Crouching Tiger, Hidden Dragon, Stolen Data
06 March 2012
Media reports show that targeted cyber attacks against government and commerce have been ongoing since at least 2003 and possibly some time before that. By far the largest sponsor of these attacks is the Chinese state. This is not a new problem; it is espionage with a different methodology.
These attacks are far from random or indiscriminate. They are designed to steal information that will fulfil a clear set of requirements set by the Chinese state and furnish them with political, commercial and security/intelligence information. These requirements are carefully and clearly identified, shared with a number of government departments and constantly updated. There is evidence of worldwide targeting but only a minority of attacks are identified and fewer still made public.
This is a structured program and the main protagonists in China are widely believed to be the Third Department of the People’s Liberation Army. Even using conservative estimates it is likely that the program employs thousands of military personnel. While the military program may be the most developed and sophisticated, it is likely that other parts of the Chinese state and even the private sector may also be carrying out similar attacks.
There are clues to the companies and types of data most at risk. In particular the Five Year Plan1 and the National Outline for Medium and Long Term S&T Development 2 give detail on the areas in which China intends to excel and identifies specific technology which the Chinese want to develop or otherwise acquire. Electronics, telecoms, manufacturing, extraction, energy, biotech, pharmaceuticals, aerospace, space and defence are sectors at the highest risk, alongside companies and services such as law and accountancy firms that support them and hold their data.
The likely recipients of stolen commercial data are the 117 Chinese State Owned Enterprises that dominate the economy. These companies are closely linked to the state and the Communist Party which has power over strategy, senior management and even wages. Companies with SOE competitors should be especially concerned about data security.
Two factors make western governments and companies more vulnerable to Chinese targeted cyber attacks. Firstly, there is reluctance for governments and companies to accuse China directly or take any form of action for fear of either being isolated politically or being blocked from a lucrative developing market. Secondly, a long term reliance on traditional security products such as anti-virus, coupled with a lack of education about the threat, leaves businesses vulnerable to attack and unprepared for any investigations that are required in the aftermath of a compromise.
Context has extensive experience of detecting and investigating targeted attacks and working with clients to help protect their data.