Back in May, the US' Federal Bureau of Investigation (FBI) team made history when it publicly charged five alleged members of the Chinese People's Liberation (PLA – otherwise known as Unit 61398) with 31 counts of computer hacking, theft of trade secrets and related offences against US firms Westinghouse, SolarWind, the US Steel Corp, Allegheny Technologies, Alcoa and the US Steelworkers' Union.
This action drew a furious response from a Chinese government which in turn accused the US of deceit and double standards (it temporarily halted the activity of the Sino-US Internet Working Group), and hinted that the charges could harm relations between the two countries.
That relationship is likely to be more strained now that the FBI is warning US companies that China-affiliated hackers are heavily targeting domestic makers of microchips, computer networking equipment and data storage services in order to steal company secrets.
In a warning sent out to companies last Wednesday, the FBI said that “these state-sponsored hackers are exceedingly stealthy and agile” and use customised malicious code that is often undetected by security researchers and law enforcement agencies.
But in a statement later published on the Chinese Foreign Ministry website, China's top diplomat reportedly told US secretary of state John Kerry that resuming cooperation with the Americans would now be difficult because of the accusations.
"Due to mistaken US practices, it is difficult at this juncture to resume Sino-US cyber-security dialogue and cooperation," Yang Jiechi, a state councillor overseeing foreign affairs, was quoted as to saying to Kerry in Boston on Sunday.
He added that “China firmly opposes and cracks down on all forms of hacker attacks”.
NSA whistleblower Edward Snowden has added to the ruckus by claiming his former employer hacked into official network infrastructure at universities in China and Hong Kong.
Responding to the news, FireEye's director of security strategy Jason Steer told SCMagazineUK.com said that surveillance is now widespread across all governments – making privacy much more important than ever before.
“All governments participate in using the internet for surveillance and data collection today - some more aggressively than others. Personal privacy has never been more important,” he said via email.
Steer added that it's unclear if the US is any worse at espionage in light of Snowden's claims but – pointing to Germany's alleged use of the Finfisher spyware tool – said that they are not the only country expanding their surveillance programmes. However, he said that attribution is very difficult in cyber-space.
“Some groups have taken the cyber-capability much further and certain countries provide an environment and legal framework to enable this as long as it's possible to deflect. Even when it's almost impossible to direct (eg the APT1 report) it's dismissed under the claim of a botnet.”
Steer said that the main reason for the US and China governments taking their spat public is for political leverage.
“The governments will no doubt be using this, I imagine, as negotiating tactics on both sides for other trade concessions. At the end of the day they both need each other for importing and exporting of goods and services to provide jobs and incomes.”
David Lacey, a former CISO and current futurologist at IOActive, agreed that the real talks going on ‘behind the scenes'.
“To be honest, if one country is spying on another I expect that to be solved behind closed doors. [Public statements] are used for citizen spin or to pacify industry,” Lacy said when speaking to SC.
He continued that all countries engage in surveillance and espionage to ‘different levels' – with the US and China ‘very sophisticated' in this area – but said that lax legality ensures China is able to mine for intellectual property (IP) more than any other country.
Chris Boyd, malware intelligence analyst at Malwarebytes, said that the FBI is right to educate companies on the value of intellectual property – and the risks associated with it – but questioned the complexity of the attacks.
“As the number of corporate breach attempts continues to grow, it's right that the authorities try to educate people about the need to be cautious. There is a lot of value in company data, whether it is financial or IP-based,” Boyd told SC.
“The specifics on this one are a bit thin on the ground, so it remains to be seen how advanced the tactics used by these so-called state sponsored hackers are. However, in many cases of reported APT attacks, the entry point is typically a phish mail or an accident such as an intern retrieving and opening an infected file from the recycle bin, so awareness is vital.
“Many of these threats can be addressed by educating employees and focusing on spear-phishing, verification and ensuring elevated permissions are not available to all and sundry. Layered security is obviously a definite plus, but the initial point of call in the attack chain is often still the person in front of the PC."
In related news, a new report from web censorship watchdog Great Fire has claimed that authorities on carrying on Man-in-the-Middle (MiTM) attacks on Apple's iCloud service, to coincide with the launch of Apple's new iPhone in the country.
"This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc," reads the blog post. "Unlike the recent attack on Google, this attack is nationwide and coincides with the launch today in China of the newest iPhone."
As a result, local users of iCloud.com are directed to a dummy website which looks almost identical to Apple's log-in page. Those on the Firefox and Chrome browsers see a message highlighting the page is a duplicate, but that is not the case for those accessing the website via the local browser Qihoo.