For the last three months or so, the U.S. government and some of its defence contractors have engaged in a war of shame on China to pressure it to cool its cyber-attacks on U.S. targets. The campaign appeared to be yielding results, but it seems that Chinese hackers were only catching their breath.
The notorious Unit 61398, also known as the “Comment Crew” – an elite cyber unit linked by U.S. security firms to the China’s People’s Liberation Army (PLA) – has renewed its raids on U.S. entities using different techniques, the New York Times reported Sunday.
Cyber security firm Mandiant told the Times that the attacks had been renewed, but would not identify the targets – although it did acknowledge that many of them were the same ones assaulted earlier by the Chinese cyber unit.
Mandiant did not respond to a request for comment for this story.
Background
Mandiant released a report in February that kicked off the shame campaign against China. In it, it tied Unit 61398 to cyber-attacks on 141 companies – 87 percent of them have headquarters in English-speaking countries and against companies that work in 20 industries considered strategic by China.
Immediately following the report’s release, China repudiated the document, maintaining it was based on flawed evidence.
Nevertheless, the attacks began to abate after the report’s release, and the hackers removed their spy tools from the organisations they had infiltrated, according to Mandiant.
Over the past two months, however, Mandiant found an uptick in infiltration activity aimed at the same companies but originating from different servers.
Activity now is about 60 to 70 percent of what it was before the hiatus began in February, Mandiant estimated.
Not a good strategy?
The shame campaign was a dubious strategy, asserted Jeffrey Carr, CEO of Taia Global and author of Inside Cyber Warfare: Mapping the Cyber Underworld.
“It’s a terrible idea,” he told PCWorld.
Shame, as a diplomatic tool, doesn’t seem to work however it is used. “We’ve tried to use it to shame North Korea into behaving itself and obviously that hasn’t worked,” Richard Stiennon, chief research analyst at IT-Harvest, told PCWorld.
Carr said that the U.S. government needs to cooperate and collaborate with China to pursue criminal groups engaging in intellectual property theft.
“You’re not going to stop a government from engaging in espionage, so that should just be off the table,” he said.
What might work
By collaborating with China to attack groups operating within its border or commandeering its computers from outside its borders for criminal espionage activity, much data theft could be stopped, Carr said.
“The New York Times and Mandiant have collaborated on this theory that Comment Crew is part of the PLA,” Carr added. “Mandiant has never established that. It just made the claim that it is.”
Another way to counter cyber threats from China is to make it more expensive for the hackers to get the information they want, added Stiennon.
“Right now it’s very inexpensive to engage in these cyber-attacks,” he said.
“Mandiant’s report slowed them down, forced them to retrench, pull their tools out, and reengage,” he continued. “They spent a lot of man hours because of that report.”
“That reaction was expensive for the attackers,” he added.