About 12 different Chinese groups largely directed by the government there, do the bulk of the China based cyber attacks stealing critical data from U.S. companies and government agencies, according to U.S. cyber security analysts and experts. US online security companies are suggesting that it should have the right to force them to stop "by any means possible".
Sketched out by analysts who have worked with U.S. companies and the government on computer intrusions, the details illuminate recent claims by American intelligence officials about the escalating cyber threat emanating from China. And the widening expanse of targets, coupled with the expensive and sensitive technologies they are losing, is putting increased pressure on the U.S. to take a much harder stand against the communist giant.
The report states that many of the attacks carry tell-tale signatures of particular hacking groups being tracked by intelligence and cybersecurity teams in the U.S., contrary to many expert opinions which indicate that accurate attribution is nearly impossible if the attackers are savvy enough.
James Cartwright, a former vice chairman of the Joint Chiefs of Staff who advocates for increasing measures to hold China and other nation-states responsible for intrusion operations, said that "industry is already feeling that they are at war."
"Right now we have the worst of worlds. If you want to attack me you can do it all you want, because I can't do anything about it. It's risk free, and you're willing to take almost any risk to come after me," said Cartwright.
Cartwright believes the U.S. should be aggressive in their response to attacks that originate overseas, in essence establishing that "if you come after me [the U.S.], I'm going to find you, I'm going to do something about it. It will be proportional, but I'm going to do something... and if you're hiding in a third country, I'm going to tell that country you're there, if they don't stop you from doing it, I'm going to come and get you."
The government "needs to do more to increase the risk," said Jon Ramsey, head of the counter threat unit at the Atlanta-based Dell SecureWorks, a computer security consulting company. "In the private sector we're always on defense. We can't do something about it, but someone has to. There is no deterrent not to attack the U.S."
According to experts, the malicious software or high-tech tools used by the Chinese haven't gotten much more sophisticated in recent years. But the threat is persistent, often burying malware deep in computer networks so it can be used again and again over the course of several months or even years.The tools include malware that can record keystrokes, steal and decrypt passwords, and copy and compress data so it can be transferred back to the attacker's computer. The malware can then delete itself or disappear until needed again.
For the first time, U.S. intelligence officials called out China and Russia last month, saying they are systematically stealing American high-tech data for their own economic gain. The unusually forceful public report seemed to signal a new, more vocal U.S. government campaign against the cyberattacks.