Chinese hackers are reported to have attacked Western government
computer networks.
Sophos, a world leader in IT security and control, has reminded
businesses of the importance of properly securing their computer
systems following news stories that have claimed Chinese hackers
have targeted government networks in the United States, UK and
Germany.
The Financial Times has reported that the Chinese
military are being blamed for a cyberattack which targeted a
Pentagon computer system serving the office of US defense secretary
Robert Gates. Unnamed sources are said to have told the newspaper
that the People's Liberation Army (PLA) were blamed in an internal
investigation for perpetrating the attempted hack. Media reports in
The
Guardian claim that the British and German governments have
also been subject to similar probes by hackers working for the
PLA.
The Chinese foreign ministry has vigorously denied the claims,
and said it works hard to fight cybercrime. US President George W
Bush has said that he may
bring up the issue with the Chinese authorities, explaining that
America's relationship with the country was "complex".
Experts at SophosLabs™ warn
that all businesses and organisations, not just governments, need
to defend themselves from the threat of cybercrime.
"There simply isn't enough information for us to be able to
provide an opinion on whether these attacks were sponsored by the
Chinese military or not, but these reports do underline the
importance for everyone to make computer security a priority," said
Graham Cluley,
senior technology consultant for Sophos. "Internet hackers can hide
their tracks, hopping from computer to computer, and leapfrogging
around the world, making it very hard sometimes to determine
precisely who is behind an attack. There is no doubt, however, of
the importance of securing critical computers inside government
from hackers whether motivated by politics, espionage or
money."
Sophos does believe China to have an important part to play in
the global fight against cybercrime. Research reveals that country
presently accounts for
44.8% of the world's malware-infected webpages.
Top malware-hosting countries
| Position |
Last
month |
Country |
Percentage of reports |
| 1 |
1 |
China (inc. HK) |
|
| 2 |
2 |
United States |
|
| 3 |
3 |
Russia |
|
| 4 |
4 |
Ukraine |
|
| 5 |
8= |
Poland |
|
| 6 |
5 |
Germany |
|
| 7 |
Re-entry |
Netherlands |
|
| 8 |
Re-entry |
Italy |
|
| 9= |
8= |
Canada |
|
| 9= |
7 |
United Kingdom |
|
| Others |
7.8% |
"Although a worrying number of Chinese-based webpages are being
found containing malicious code designed to infect web surfers
worldwide, it does not necessarily mean that the criminals behind
these attacks are based in the country," continued Cluley.
"Cybercrime is a truly global problem and all businesses must
ensure they are properly protected."
Research conducted by Sophos* reveals that 45% of people polled
believe that China is likely to be responsible for the attacks,
with 36% saying it was impossible to say, and 19% believing it
could be someone else posing as the Chinese.
Two years ago Sophos reported how it had assisted the
UK government in analysing a series of Trojans designed to steal
confidential and sensitive information. Nearly 300 UK government
departments and businesses critical to the country's infrastructure
were the subject of Trojan horse attacks, many reportedly
originating in the Far East.
Sophos notes that US government systems have been hit before by
hackers based closer to home. For instance, last year Sophos
reported
how 21-year-old hacker Jeanson James Ancheta attacked PCs at the
Weapons Division of the US Naval Air Warfare Center in China Lake,
California and at the US Department of Defense. Ancheta was driven
to hack the computers by the lure of money, however, rather than to
steal secrets or disrupt infrastructure.
Last month, Sophos published
its Security Threat Report July 2007, examining the latest trends
in spam, malware and hacking. Included in the report are details of
how Chinese computers are used to host much of the world's malware,
and details of some of the more notable arrests made by the
cybercrime-fighting authorities since the beginning of the
year.
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend
against the threats of spam, hackers, spyware and viruses.
* Source: Sophos online poll, September 2007.
Disclaimer: Please bear in mind that this poll is not
scientific and is provided for information purposes only. Sophos
makes no guarantees about the accuracy of the results other than
that they reflect the choices of the users who participated.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.