Chinese government still sponsoring cyber-espionage, says FireEye COO

Chinese government still sponsoring cyber-espionage, says FireEye COO

China is "a nation-state sponsoring intrusions into businesses in the US"

A year ago, Mandiant, since acquired by FireEye, issued a long report called "APT1" that accused China's People's Liberation Army of launching cyber-espionage attacks against 141 companies in 20 industries through a group known as "PLA Unit 61398" operating mainly from Shanghai.

In his keynote address at the RSA Conference, FireEye senior vice-president and chief operating officer, Kevin Mandia, provided an update on what happened after the report was published. "How did the Chinese government respond?" Mandia said. "We were hoping we'd see behavioural change."

The report provided in-depth evidence in technical detail about the cyber-attacks, Mandia said. The Chinese government, though, issued a carefully worded statement rejecting the findings.

"We did alter their behavior," Mandia said. The Chinese never again used the same attack infrastructure. And there was an overall "temporary hiatus" but that has again ramped up. China is "a nation-state sponsoring intrusions into businesses in the US," he said.

+ ALSO ON NETWORK WORLD Background: new report says cyberspying linked to China's military | Hot, new products at RSA +

While the "APT1" report is generally given credence in the US, it's worth noting that Chinese networking giant Huawei does not. "We just don't find the report to be credible at all," said a Huawei representative at the RSA conference this week.

While the US and China had been on track last year to discuss the prickly cyber-spying issue, those talks largely dissolved publicly when former NSA contractor, Edward Snowden, started feeding secret documents to the media that showed the US involved in mass surveillance on a global scale.

The US government claims to not conduct cyber-espionage for purposes of stealing trade secrets from foreign companies to share with American competitors. But foreigners who now believe their every move on the Internet is being tracked by the NSA aren't buying it.

The TrustyCon Conference held its first-ever event yesterday right across the street from the event sponsored by RSA, the security division of EMC. TrustyCon (the "Trustworthy Technology Conference") was organised by the Electronic Frontier Foundation and others in the past month after some speakers scheduled to appear at the RSA Conference angrily backed out after evidence came to light that RSA years ago had included a crypto algorithm in its crypto toolkit that most of the industry now believes to be an NSA backdoor.

This is viewed as a betrayal of trust, and TrustyCon was quickly devised as an alternative to the RSA Conference where speakers would discuss topics such as NSA mass surveillance. The TrustyCon event yesterday raised $20,000 for EFF, which said it would use the money to pursue efforts to fight NSA mass surveillance.

Chief research officer at F-Secure, Mikko Hypponen, delivered an eloquent presentation on the government surveillance topic at TrustyCon, more or less the one he would have delivered at the RSA Conference if he hadn't dropped out in protest.

Hypponen, whose company F-Secure is based in Finland, said the day has come when it's not only cyber-criminals writing malware but governments as well.

U.S. influence extends not only from its significant military might, where there's funding for cyberespionage and cyber weapons, but also from its market dominance in Internet-based services coming from the likes of American-based giants such as Google, Microsoft and Facebook, Hypponen said.

But fears that the U.S. is abusing its power to conduct Internet-based surveillance is leading to a backlash in Europe and South America, where anger over new stories about the NSA has other countries trying to come up with alternatives to anything connected to the U.S., Hypponen warned.

There are even questions as to whether U.S.-based anti-malware companies are shielding government-made malware, or would agree to not scan for it, Hypponen said. He pointed to how a Netherlands-based digital rights group called Bits of Freedom recently asked anti-malware vendors from across the world to publicly state whether they cooperate with any government-created malware effort by not scanning for government-created malware.

Hypponen said based on his tracking of this issue with Bits of Freedom, so far Symantec and McAfee haven't responded, though Microsoft responded by saying it didn't cooperate with any government to deliberately not scan government-made malware.

On the other hand, Hypponen said one good thing that seems to be happening is that one of the most well-known examples of what's believed to be government-created malware, Stuxnet, that was used in 2010 against Iranian nuclear facilities, is not known to have led to a copycat.

"We were really worried there would be copycats," said Hypponen. "I am glad we were wrong."

Today, security companies themselves are targets of attacks to steal information and compromise products -- perhaps not only from cyber-criminals out for financial gain but also governments that see security vendors as a backdoor path to cyberespionage.

RSA finally confronted the NSA backdoor scandal publicly this week when executive chairman Art Coviello used his keynote address to say RSA had been exploited by the NSA, which he said abused its position of trust. It was a stunning declaration that in some sense represents a turning point for the U.S. high-tech industry.

But for Hypponen, who lives in Finland and keenly feels his "foreigner" status making him and all other "foreigners" a target for NSA mass surveillance, there's clearly a feeling of ambivalence about whether RSA is really wiping the slate clean.

"They should have known better," says Hypponen, saying the world is left trying to decide whether RSA is guilty of collusion with the NSA over this backdoor or just "incompetence" in not realizing what was really happening.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:

Read more about wide area network in Network World's Wide Area Network section.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securitylegalFireEyersa 2014Mandiantcybercrime



Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments