News of the uncovering of the “biggest-ever” series of cyber attacks by McAfee seems to be spreading through the media like wildfire. In thisWashington Post article, it is reported:
A leading computer security firm has used logs produced by a single server to trace the hacking of more than 70 corporations and government organizations over many months, and experts familiar with the analysis say the snooping probably originated in China.
Among the targets were the Hong Kong and New York offices of the Associated Press, where unsuspecting reporters working on China issues clicked on infected links in e-mail, the experts said.
McAfee said hundreds of other servers have been used by the same adversary, which the company did not identify.
But James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said “the most likely candidate is China.” The target list’s emphasis on Taiwan and on Olympic organizations in the run-up to the Beijing Games in 2008 “points to China” as the perpetrator, he said. “This isn’t the first we’ve seen. This has been going on from China since at least 1998.”
Another computer expert with knowledge of the study, who spoke on the condition of anonymity out of reluctance to blame China publicly, said the intrusions appear to have originated in China.
Google’s disclosure early last year that hackers in China had broken into its networks and stolen valuable source code was a watershed moment: A major U.S. company volunteered that it had been hacked. Google also said that more than 20 other large companies were similarly targeted.
One measure of pain came recently when EMC Corp. disclosed that it had taken a $66 million charge to cover remediation costs associated with a March intrusion of its RSA division. That intrusion, which industry experts say appeared to have originated in China, resulted in the compromise of RSA’s SecurID computer tokens that companies and governments worldwide use to log on remotely to workplace systems.
Since the original McAfee report is not publicly released [actually, it has since been released, as DeWang noted in comment #4], it is difficult for us to assess what is going on. (Only Reuters appears to have had access to the report.) But it looks like what we have is yet another wildfire of reports based on speculation and conjectures.
McAfee apparently did believe a “state actor” may be involved but did not have enough to point at any state. But the press ran with the story anyways, indicting China based on the speculation of one cyber expert at the Center for Strategic and International Studies. According to this expert, based on who might have most to gain from targets, the assailants was probably the Chinese – or maybe Russians.
Are we reliving a James Bond movie during the Cold War or what? Just when have Chinese and Russian interests so overlap that their targets of cyber attacks might be confused for each other? And why must the bad guys always be the Russians or the Chinese?
Given the timing of the report to coincide with the upcoming black hat conference in Las Vegas, I can understand why McAfee might want to make some noise about this major attack. But why must the press twist it into a political indictment on China, reporting based on speculations current and past.
In an ever more connected world, Cyber attack is a problem for everyone (China included). The U.S. is the top source of cyber attacks in the world – originating some 2.7 times as many attacks as from China – according to this 2008 study. Yet we don’t attribute such attacks to the U.S. – but to bad apples. If there is proof that the Chinese gov’t is behind attacks – let’s have the evidence (or let the diplomats deal with them diplomatically). Otherwise, such speculating and smearing should stop.