Experts cast doubts on Chinese hacking scare

Attacks may appear to come from developing nations, but attacks are only coming from an IP address, with no real idea what is behind that IP, says security expert

Security experts are voicing their doubts about suggestions that China tried to hack New Zealand government IT systems, saying it is technically very difficult to identify the point of origin of such attacks.

Peter Benson, chief executive of Auckland-based consultancy Security-assessment.com, says he is not convinced, and is more concerned about attacks against the New Zealand economy than the government.

Benson says attacks may appear to come from developing nations, but this could be because technology is being deployed there at a great rate, with security being installed as an afterthought.

“We have seen this in previous years, with attacks coming from Korea and other countries, and it appears [to be] directly related to the notion that the bad guys from anywhere are using the ‘easy ingress’ (developing nations) points from which to stage attacks,” he told Computerworld last week.

“Whether these attacks are actually being driven by foreign governments would need a lot more proof for me to be convinced at this stage. Otherwise, as far as I am concerned, the attack is only coming from an IP address, with no real idea what is either behind that IP, or whether that IP is just a staging point.”

New Zealand’s Security Intelligence Service director, Warren Tucker, in a rare media conference earlier this month, alleged that attacks from overseas, apparently from China, had succeeded in penetrating NZ government agency systems and copying information.

China has denied the claims, which echo similar allegations coming out of the United States and from other governments.

Benson says there has been a lot of fear, uncertainty and doubt over information warfare over the years. He says you can take nothing at face value on the internet.

“I have seen hackers go through six or seven servers, across multiple countries, to get to their destination. So who is hacking who? How reliable is the information as to the actual source attack?” he asks.

“These days, there are so many anonymising servers, and [there is] the ability to spoof or encrypt traffic from the real source, that tracking down the actual source of attacks is both problematic and sometimes impossible.”

He adds that identifying whether an attack is state-sponsored or otherwise adds further complexity to the problem.

Symantec’s security research leader, Vincent Weafer, doubts there is a specific rise in hacking attacks on the government.

Rather, attackers “go after any organisation active online” and, in recent years, this has included a growing number of government agencies.

The biggest drawback to such a penetration is that many companies can’t identify what’s been stolen, as their protection is dedicated to detecting and preventing intrusion, rather than the illicit export of data, says Weafer.

There is evidence that a growing number of attacks are now targeted at specific installations that have potentially lucrative information to harvest, rather than making a broad sweep of the internet looking for vulnerable sites, as most hackers used to do, he says. But there is no persuasive evidence that government sites are being targeted in particular, much less that any such attacks are coming from overseas governments.

This view is echoed by Benson.

“I am more interested and worried about attacks against our economy, infrastructure-level attacks, or attacks against intellectual property (industrial espionage), than attacks against the New Zealand Government,” he says.

“The vast majority of attacks that we see are not related to foreign governments, but are commercially driven.”

Computerworld called Security Intelligence Service director Warren Tucker for comment, but was referred to the Government Communications Security Bureau. GCSB did not respond by press-time.

Join the newsletter!

Error: Please check your email address.

Tags hackingChinahackattacksChineseSecurity IDsecurity-assessment.comforeignbenson

Show Comments
[]