BUSINESS SPECTATOR
Can the US stop Chinese hackers?
Josh Chin
24 Sep, 1:34 PM
Wall Street Journal
Technology Security
Is there anything the US can do to stop Chinese hackers from getting into sensitive computer networks? The short answer, according to former Federal Bureau of Investigation cyber sleuth Austin Berglas, is not really.
It’s a question that looms large over Washington D.C. as it prepares to welcome Chinese President Xi Jinping for a state visit. Mr. Xi rolls into town just a few months after Chinese hackers were fingered as the main suspects in the worst-ever publicized breach of U.S. government computer systems: the cybertheft of personal information on at least 21 million government employees and contractors from the Office of Personnel Management.
As head of the cyber branch in the FBI’s New York office, Mr Berglas spent years tracking and battling intrusions by state-sponsored hackers into strategic U.S. networks. He recently jumped to the private sector, taking up a position as senior managing director with cyber defense firm K2 Intelligence. With new insight emerging into the Chinese military’s role in hacking, China Real Time’s Josh Chin recently sat down with Mr. Berglas to discuss how Chinese hackers work and whether a recent U.S.threat of sanctions is likely to slow them down.
Josh Chin: In the wake of the OPM hack, where does China sit in the rankings of hacking countries?
Austin Berglas: From a technical sophistication standpoint, it’s Russia first, then China. There’s a saying that if you come home from vacation and your front door is unlocked and your couch cushions are askew and the lamp is tilted a little and you go into your bedroom and find your jewelry’s gone, the Chinese were there. If you come home from vacation, your door’s locked and nothing’s moved and you go into your bedroom and your safe is still locked but you open it and your jewelry’s stolen, the Russians were there. I believe China is more pervasive because they’re not as concerned about getting caught. They’re looking to gain any economic, political or social advantage — that’s their aim.
More from Josh Chin
21 Sep Apple China apps hacked
JC: What are the most common vulnerabilities you see in Chinese attacks?
AB: It’s almost always human error. These nation-states probably have very sophisticated tools in the arsenals, but they don’t need to use them, because all it takes is sending a carefully crafted spearphish email to somebody, having them open it up and now you’ve just defeated a company that has spent half a billion dollars on cybersecurity. They’ve hopped over your hardened network and now they’re on the inside. They’re looking to get a foothold in the network then expand and elevate their privileges. That’s where the name APT — advanced persistent threat — comes from. That’s what they do.
JC: Recently you have all these supposedly secure companies — NASDAQ, JP Morgan Kaspersky, RSA, Ashley Madison — being hacked. Is there such a thing as a company or organization these days that can guarantee data security?
AB: I don’t believe so. Because of the human factor. You’re always going to get someone in that organization who’s going to be vulnerable to spear phishing. But there are many ways to be proactive, and to reduce the time between when a network is compromised and the organization recognizes it and fixes it.
JC: The White House has said it is considering sanctions against Chinese companies that benefit from cybertheft of U.S. trade secrets. Is there anything you’ve seen in the past that suggests whether sanctions will work?
AB: No, I haven’t. From my experience within the FBI, the United States government tried this before with the indictments of the military hackers. They didn’t skip a beat. It was big in the press for a little while, and then they moved on. And now a year later, you have possible responsibility for the OPM hack. With something like sanctions, if you have an entity that is always in denial, saying “it’s not us” over and over again, I think it’s very difficult to achieve the desired effects — unless it’s something very significant. We’ll see.
JC: Can you say more about what you saw after the indictments of the five Chinese military officers? Was there any drop off in hacking at all after that?
AB: Not necessarily a drop-off. It’s like this: If you know there are robbers coming into your house, and you finally figure out they’re coming through your front door, you set up cameras to figure out who they are. But if you also harden your front door to keep them out, they’ll have to find another way, which means you’re going to be blind to the new vector of attack. Maybe they now come in through a side window. When you name and shame these guys, you run the risk of them completely changing their tactics and then all the work you’ve done to identify them and monitor them, you’ve got to find them again and identify their new procedures.
JC: What about the argument that naming and shaming Chinese hackers is good because it might help cut down on the overwhelming volume of attacks?
AB: A lot of Chinese attacks have been really non-sophisticated. When you have the ability to grab all this data without using your A-game and using all your tools, there’s not a lot of sweat equity involved. They’re not giving up their secret sauce. So yes, if you can get an organization or a country like China, which is basically just picking us off at will, to tighten their shot group a little bit, it might reduce the amount of intellectual property that’s being stolen on a daily basis.
JC: What would you tell U.S. companies about the implications of this heightened tension with China over cybersecurity? What happens to them if sanctions are imposed?
AB: I would say it doesn’t change anything. If I’m an organization and my firewall and my network are being scanned and attacked millions of times a day, the best practices are the same. In the short run, it’s not initially about attribution — it’s not about who’s attacking — it’s about protecting the crown jewels inside your network. That’s first and foremost.
JC: It used to be considered almost impossible to attribute attacks with much certainty. How sure can we be sure that Chinese hackers are responsible for this rash of recent attacks?
AB: I wouldn’t say it’s an exact science. But there’s a level of confidence you can reach based on a number of factors. One is the indicators of compromise — the IP addresses and domains that are used to attack an organization. The other is the tactics, techniques and procedures they use. If we know that a Russian group or a Chinese group uses certain tactics and we see that they’re using infrastructure that has been used in recent attacks — you put those two pieces together and your level of confidence towards attribution goes a little higher. As the U.S. intelligence community and its partners gain more coverage of the infrastructure used by the actors and a better understanding of the actor’s TTPs, the ability to make attribution increases.
Wall Street Journal
***
Chân thành cám ơn Quý Anh Chị ghé thăm "conbenho Nguyễn Hoài Trang Blog".
Xin được lắng nghe ý kiến chia sẻ của Quý Anh Chị trực tiếp tại Diễn Đàn Paltalk: 1Latdo Tapdoan Vietgian CSVN Phanquoc Bannuoc .
Kính chúc Sức Khỏe Quý Anh Chị .
conbenho
Tiểu Muội quantu
Nguyễn Hoài Trang
25092015
___________
Cộng sản Việt Nam là TỘI ÁC
Bao che, dung dưỡng TỘI ÁC là ĐỒNG LÕA với TỘI ÁC
Thursday, September 24, 2015
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment