Exposing One of China's Cyber Espionage Units

tpatt100

Thought this would be an interesting read and I wanted to share it, my mentor let me know about a WGU security webinar this week with the Chief Security Officer of Mandiant:

Mandiant Intelligence Center Report | Mandiant®

Mandiant - Wikipedia, the free encyclopedia

The first link has the APT1 report and an appendix for the malware arsenal. I am still reading the APT1 report but I think it seems pretty good so far, I thought it would be a sales pitch but it seems to be written as an actual report and the publicity from it will be their sales pitch in the government sector I guess.

MrAgent

I just read this about 2 weeks ago. I had to read it as a part of my readings in one of my grad classes. Definitive proof of China's state backed programs. Its pretty crazy. The funny thing is, China still denies it.

the_Grinch

I'm not at all surprised they deny it, we do the same thing. Cyber espionage is just an extension of normal espionage. No one runs around saying they are spying here or there even when we all know it's happening. North Korea has a very large cyber espionage unit and you don't hear much about them. Russia as well has had a full blown cyber war, yet we mainly only hear about China. Everyones doing it, we just like to harp on the 800lbs gorilla in the room.

MrAgent

We all knew they were doing it, but not to this level. Its not just spying. They are stealing data from foreign companies, and giving it to their competitors. The US doesnt have a department which seeks to break into foreign companies/government networks to steal data... yet.

jibbajabba

MrAgent wrote: »

The US doesnt have a department which seeks to break into foreign companies/government networks to steal data... yet.

Says who

MrAgent

We may have small units that may or may not do that, but not on the scale that China has.

jch0411

Interesting view on the subject of Chinese cyber-spying and rhetoric in the media by Bruce Schneier: "China cyberwar rhetoric risks dangerous implications."

Bruce Schneier: China cyberwar rhetoric risks dangerous implications

veritas_libertas

MrAgent wrote: »

We all knew they were doing it, but not to this level. Its not just spying. They are stealing data from foreign companies, and giving it to their competitors. The US doesnt have a department which seeks to break into foreign companies/government networks to steal data... yet.

Then what do you call the Clandestine Services? We've been doing this kind of thing for years. Almost every country does. Spying by it's very nature involves collecting things you aren't suppose to have access to.

Cisco Inferno

Very scary stuff here.. Great read over a coffee and a bagel though. Oh and all the terms in the pdf is gonna be why I pass my Sec+ haha.

Asif Dasl

This reminds me of the Buran - the Russian space shuttle. I wonder how you got something like that! LOL

China is copying everything, they are releasing their own OS so they won't have to use Microsoft too.

tpatt100

Well in the US finding exploits and selling them to cyber weapon firms for government defense contracting corporations is becoming lucrative from what I read online before.

You don't tell the vendor about an exploit you sell it to the defense industry.

tpatt100

Asif Dasl wrote: »

This reminds me of the Buran - the Russian space shuttle. I wonder how you got something like that! LOL

China is copying everything, they are releasing their own OS so they won't have to use Microsoft too.

Yeah I read that the Chinese culture is very homogeneous so influences from different cultures primarily comes from trade agreements of "here make this". So generally they as in the culture lack inspiration for design and creativity. Something we take for granted here but we are exposed typically as a melting pot sometimes without realizing it.

I need to find the actual studies because I am stepping into stereotyping rather than explaining cultural differences

But yeah the Chinese government is involved with organizing the stealing of information for their economic advantage.

the_Grinch

Corporate espionage is a huge deal and you can bet money that US companies do it everyday. In the case of China, you are merely talking about a form of government with much stronger ties to their corporations. There the government can do those things for companies, here our government just contracts it out. This is honestly just another way to funnel contracting dollars as various wars wind down. As others have pointed out, not like it hasn't been going on for more then a decade.

paulgswanson

Even though its pretty obvious, that was still a really cool read. I know just enough Security stuff to get certified but that read was pretty fasciniating. I got through the whole thing already and I'm just WoWed at the detail. Its kinda scary though

Master Of Puppets

MrAgent wrote: »

We may have small units that may or may not do that, but not on the scale that China has.

+1

China really is taking it too far. I was thinking of mentioning this stuff a few weeks back but decided against it because I feared someone may interpret it the wrong way or cause some unwanted political discussion. I have been hearing a couple of popular jokes about how China only thinks about causing damage to the US for quite some time now

On a more serious note, I too believe everyone is doing this kind of spying but some countries are taking it a little over the line. I was wondering why the US is being so passive in the light of all the evidence.

Asif Dasl

Master Of Puppets wrote: »

On a more serious note, I too believe everyone is doing this kind of spying but some countries are taking it a little over the line. I was wondering why the US is being so passive in the light of all the evidence.

