How many times over the past year have we either had to point the finger at China on charges of cyber-espionage, or been in the position of saying, well, we don't know that China is responsible, but it kind of looks like it?
Robert McGarvey has covered the case for us, reporting on Advanced Persistent Threats which appear to have gained prolonged access to intellectual property and other confidential information. He wrote:
Do all the attacks originate in China? Right now, say the experts, the digital fingerprints appear to be Chinese, but there is recognition that capable cyberspies (perhaps in Russia, South Korea, Israel, or France, to name nations often cited) are well able to generate false trails.
Even so, it looks like the Chinese have been doing more snooping; the target, revealed just yesterday, the US Chamber of Commerce.
According to the WSJ, the breach was discovered and covertly blocked last year. It's clear, however, that what we are seeing once again is evidence of a persistent attack. The exploit against the Chamber did not consist of a quick hit and data theft but seems to have involved continuous access and review of records for more than a year.
The circumstances in which the exploit was uncovered remain murky, as does the evidence against China. Indeed, the embassy was quick to deny involvement:
The allegation that the attack against the Chamber originated in China "lacks proof and evidence and is irresponsible," adding that the hacking issue shouldn't be "politicized."
Not caught red-handed, then, and one begins to wonder whether "politics" constrains law enforcement action in a case like this.
Adding to the list of things we don't know, it's not clear what information was taken and why, although there was reportedly a focus on the emails of officials engaged in Asian policy. As ever, we can lay awake worrying about the possibilities, such as the ammunition of phishing (or "whaling") attacks on member companies which might have been siphoned from the Chamber's records.
Where does this leave US enterprise and institutions, except at the mercy of foreign agents, whether Chinese or not; whether state-sponsored or not? If a threat can lurk on a network for a year or more without being discovered, we should perhaps look again at McAfee's report on Operation Shady Rat released earlier this year, and its conclusion:
This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don't have anything valuable or interesting worth stealing.
— Kim Davis , Community Editor, Internet Evolution