Digital forensics and cyber incident resolution technology vendor, AccessData, has commented on the US Department of Justice’s historic indictment of five officials from the Chinese People’s Liberation Army, on charges of cyber espionage and stealing US corporate intellectual property.
Lucas Zaichkowsky, Enterprise Defence Architect at AccessData has commented in his blog: “The unfolding of these major charges signals a new era of highly public, government-versus-government allegations.”
“Last year Mandiant released a report focusing on the same Chinese People’s Liberation Army (PLA) unit. It’s important to understand that Unit 61398 is just one of a few dozen Chinese Advanced Persistent Threat (APT) state sponsored hacking groups. A few highly advanced hacking groups are assigned to breach organizations with bleeding edge defensive capabilities. These advanced groups invest immense effort evading security teams by using different backdoors and hacking tools each time they’re deployed to a system. Even their command and control (C2) infrastructure is rarely reused. To make matters worse, they implement anti-forensic techniques to make it difficult for security teams and incident responders to successfully remediate.”
Zaichkowsky also comments on the implications for compliance with mandatory disclosure of serious data breaches, proposed within the EU General Data Protection Regulation.
“Without laws that require disclosure of espionage activity, only the occasional victimized organization will voluntarily come forward, as we saw in the Aurora incident.”
In 2010, Google announced that it had been targeted by a sophisticated cyber espionage operation, which had stolen intellectual property. Following this disclosure, Rackspace, Adobe and Juniper Systems also revealed that they had been attacked by the same operation, which was linked to hackers in China. McAfee dubbed the attacks, ‘Operation Aurora’ after investigating the malware employed.
BBC, 20th May 2014, “China denounces US cyber-theft charges” http://www.bbc.co.uk/news/world-us-canada-27477601
Infosec Insight: Lucas Zaichkowsky blog: “Insight into the US charges of Chinese cyberattacks,” http://www.infosecinsight.com/author/lzaichkowsky
Mandiant: “APT1: Exposing one of China’s cyber espionage units.” http://intelreport.mandiant.com/
EU GDPR: 12th March 2014, “Progress on EU data protection reform now irreversible following European Parliament vote”. http://europa.eu/rapid/press-release_MEMO-14-186_en.htm
Wikipedia: entry on Operation Aurora, a cyber attack on Google’s intellectual property discovered in 2010, which was linked to the Chinese People’s Liberation Army and investigated by McAfee. http://en.wikipedia.org/wiki/Operation_Aurora
Computer Weekly: Security Think Tank: What should UK businesses do to prepare for EU GDPR?
Computer Weekly: Essential Guide: “What the EU General Data Protection Regulation mean to you.” http://www.computerweekly.com/guides/Essential-guide-What-the-EU-Data-Protection-Regulation-changes-mean-to-you