HACKING

As West sees Russia as cyber predator, Chinese hackers view it as prey

Cases of Chinese hacking of Russian industries including defence, nuclear, and aviation rose almost threefold to 194 in the first seven months of this year from 72 in the whole of 2015

PUBLISHED : Saturday, 27 August, 2016, 1:03am
UPDATED : Saturday, 27 August, 2016, 1:03am

While the West sees Russia as a cyber predator, hackers in the East increasingly view it as prey, according to online security company Kaspersky Lab, which says there’s been a sharp spike in attacks from China.

Cases of Chinese hacking of Russian industries including defence, nuclear, and aviation rose almost threefold to 194 in the first seven months of this year from 72 in the whole of 2015, according to Alexander Gostev, the Moscow-based company’s chief security expert. Proofpoint, a California-based cybersecurity company, also reported an increase in Chinese attacks on Russia.

The hacking is going on “despite the officially promoted friendship between Russia and China and accords on cyber security, cooperation and non-aggression” between the two governments, Gostev said in an interview. “I don’t see them working.”

The Chinese track record of cybersecurity cooperation shows that Beijing isn’t always keen on implementing agreements fully
Oleg Demidov, cybersecurity expert

President Vladimir Putin is seeking to boost economic and military ties with China, which he calls Russia’s “strategic partner,” amid tensions with the US and Europe over the conflict in Ukraine. He and Chinese President Xi Jinping (習近平) signed more than 30 cooperation deals including in energy, transport infrastructure and rocket production at a summit in Beijing in June, where Xi said he wanted the two countries to be “friends forever”.

Russia’s President Putin hails ‘all-embracing’ bilateral partnership with China with nations due to sign more than 30 trade deals

Computer hacking allegations have strained relations with the US after the FBI was said to have high confidence that Russian intelligence was behind attacks on Democratic Party groups that led to the release of stolen emails just before Hillary Clinton’s nomination last month for the presidential elections. Russia’s denied any involvement. Republican contender Donald Trump urged Russia to find “30,000 emails that are missing” from a private server Clinton used as secretary of state, though he later said he was being sarcastic.

Activity against Russia increased after Xi and US President Barack Obama signed an agreement promising not to engage in economic cyberespionage in September last year, Gostev said. Computer security company FireEye Inc said in a June report that attacks against the US from known Chinese hacking groups with a connection to state interests have fallen substantially over the past year.

It looks increasingly likely that the NSA has been hacked, as experts scrutinise leaked code

Russia and China signed an information-security agreement pledging not to attack each other in May last year. “The Chinese track record of cybersecurity cooperation shows that Beijing isn’t always keen on implementing agreements fully,” Oleg Demidov, cybersecurity expert at Moscow’s PIR Centre, a think tank on global security issues, said by email. This is particularly true when the agreements concern China’s “strategic and military interests,” he said.

The state-run Cyber Administration of China didn’t respond to a fax seeking comment on hacking attacks. China has repeatedly accused the US of making groundless accusations of state involvement in hacking.

Russia’s Kaspersky Labs signs deal with China Cyber Security Company as Beijing and Moscow call for end to US domination of internet

Chinese malware used against Russia includes more than 50 families of trojan viruses that attacked 35 companies and institutions this year, Kaspersky estimated. Among them were seven military enterprises specialising in missiles, radar and naval technology, five government ministries, four aviation businesses and two companies involved in the nuclear industry, Gostev said.

Almost every entity in Russia’s defence industry has been attacked recently by Chinese groups
Alexander Gostev, Kaspersky Lab

“Almost every entity in Russia’s defence industry has been attacked recently by Chinese groups” and “clearly” lost information, he said.

He declined to name specific bodies that were attacked, citing Kaspersky’s client confidentiality policy. The number of attacks on organisations is likely much higher than reported, since only 10 percent of Kaspersky’s corporate clients exchange data on hacking with its security network, he said.

The Russian Defence Ministry and the Federal Security Service (FSB) are formulating measures against NetTraveler, a trojan linked to China, that is being used to spy on weapons manufacturers and threatens national security, SC Magazine reported in June, citing Defence Ministry sources that it didn’t identify.

Hacking tools stolen from NSA show Chinese cyberfirms were targeted, experts say

State-run tank manufacturer, Uralvagonzavod, and Russian Helicopters were among entities attacked, according to the magazine. Neither the companies nor the FSB responded to emailed questions seeking comment. Putin’s aide on information security, Andrei Krutskikh, also didn’t reply to emailed questions.

While it isn’t possible to attribute hacking definitively to Chinese authorities, attacks are most likely either sponsored or approved by state bodies and in some cases are conducted by military hackers, Gostev said. They focus on cyberespionage, not financial hacking, he said.

“They work like a vacuum cleaner, downloading everything without distinction,” Gostev said. “Then somebody analyses the stolen data. Probably hundreds of people are needed to process these volumes.”