recommended reading

Investigators: Chinese Government is Behind 96 Percent of Cyberspy Ops

Andy Wong/AP

Hackers connected to the Chinese regime were responsible for more than 95 percent of cyber espionage cases last year worldwide, according to government authorities and private investigators.

An annual breach report compiled by Verizon traced the operations using known hallmarks of Chinese government interference as well as subpoenaed classified intelligence, company officials said.

"In those instances where we see the data is being used, the data was taken to give an advantage to a local business" in China, said Dave Ostertag, a global investigations manager with Verizon. China does not appear to be plumbing networks for a planned attack on electric grids or other industrial control systems, he said. Some victims in this year’s report do manage such operations, but intruders were probing separate administrative networks, not turning traffic lights green citywide or wreaking other havoc.

The 2012 study, scheduled for release today, breaks down 620 data breaches documented by various organizations such as the U.S. Secret Service and European Cyber Crime Center. Verizon also includes cases where victims hired their own investigative services.

"Ninety-six percent of espionage cases were attributed to threat actors in China and the remaining 4 percent were unknown,” the report states.

In some instances, Verizon obtained insights into hacker affiliations after filing court orders, Ostertag said. The details released as a result confirmed, for example, whether an implicated network address was actually in China and was communicating with a Chinese government network address. Mostly, though, malicious activity left behind telltale signatures already known to computer forensic firms such as Mandiant and Symantec.

The U.S. government is ratcheting up pressure on China, which it calls the world’s most persistent perpetrator of economic espionage, to stop snooping. The White House in February released a strategy threatening intellectual property thieves with diplomatic actions and prosecutions, days after Mandiant published evidence of the Chinese military hacking 141 organizations in English-speaking countries.

But Verizon officials concede other, more active threat groups might be maneuvering more covertly. China consistently denies cyberspying and argues its systems are penetrated too. 

Nearly all nation state-affiliated operations tricked personnel into divulging credentials by pretending to have a social connection to the target. "Over 95 percent of all attacks employed phishing” -- contacting victims through email or social media while feigning familiarity -- “as a means of establishing a foothold in their intended victims’ systems,” the report finds.

In general, attackers cracked accounts by somehow obtaining valid credentials. With spies, bank robbers and hacker activists, "authentication-based attacks factored into about four of every five breaches involving hacking," the report states. 

Of the exploits studied, 92 struck government agencies in various countries. The somewhat brighter finding here is that federal departments were better at password management than commercial victims, Verizon officials said.

"They have password complexity policies that are far more stringent than private sector organizations," where employees often rely on entry codes such as "password," Ostertag said. Also plaguing industry: “Poor password-change programs that allow the passwords to work for longer than they should,” he said.

The 2012 review focused more on cyberspies and China than last year’s study, which dissected the rise of hacktivists. Verizon’s own caseload contained more espionage incidents than ever before, officials said.

As in past years, contributing investigators stripped all records of information that could identify victims. Verizon recruited a record 19 participants, including, for the first time, the U.S. Cyber Emergency Response Team and the U.S. National Cybersecurity and Communications Integration Center. 

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.