Nobody can do anything about it, because China is bigger than North America and Europe combined. Intellectual property means very little in China. Anything innovative is copied because generally US & European companies are still testing the waters in China. The Chinese government only allows you to work with them on their terms. By 2016 China will be the biggest single market. Get used to it.

ITMonkey

I spent my undergraduate and graduate years in Japan. This dialog reminds me of a outside-of-class discussion of the theft of China silk-making and gunpowder know-how by Westerners some 1200 years ago (if my recollection is correct).

When the powers-that-be in China finally realized the near monopoly power they had in both these industries, they imposed the death-sentence for anyone found to take the base material out of China. Of course, by then it was too late -- individuals had already left with the trade secrets (or in the case of silk, the plant that silkworms required to live).

For those who don't know much about history, the silk industry is considered to be the precursor for the industrial revolution (as well as slavery, for silk growing preceeded tobacco growing as an economic cornerstone). You all can guess the impact of gunpowder in the centuries that followed.

ptilsen

Asif Dasl wrote: »

Nobody can do anything about it, because China is bigger than North America and Europe combined.

That's kind of short-sighted. Imposing (or threatening) trade sanctions or retaliatory tariffs would quickly make China rethink its policies on intellectual property. China is far more reliant on US and European technology and employers than the US and Europe are on Chinese labor and goods. Something can definitely be done, and China's size doesn't really change that.

IP theft and cyber wars are a drag on the economy and risk starting a negative-sum economic war. The Chinese know that, and the right pressure would almost certainly lead to a positive response.

Master Of Puppets

ptilsen wrote: »

the right pressure would almost certainly lead to a positive response.

Pretty much where I was going, yes.

Asif Dasl

There was some movement after the fake Apple stores admitedly, but a friend of mine went to China recently and was basically toured around different grade warehouses of counterfeited items. A level 5 warehouse was high level counterfeit and a level 1 was a really crappy counterfeit. You name it, you could buy it.

But if China is just below the US now, think of what Chinese companies will do to US & European companies in 10, 20 years time. Huge changes. Don't forget China holds a lot of US debt, they hold a lot of power to combat the west. Europe nearly went cap in hand to China to resolve the Euro debt crisis too.

veritas_libertas

Actually they only own 1.4 trillion of the 17 trillion debt. A lot? Yes. The bulk? No. Japan owns a similar amount...

Asif Dasl

If they stop buying US debt, that's pretty much instant recession - I call that a lot of power. You can insert the bigger European countries in to the equation too. Japan has 200% debt to GDP at the moment - they have their own problems too...

ptilsen

Holding US debt does not put one in an advantageous position when it comes to economic war. They cannot do anything with that debt but collect interest on it. Said interest turns into negative economic value if there is a currency war. It turns into no value if there is an actual war. It's irrelevant in a trade war if monetary policies don't change. We don't need China to buy US debt.

Ultimately, it is in no one's best interests to engage in any kind of conflict, least of all China's. If the US puts its foot down on IP theft, China's best move is to at least half-heartedly comply. What they gain from cyber-war and IP theft is not nearly commensurate with what they have to lose by continuing to do so after a crackdown.

Asif Dasl

As has been pointed out to me by someone, China doesn't have a history of war (they usually had a hard enough time controlling their own people). Japan invaded China in WW2. The British owned Hong Kong. They have been on the other end of it most of the time not least from the Mongols. But that said, they are buying mines and commodities like crazy, doing deals in African mines for resources that Europe & the US also need. Add the debt they own and if they decide to own more of it - I think we have no idea what's coming down the line for us in the west. I'm not saying there will be war, but I think we will be bullied about a bit if we don't get our debts in check.

tpatt100

The big interest in China is due to business opportunities there. The Chinese economy saw great growth the past several years as jobs that were being outsourced there in manufacturing lead to economic reforms and pay greatly increased. I saw that Iron Man 3 filmed some difference scenes with Chinese actors to make it more culturally attractive to Chinese viewers. China is supposed to surpass theater ticket sales in the US by 2020 so it would be insane to ignore that opportunity.

China will get its own 'Iron Man 3' - latimes.com

Of course there was some "outrage" from the "USA USA" crowd but how many movies made overseas were remade to appeal to the US audience? So if China is experiencing growth it would be kinda stupid to not try and appeal to that country for profits.

Trying to get the Chinese government to respect intellectual property while looking for business opportunities is tricky politically.

tpatt100

You want to know why companies get compromised? I read this report and informed my group and some raised eyebrows and then they went back to doing what they were doing. I didn't even get a nibble of interest from one person who wanted to read it. It's like some people just have this aversion to getting excited about something work related lol.