China denies new FBI hacking claims

It's been another week of claims and counterclaims as the US and Chinese governments accuse each other of deviant cyber security practices.

China denies new FBI hacking claims
China denies new FBI hacking claims

Back in May, the US' Federal Bureau of Investigation (FBI) team made history when it publicly charged five alleged members of the Chinese People's Liberation (PLA – otherwise known as Unit 61398) with 31 counts of computer hacking, theft of trade secrets and related offences against US firms Westinghouse, SolarWind, the US Steel Corp, Allegheny Technologies, Alcoa and the US Steelworkers' Union.

This action drew a furious response from a Chinese government which in turn accused the US of deceit and double standards (it temporarily halted the activity of the Sino-US Internet Working Group), and hinted that the charges could harm relations between the two countries.

That relationship is likely to be more strained now that the FBI is warning US companies that China-affiliated hackers are heavily targeting domestic makers of microchips, computer networking equipment and data storage services in order to steal company secrets.

In a warning sent out to companies last Wednesday, the FBI said that “these state-sponsored hackers are exceedingly stealthy and agile” and use customised malicious code that is often undetected by security researchers and law enforcement agencies.

But in a statement later published on the Chinese Foreign Ministry website, China's top diplomat reportedly told US secretary of state John Kerry that resuming cooperation with the Americans would now be difficult because of the accusations.

"Due to mistaken US practices, it is difficult at this juncture to resume Sino-US cyber-security dialogue and cooperation," Yang Jiechi, a state councillor overseeing foreign affairs, was quoted as to saying to Kerry in Boston on Sunday.

He added that “China firmly opposes and cracks down on all forms of hacker attacks”.

NSA whistleblower Edward Snowden has added to the ruckus by claiming his former employer hacked into official network infrastructure at universities in China and Hong Kong.

Responding to the news, FireEye's director of security strategy Jason Steer told SCMagazineUK.com said that surveillance is now widespread across all governments – making privacy much more important than ever before.

“All governments participate in using the internet for surveillance and data collection today - some more aggressively than others. Personal privacy has never been more important,” he said via email.

Steer added that it's unclear if the US is any worse at espionage in light of Snowden's claims but – pointing to Germany's alleged use of the Finfisher spyware tool – said that they are not the only country expanding their surveillance programmes. However,  he said that attribution is very difficult in cyber-space.

“Some groups have taken the cyber-capability much further and certain countries provide an environment and legal framework to enable this as long as it's possible to deflect. Even when it's almost impossible to direct (eg the APT1 report) it's dismissed under the claim of a botnet.”

Steer said that the main reason for the US and China governments taking their spat public is for political leverage.

“The governments will no doubt be using this, I imagine, as negotiating tactics on both sides for other trade concessions. At the end of the day they both need each other for importing and exporting of goods and services to provide jobs and incomes.”

Page 1 of 2