Russia More Prey Than Predator to Cyber Firm Wary of Chinaby
Chinese hacking attacks nearly tripled in 2016, Kaspersky says
Defense bodies hit, company security chief says in interview
While the West sees Russia as a cyber predator, hackers in the East increasingly view it as prey, according to online security company Kaspersky Lab, which says there’s been a sharp spike in attacks from China.
Cases of Chinese hacking of Russian industries including defense, nuclear, and aviation rose almost threefold to 194 in the first seven months of this year from 72 in the whole of 2015, according to Alexander Gostev, the Moscow-based company’s chief security expert. Proofpoint, a California-based cyber security company, also reported an increase in Chinese attacks on Russia.
The hacking is going on “despite the officially promoted friendship between Russia and China and accords on cyber security, cooperation and non-aggression” between the two governments, Gostev said in an interview. “I don’t see them working.”
President Vladimir Putin is seeking to boost economic and military ties with China, which he calls Russia’s “strategic partner,” amid tensions with the U.S. and Europe over the conflict in Ukraine. He and Chinese President Xi Jinping signed more than 30 cooperation deals including in energy, transport infrastructure and rocket production at a summit in Beijing in June, where Xi said he wanted the two countries to be “friends forever.”
Computer hacking allegations have strained relations with the U.S. after the FBI was said to have high confidence that Russian intelligence was behind attacks on Democratic Party groups that led to the release of stolen e-mails just before Hillary Clinton’s nomination last month for the presidential elections. Russia’s denied any involvement. Republican contender Donald Trump urged Russia to find “30,000 e-mails that are missing” from a private server Clinton used as secretary of state, though he later said he was being sarcastic.
Activity against Russia increased after Xi and U.S. President Barack Obama signed an agreement promising not to engage in economic cyber espionage in September last year, Gostev said. Computer security company FireEye Inc. said in a June report that attacks against the U.S. from known Chinese hacking groups with a connection to state interests have fallen substantially over the past year.
Russia and China signed an information-security agreement pledging not to attack each other in May last year. “The Chinese track record of cybersecurity cooperation shows that Beijing isn’t always keen on implementing agreements fully,” Oleg Demidov, cybersecurity expert at Moscow’s PIR Center, a think tank on global security issues, said by e-mail. This is particularly true when the agreements concern China’s “strategic and military interests,” he said.
The state-run Cyber Administration of China didn’t respond to a fax seeking comment on hacking attacks. China has repeatedly accused the U.S. of making groundless accusations of state involvement in hacking.
Chinese malware used against Russia includes more than 50 families of trojan viruses that attacked 35 companies and institutions this year, Kaspersky estimated. Among them were seven military enterprises specializing in missiles, radar and naval technology, five government ministries, four aviation businesses and two companies involved in the nuclear industry, Gostev said.
“Almost every entity in Russia’s defense industry has been attacked recently by Chinese groups” and “clearly” lost information, he said.
He declined to name specific bodies that were attacked, citing Kaspersky’s client confidentiality policy. The number of attacks on organizations is likely much higher than reported, since only 10 percent of Kaspersky’s corporate clients exchange data on hacking with its security network, he said.
The Russian Defense Ministry and the Federal Security Service (FSB) are formulating measures against NetTraveler, a trojan linked to China, that is being used to spy on weapons manufacturers and threatens national security, SC Magazine reported in June, citing Defense Ministry sources that it didn’t identify.
State-run tank manufacturer, Uralvagonzavod, and Russian Helicopters were among entities attacked, according to the magazine. Neither the companies nor the FSB responded to e-mailed questions seeking comment. Putin’s aide on information security, Andrei Krutskikh, also didn’t reply to e-mailed questions.
China allowed international technology companies including Microsoft Corp., Intel Corp., Cisco Systems Inc. and International Business Machines Corp. to join a government cybersecurity committee named “Technical Committee 260” this year, the Wall Street Journal reported Friday, citing people familiar with the issue that it didn’t identify. The committee is responsible for defining cybersecurity standards and members can take an active part in drafting China’s rules, it said.
While it isn’t possible to attribute hacking definitively to Chinese authorities, attacks are most likely either sponsored or approved by state bodies and in some cases are conducted by military hackers, Gostev said. They focus on cyber espionage, not financial hacking, he said.
“They work like a vacuum cleaner, downloading everything without distinction,” Gostev said. “Then somebody analyzes the stolen data. Probably hundreds of people are needed to process these volumes.”