Cyber Security: China Lash-Out Over Hacking Allegations

Governments spy, they always have. Yet with the rapid advances in cyber espionage tools now available to nations across the globe, state-sponsored hacking has never been more common, or more dangerous.

Now, a recently released threat intelligence report from US-based cybersecurity firm Crowdstrike has warned that invasive nation state hacking emerging from China, Iran and North Korea looks set to thrive in the year ahead.

A new direction

Following a sharp rise in tension following the hack at the US Office of Personnel Management (OPM) in 2015, the US and China were forced to compromise on the issue of online espionage by agreeing to a landmark cyber peace treaty. The understanding was aimed at quelling espionage and theft of intellectual property (IP), yet according to Crowdstrike, the agreement will have little lasting impact.

"If observed campaigns in late 2015 were any indication, it is unlikely China will completely cease its cyber operations, and 2016 will show the new direction it is headed," the report warns. "China has not appeared to change its intentions where cyber is concerned."

Instead, Crowdstrike argue, the deals were carefully constructed in an attempt to 'appease the US' and avoid economic sanctions for hacking. "China has promised new cyber tact, however the reality of its intentions is far divorced from what it has promised. Given its remaining technological gaps and the strategic edge cyber can provide its economy, there is still plenty of incentive for China to engage in commercial cyber espionage when opportunities arise," the report states.

Historically, China's state sponsored hackers, often associated with the People's Liberation Army (PLA), have been known to target intellectual property (IP) in order to further the country's own economy or intelligence-base and this is further enforced by the latest analysis.

"[China] has conducted cyber reconnaissance on its neighbours to make calculated territorial manoeuvres; used extensive cyber monitoring capabilities to simultaneously suppress dissidents and manage a growing population of domestic internet users; and conducted cyber espionage in order to steal intellectual property, fill technological gaps, and maintain its impressive economic growth," the firm reveals.

However, there is evidence this traditional stance may be evolving. "2016 looks to be a pivotal year for China-based, state-sponsored cyber adversaries as China enters a transformational period in terms of its economy, its global status, and the cyber methods it uses to achieve its strategic goals," the report states.

"Increasing cyber espionage"

In the case of Iran, Crowdstrike said it believes the nation will further embrace "internet monitoring and censorship on a national scale".

"There is increased likelihood Iran [will] use its cyber capabilities — which are also expected to strengthen and improve going forward — against its perceived enemies, particularly Saudi Arabia, regional governments, and their allies," the analysis finds. "It is likely, too, that Iran will also conduct increasing domestic cyber espionage operations to be vigilant of any influence of western ideals on Iran, threatening its Islamic culture.

"This would likely occur for a few primary reasons: to conduct network reconnaissance activities to prepare for any future offensive or retaliatory cyber operations; to conduct retaliatory cyber operations damaging or destroying networks; or to obtain information to answer any current intelligence gaps of its enemy's political strategies, military objectives, and mission details."

"A growing confidence"

North Korea warns attack on White House and Pentagon over Sony leaks
North Korea was publicly blamed by the US for the large scale hacking of Sony Pictures in 2014 Reuters

While in the wake of the hard-hitting cyber-attack against Sony Pictures in 2014, North Korea emerged as a major player in the cyber-crime scene. While some critics remain sceptical about North Korea's intentions for launching the initial attack, most security industry experts are in agreement that the nation should not be ignored.

"While the Democratic People's Republic of Korea (DPRK) has been involved in offensive cyber operations since at least 2009, the activity identified in 2015 suggests a growing confidence to leverage such operations for espionage purposes during periods of heightened tension," according to Crowdstrike.

Furthermore, the security firm adds that shifts in 'Chinese support' could force North Korean state-sponsored hackers to "seek more a more aggressive cyber posture" in the near future.

"It also cannot be dismissed that DPRK cyber operations may further branch out into criminal activity as a way to increase the regime's financial position. Monetisation of cyber intrusion is consistent with the responsibilities of the so called '3rd floor' bureaus, which have participated in illegal drugs, counterfeiting, and other illicit activity," states the report.

Indeed, previous investigations into North Korean government-backed criminal enterprises, such as the controversial Office 39, have demonstrated the frugal nature of nation's underground operations.

Yet even in the near future the constant wave of cyber-attacks shows no sign of abating. Most recently, nearly 10,000 Department of Homeland Security (DHS) employee credentials were leaked online by hackers.