Chinese cyber espionage - widespread, aggressive
Any company doing a large deal with a Chinese company has likely had its systems compromised, says Richard Bejtlich, Chief Security Officer at Mandiant.
Addressing the 8th annual ITWeb IT Security Summit, in Sandton, this morning, Bejtlich said cyber espionage is widespread and common in China. "Every time I read of a major deal pending with a Chinese company, I know we will be getting a call from the counter party soon, if we aren't already helping them," he said.
Mandiant, a global security incident response management firm, last year released a report outlining the activities of a key Chinese organisation, Unit 61398, formally known as the Second Bureau of the People's Liberation Army's General Staff Department's Third Department. The report revealed a seven-year history of digital espionage by Unit 61398 against at least 141 Western companies. Mandiant traced Chinese cyber spying back to a 12-storey office building outside Shanghai.
This is just one of many such groups, Bejtlich said. He said on the growth of cyber espionage: "Everybody spies, but it would be nice if the Chinese constrained their activities. They are amazing in terms of the volume and aggressiveness of their hacking."
Bejtlich addressed ITWeb Security Summit delegates on how to formulate an attack-focused security plan, noting: "Secure is a nebulous term." He said in an organisation with over a thousand PC users, "someone you don't want already has access to your network".
He added that nearly two-thirds of the time, organisations learnt they had been breached from an external source, and these breaches were detected on average eight months after they had happened. "Once you discover them, they already have access to all the information they need," he said.
Bejtlich said, depending on the circumstances, an organisation that has had its systems compromised might elect to contain the threat, or to watch it - finding all systems that have been affected and then taking a 'big bang remediation approach'.
The three-day ITWeb IT Security Summit entered its second day today, with up to 700 delegates, sponsors, exhibitors and international IT security experts focusing on the biggest IT-based security threats facing business. For more information, visit www.securitysummit.co.za.