Chinese Rules of Engagement for Network Warfare and the “Tallinn Manual on Cyberwar & International Law”
US Officials: #chinese military has slashed corporate #Hacking | TheHill
By Cory Bennett
The Chinese military significantly reduced its cyber theft of American corporate secrets following the Justice Department’s May 2014 indictment of five Chinese officers, U.S. officials told The Washington Post.
And the People’s Liberation Army (PLA) has not returned to its previous level of commercial espionage since then, said several current and former U.S. officials.
“The big picture is that from 2014 on, the administration pursued a much more direct and coercive approach with China, and it has produced results over time,” Evan Medeiros, a former senior director for Asia affairs on the National Security Council, told The Post.
The report comes a day before top U.S. and Chinese officials begin several days of talks that aim to flesh out a September deal between the two countries to eradicate corporate hacking.
“For a period of time following the indictments, there was a very significant decrease” by the PLA, an unnamed U.S. official told The Post. “And today we are definitely not at the level that we were before the indictments.”
The narrative cuts against some recent reports that China’s civilian spy agency, the Ministry of State Security (MSS), has not reduced its commercial espionage efforts in the wake of the September agreement, which was struck during Chinese President Xi Jinping’s state visit to Washington, D.C. in September.
But it’s also possible that China has transitioned some of its digital theft from the PLA to the MSS, which can better hide its digital tracks.
The MSS is believed to be behind some of the more major U.S. breaches over the past year, including the intrusions at health insurer Anthem and the Office of Personnel Management (OPM), in which over 20 million federal workers had their sensitive data stolen.
But those hacks were likely part of China’s ongoing digital espionage campaign to gather detailed information on U.S. government workers, not an attempt to steal intellectual property.
Cyber espionage was not part of the September agreement between the two global powers.
A U.S. official told The Post that this week’s meetings will be a good opportunity to discuss China’s ongoing commitment to its September deal, but that it will take time to determine whether the Asian power is fully complying.
“As we move forward, we will continue to monitor China’s cyber activities closely and press China to abide by all of its commitments,” the senior administration official said. “We have been clear with the Chinese government that we are watching to ensure their words are matched by actions.”
Read Original article at: The Hill
Chinese hackers have expanded their attacks to parking malware on popular file-sharing services including Dropbox and Google Drive to lure unsuspecting cyber-victims into downloading infected files and revealing compromising sensitive information. These Chinese hackers are also using more sophisticated cyber espionage tactics, focusing their cyber-spying on specific targets via targeted ‘white lists’ infect only specific visitors, named as high value targets, luring them unwittingly to compromised websites.
Chinese hackers are using the following sophisticated techniques, technology and protocols (TTPs) to successfully execute their cyber espionage campaigns:
- Using noted Mandarin Chinese or Modern Russian hacking TTPs that are specifically charectreristic of both Chinese & Russian based hackers;
- China’s Ministry of Public Security (MPS) is noting an increase in unauthorized access cases throughout Greater China;
- Western media file sharing services such as Dropbox and Google Drive are being manipulated for launching successful hacker attack campaigns.
Surveillance and information extfiltration techniques are typically used only by sophisticated hackers from China and Russia who have been given specific cyber targeting packages for cyber-exploitation.
The level of hacking is a sign, they say, of how important China views Hong Kong, where 79 days of protests late last year brought parts of the territory, a major regional financial hub, to a standstill. The scale of the protests raised concerns in Beijing about political unrest on China’s periphery.
“We’re the most co-ordinated opposition group on Chinese soil, (and) have a reasonable assumption that Beijing is behind the hacking,” said Lam Cheuk-ting, chief executive of Hong Kong’s Democratic Party, which says it has been a victim of cyber attacks on its website and some members’ email accounts.
U.S.-based Internet security company FireEye said the attacks via Dropbox were aimed at “precisely those whose networks Beijing would seek to monitor”, and could provide China with advance warning of protests and information on pro-democracy leaders. The company said half its customers in Hong Kong and Taiwan were attacked by government and professional hackers in the first half of this year – two and a half times the global average.
China’s Ministry of Foreign Affairs, Public Security Bureau and the Liaison Office of the Central People’s Government in the Hong Kong Special Administrative Region did not respond to requests for comment. The Defence Ministry said the issue was not part of its remit. China has previously denied accusations of hacking, calling them groundless, and saying it is a victim.
The Hong Kong police said its Cyber Security and Technology Crime Bureau works with other law enforcement agencies to combat cross-border crime, but did not respond to questions on how much information it shares with mainland Chinese authorities, the origin of the Hong Kong cyber attacks, or whether these might be a source of instability or concern.
Police data show a drop in reported “unauthorised access”, which includes Internet or email account abuse and hacking, over the past two years. Many of the victims Reuters spoke to said they hadn’t bothered to report being hacked.
Like other groups taking on the might of Beijing – from Uighurs and exiled Tibetans to some Taiwanese – Hong Kong activists, academics and journalists have become more savvy and adopted tactics that, in turn, force hackers to get savvier still.
When Tibetan exile groups stopped clicking on files attached to emails, to avoid falling victim to a common form of ‘spear phishing’ attack, hackers switched their malware to Google Drive, hoping victims would think these files were safer, said Citizen Lab, a Canada-based research organisation which works with Tibetans and other NGOs.
Hackers also recently used Dropbox to lure Chinese language journalists in Hong Kong into downloading infected files. FireEye, which discovered the attack, said it was the first time it had seen this approach.
“We don’t have any arrogance to think we can beat them,” said Mark Simon, senior executive at the parent company of Hong Kong’s Apple Daily, a media group on the front line of the attacks.
Trying to stay ahead of the hackers, activists and others use multiple mobile phones with different SIM chips, encrypted messaging apps, apps that automatically delete tweets, and code words to set up meetings. If someone thinks they may be arrested, they remove themselves from group chats.
Some things are kept offline.
“If we want to talk, we have some signal,” said Derek Lam, a member of student group Scholarism that helped organise the protests. “It’s a few words … if I say some words that are really strange it means we have to talk somewhere privately.”
Law professor and protest organizer Benny Tai stores personal data, such as names, email addresses and mobile numbers, on an external hard drive that he says he only accesses on a computer without an Internet connection.
The pro-democracy Apple Daily, which says it is hacked on an almost weekly basis, has tightened its email security software, and has its lawyers use couriers rather than email. FireEye last year connected denial of service (DDoS) attacks against Apple Daily with more professional cyber spying attacks, saying there may be a “common quartermaster”. It said China’s government would be the entity most interested in these “political objectives”.
Steven Adair, co-founder of U.S.-based security firm Volexity, said that code hidden on pro-democracy websites last year, including those of the Democratic Party and the Alliance for True Democracy, suggested a group he said “we strongly suspect to be Chinese… who is very well resourced.”
He said such tactics were more usually seen employed by Russian hackers, aimed at very specific targets and designed to be as unobtrusive as possible. “It’s a real evolution in targeting,” he said.
In the run-up to Hong Kong district council elections earlier this month, hackers used more basic techniques, breaking into at least 20 Gmail accounts at the Democratic Party, according to party officials and Google logs seen by Reuters.
Between April and June, many hacked accounts were forwarding emails to firstname.lastname@example.org. An examination of the hackers’ IP addresses by the party’s IT experts found some appeared to originate in China, party officials said.
(Reporting by Clare Baldwin and James Pomfret in HONG KONG and Jeremy Wagstaff in SINGAPORE, with additional reporting by Teenie Ho in HONG KONG and Michael Martina and Ben Blanchard in BEIJING; Editing by Ian Geoghegan)
Read more at Reuters