China hits back at US accusations of government-inspired cyber espionage

Yang Jiechi, speaking to the press during the National Peoples' Congress on Saturday, again denied that the Chinese military are involved, and called for international rules and cooperation on cyber espionage. “We oppose turning cyberspace into a new battlefield or using the internet as a new tool to interfere in the internal affairs of other nations”, he said. “There have been quite a few reports about hacker attacks recently and many of them picked on China. These articles may have crossed the eyes of many people but actually they are built on shaky ground.”

This was subsequently reinforced by cyber attack details released by the Chinese national CERT (CNCERT/CC). According to a report by Xinhua, the statistics are staggering: so far this year, 6747 servers use “botnets to control nearly 1.9 million mainframes in China, and 2,194 of these servers were located in the U.S., making it the largest point of origin of cyber attacks against China.”

From a total of 85 recorded website hacks on both commercial and government entities, the “attacks on 39 of those websites were recorded from IPs within the United States.” Furthermore, it added “that 96 percent of phishing sites targeting Chinese e-commerce users were running on foreign servers, with U.S.-based servers hosting 73.1 percent.”

The official view from China is that like Lear, it is more sinned against than sinning. This is despite the recent reports from Mandiant and Dell that have both accused China (with Mandiant specifying the Chinese military) of being behind the prolific Comment Crew APT hacking group. In reality, this war of words between the US and China may have as much to do with who will ultimately control the internet. China was a major player in last year’s abortive ITU attempt to wrest internet governance from the current model and place it in the hands of the UN – which would better enable a future internet based on its own SAVA-styled architecture. The US wants no change.

What’s hot on Infosecurity Magazine?