Chinese cybercrime dragon is eating its own tail
There’s an interesting article that has just been published in the MIT Technology Report that gels with our findings here at IT Security Thing; namely that when it comes to Chinese cybercrime, China gets as good as it gives.
The report by Michael Standaert states that attacks on Chinese companies are rising sharply and “Chinese hackers are launching more internal attacks through local file-sharing sites and games used mainly within the country.”
Quoting from a PricewaterhouseCoopers survey, Standaert says that companies in China and Hong Kong have seen an average of 1,245 attacks each during 2015. That compares with just 241 the previous year.
Some might claim that there is a certain irony that Chinese companies, and individuals, are on the receiving end of such attacks considering how much of the same is dished out by criminal organisations and state-sponsored actors.
However, this would be missing the point; which is that cybercrime is cybercrime is cybercrime. If you get poked in the eye it matters not one jot to you where the attacker is standing or who has given them the pointy stick, you just want it to stop and then go get your eye fixed.
I have touched upon this whole area of moving away from attribution and towards prevention in an academic paper co-authored with Ian Trump from LogicNow called ‘Mitigating Cybercrime Through Meaningful Measurement Methodologies’ if you are interested.
Or you could read the IT Security Thing analysis of how the media reporting is symptomatic of a general security malaise instead.
That said, when a nation state operates as closely with criminal organisations to achieve political goals as China is thought to do in the cyber sector then it should not be surprising that the trade-off comes by way of a culture of condoned criminality.
That China has signed an accord with the United States to crack down on certain aspects of cybercrime between the two nations changes nothing. Not least as drawing the line between what is a criminal endeavour and what is a state-sponsored one is often impossible to do.
When it comes to Unit 61398 of the People’s Liberation Army (PLA) 3rd Department what we do know, or at least what is commonly agreed to be the case, is that it was behind the OPM breach for example. That was likely a straight intelligence grab for data that could be useful in espionage activity.
Groups such as Deep Panda are a bit more blurred around the edges. Thought to have carried out the Anthem breach, and thought to have government sponsorship, Deep Panda appears to have gone for valuable (as far as the business of building healthcare systems goes) data whose value is hard to determine outside of a state-interest framework.
I’ve said before, and no doubt will say it again, that China views hacking and cybercrime as a shortcut to innovation. If by stealing intellectual property you drive your downward spiralling economy forward, then it doesn’t seem too risky a business to be in.
Until, of course, that culture of stealing to ‘improve’ your society becomes a culture of stealing for personal gain. That China is experiencing such a rise in cybercrime attacks, and that these appear to be internal rather than externally launched, suggests that the dragon is eating its own tail.