a record 19 participants, including, for the first time, the U.S. Cyber Emergency Response Team and the U.S. National Cybersecurity and Communications Integration Center. 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.