q******g 发帖数: 3858 | 1 http://www.guardian.co.uk/technology/2011/aug/03/china-cyber-ha
Dozens of countries, companies and organisations, ranging from the US
government to the UN and the Olympic movement, have had their computers
systematically hacked over the past five years by one country, according to
a report by a leading US internet security company.
The report, by McAfee, did not openly blame any country but hinted strongly
that China was the most likely culprit, a view endorsed by analysts.
China has previouslybeen implicated in a range of alleged incidents of
cyberspying – a practice Beijing vehemently denies – including a concerted
attack on Google and several attempts to prise secrets from computers at
the Foreign Office. But the McAfee report is among the most thorough
attempts yet to map the scale and range of such data-theft efforts.
The study traced the spread of one particular spying malware, usually spread
by a "phishing" email which, if opened, downloaded a hidden programme on to
the computer network. Through tracing this malware and also gaining access
to a "command and control" computer server used by the intruders, McAfee
identified 72 compromised companies and organisations. Many more had been
hacked but could not be identified from the logs.
"After painstaking analysis of the logs, even we were surprised by the
enormous diversity of the victim organisations and were taken aback by the
audacity of the perpetrators," said Dmitri Alperovitch, the company's head
of threat research and the author of the report.
Of the hacking victims 49 were US-based, among them various arms of federal,
state and local government, as well as defence contractors and other
industries. There were two targets in the UK, a defence company and a
computer security firm, while other governments included those of Taiwan,
South Korea, and India.
Also found on the logs were records from the United Nations, the
International Olympic Committee and two national Olympic committees – one
of which was accessed by the hackers for more than two years continuously.
McAfee was at pains not to identify the suspected culprit. However, it did
little to disguise its suspicions, noting that the targeting of the Olympic
groups, and the sport's anti-doping agency, immediately before and after the
2008 Beijing Games was "particularly intriguing" and pointed to a country
being to blame.
China has been accused in the past. After Google came under a so-called "
advanced persistent attack" in 2009 which it said originated in China, the
US secretary of state, Hillary Clinton, asked Beijing for an explanation.
This year William Hague said a "hostile state intelligence agency" –
identified by UK sources as China – had penetrated the Foreign Office's
internal communications system.
While a high proportion of media attention on cybersecurity focuses on the
loss of personal data, such as the recent security breaches at Sony, and the
activities of hacking collectives such as LulzSec, analysts say this is
often minor when compared with the methodical, industrial-scale attempts to
seize commercial and state secrets, presumed to be carried out by many
countries, chief among them China. Alperovitch said state-orchestrated
hacking was so endemic and ambitious it could reshape the workings of the
global economy.
"What we have witnessed over the past five to six years has been nothing
short of a historically unprecedented transfer of wealth," he said. If only
a fraction of the stolen data was used to gain commercial or technological
advantage "the loss represents a massive economic threat not just to
individual companies and industries but to entire countries that face the
prospect of decreased economic growth in a suddenly more competitive
landscape and the loss of jobs in industries that lose out to unscrupulous
competitors in another part of the world".
Beyond even this, he added, were the national security implications of
stolen intelligence or defence files. Such was the endemic scale of this
problem, Alperovitch said, that he divided large corporations into two camps
He said: "This is a problem of massive scale that affects nearly every
industry and sector of the economies of numerous countries, and the only
organisations that are exempt from this threat are those that don't have
anything valuable or interesting worth stealing."
When Google accused China last year the ministry of industry and information
technology told the state news agency Xinhua: "Any accusation that the
Chinese government participated in cyber-attacks, either in an explicit or
indirect way, is groundless and aims to denigrate China. We are firmly
opposed to that."
No one was available for comment at the foreign ministry in Beijing. Chinese
officials have previously said that China has strict laws against hacking
and is itself one of the biggest victims.
Dave Clemente, a cybersecurity analyst from the Chatham House thinktank,
said it was likely China was also targeted by hackers acting on behalf of
other countries.
"It's going in both directions, but probably not to the same extent," he
said. "China has a real motivation to gain these types of industrial secrets
, to make that leapfrog. There's probably less motivation for the US to look
to China for industrial secrets or high technology. But certainly there's
things China has which they're interested in, maybe not for commercial
advantage but in a geopolitical sense."
Clemente said McAfee's characterisation of such hacking efforts as a
wholesale theft of intellectual property and secrets was "fairly reasonable"
incidents which build up to an overall picture."
The effects, however, were harder to quantify: "The blueprints are only part
of the picture. The technology for, say, how to build a sophisticated jet
engine is one thing, but there's a whole set of other processes – the
logistics, how to manage the supply chain to build more than one, the long-
term management of a really advanced manufacturing process."
While basic security or human errors often made hacking easier than it
should be, Clemente said, even the biggest organisations struggle to stop
sophisticated attacks: "There's not much even Google can do if China's
really determined to get inside its networks. It's not a fair fight in that
sense." | t*n 发帖数: 14458 | 2 俺们村的报纸都报了
天朝干脆挑个刺儿把卖咖啡赶出去吧
反正他们也很烂
to
strongly
concerted
【在 q******g 的大作中提到】 : http://www.guardian.co.uk/technology/2011/aug/03/china-cyber-ha : Dozens of countries, companies and organisations, ranging from the US : government to the UN and the Olympic movement, have had their computers : systematically hacked over the past five years by one country, according to : a report by a leading US internet security company. : The report, by McAfee, did not openly blame any country but hinted strongly : that China was the most likely culprit, a view endorsed by analysts. : China has previouslybeen implicated in a range of alleged incidents of : cyberspying – a practice Beijing vehemently denies – including a concerted : attack on Google and several attempts to prise secrets from computers at
| m******n 发帖数: 15691 | 3 麦咖啡不是已经被intel收购了嘛
at
【在 t*n 的大作中提到】 : 俺们村的报纸都报了 : 天朝干脆挑个刺儿把卖咖啡赶出去吧 : 反正他们也很烂 : : to : strongly : concerted
| x****u 发帖数: 12955 | 4 Lan Qiao technical school is a strategic national asset. | x******h 发帖数: 13678 | 5
lanxiang
【在 x****u 的大作中提到】 : Lan Qiao technical school is a strategic national asset.
|
|