Friday, January 18, 2008

Details on Chinese Attacks against U.S. Systems

SCMagazine has provided some details on recent attacks of U.S. computer systems believed to have originated in China. While these attacks are often attributed to the Chinese government or the People's Liberation Army, very few details have emerged to support these claims as most data concerning the intrusions is classified.

"[SANS Institute Director of Research Allan ] Paller said that empirical evidence analyzed by researchers leaves little doubt that the Chinese government has mounted a non-stop, well-financed attack to breach key national security and industry databases, adding that it is likely that this effort is making use of personnel provided by China's People's Liberation Army.

The “smoking guns” pointing to a government-directed effort are keystroke logs of the attacks, which have been devoid of errors usually found in amateur hack attacks, the use of spear phishing to gain entry into computer networks, and the massively repetitive nature of the assault, the SANS research director said.

“This is not amateur hacking. They are going back to the same places 100 times a day, every day. This kind of an effort requires a massive amount of money and resources,” Paller told"

China has penetrated key U.S. databases: SANS director

No comments: