US cybersecurity firm claims to be 'first' to successfully stop Chinese hackers mid-attack
A US cybersecurity firm has said it successfully stopped a Chinese hacking team mid-operation, the first time this has been done.
In a new report, Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, described how his team was able to obstruct and disrupt a hacking attempt on an unnamed US technology company, eventually forcing the "China-based" hacking team, nicknamed Hurricane Panda, to give up.
"Most companies tend to think of intrusions as discrete and infrequent events," Alperovitch said.
"The narrative often goes like this: a company gets breached, the intrusion gets detected, an incident response team is brought in to investigate and remediate and, finally, the customers and the public are assured the intrusion is over and the company is now secure."
He argued that an alternative approach, "to raise the cost to the adversaries to such an extent that you can deter them from executing future campaigns", could be more effective.
According to Alperovitch, the CrowdStrike team had been dealing with Hurricane Panda since 2013, having witnessed the group carry out attacks on telecommunications and technology companies.
By working to slow down the attackers while they were still in the server, CrowdStrike was able to identify the exploit the group was using, which was based on a "0 day" vulnerability in Windows, and report it to Microsoft, who quickly issued a patch.
"0 day" threats are security holes unknown to software manufacturers and anti-virus programs and therefore generally unprotected against. Because of the effectiveness of such hacks, and their one-time use (as exploiting a vulnerability quickly brings the software maker's attention), they can be very valuable and are traded on online grey markets.
"After even the 0-day did not help them to achieve their objective, [Hurricane Panda] finally abandoned their efforts to regain access to the customer network," Alperovitch said.
He said that this success should offer a new security model for firms facing cyberattacks, by deploying a counter-insurgency type team against the hackers they may be able to fight them off, though he warned that for some high-profile targets, their opponents, "especially the nation-state types", may not be willing to retreat.
In a report released this week, security firm FireEye said that Chinese hackers have been spying on governments and businesses in Southeast Asia and India since at least 2005.
"Such a sustained, planned development effort coupled with the [hacking] group's regional targets and mission, lead us to believe that this activity is state-sponsored - most likely the Chinese government," the report said.
In May 2014, the US justice department indicted five Chinese military officers on charges of hacking into American companies to steal trade secrets, leading to outrage from the Chinese government and media. One state-run newspaper dubbed the US a "mincing rascal" over the charges.
China has consistently denied involvement in hacking, saying it too has been a victim of hacking attacks.
China is not Washington's only problem. Last week the White House revealed that Russian hackers had been able to break into its computer system, though a spokesman said the intrusion was limited to unclassified files.