Why I Oppose the Twelve Chinese Hacker Groups Claim

Wednesday, December 21, 2011

Jeffrey Carr

296634767383f056e82787fcb3b94864

The claim that I'm referring to was reported by Associated Press to a variety of news outlets and essentially stated that "as few as 12 different Chinese groups, largely backed or directed by the government there, do the bulk of the China-based cyberattacks stealing critical data from U.S. companies and government agencies, according to U.S. cybersecurity analysts and experts."

My view is that this claim is utter nonsense. Here's why:

ONE. It's self-serving. The cybersecurity analysts and experts quoted in the article from Mandiant and Dell SecureWorks have:

  • 1) a vested interest in painting China as the bad guy since the bulk of their marketing is APT-centric (APT being a code word for China) and
  • 2) SecureWorks has a less than stellar track record in analysis (Stuxnet and Duqu 2011) and attribution (Kyrgyrzstan 2009) - they've made highly questionable claims in both cases.

TWO. The 12 hacker groups have not been named which prevents independent analysis being performed by individuals who don't have a vested interest in the outcome.

THREE. There's been no proven reliable way to assign attribution. Digital DNA is a marketing ploy, not a fact.

FOUR. It conflicts with our own research on State and non-State actors involved in cyber espionage.

FIVE. It conflicts with our confidential work in incident response and protection for Taia Global clients including members of the Defense Industrial Base.

SIX. It lacks rigor. For example, I highly doubt that either Mandiant or Dell SecureWorks applied negative analysis to their findings before making their claims (i.e., looked for reasons why their findings could be wrong - a standard analytic technique).

The companies behind this claim should make their case publicly and present their evidence for peer review or not make it at all.

This type of sensationalist reporting, besides trolling for government contracts, feeds anti-China paranoia while minimizing the role of many other State actors engaging in the same activity as China.

Senators and Congressmen unfortunately don't have enough knowledge about cybersecurity to discern truth from fiction, so what starts off as highly questionable analysis soon becomes terrible U.S. government policies; especially when it is advocating for permission for civilian U.S. companies to counterattack a specific nation's network.

There has never been a worse idea in the history of bad ideas than that one.

Cross-posted from JeffreyCarr.com 

Possibly Related Articles:
15998
Network->General
Information Security
China Government Cyberwar Cyber Security Stuxnet National Security hackers DUQU
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.