China identified as an Internet hacking regime: No surprise there!

As reports are coming in that China has been positively identified as the source of automated IP hacking, while this is no real surprise, the Chinese TV slip-up is the first real evidence that the Beijing regime is a primary source of Western cyber-attacks.

Whilst Western governments have engaged in finger pointing at China over government and allied agency server attacks for several years, the Chinese government has always vehemently denied the claims.

The topic resurfaced again earlier this month over the so-called Shady RAT – Remote Access Trojan – attacks of the last several years on Western computer systems, and the Chinese government used the People’s Daily, its official media voice, to refute the allegations.

It’s therefore kind of ironic that the evidence for Chinese government-driven cyber-attacks – and automated attacks at that – should come from a Chinese military TV programme, detailed on the Epoch Times newswire, which shows a hacker utility application with legends such as `select attack target,’ highlighting a list of Falun Gong web sites as starting point for an automated attack.

The TV programme event shows shots of a computer screen showing a Chinese military university engaged in cyberwarfare against US servers. Talk about being caught red-handed and with your electronic pants down!

More seriously, now that the Chinese government has been formally identified as the source of at least some of the cyber-attacks on Western government and allied agency computer systems, the IT security managers within these agencies – as well other organisations on both sides of the public/private sector divide – need to plan ahead and counter these advanced attack vectors.

The solution is to use a multi-layered IT security strategy that uses a variety of encryption and other authentication systems to protect the data that the Chinese government – as well as myriad other hackers – are trying to get their grubby paws on.

Some of this information can be useful for military intelligence, but the majority is almost invariably useful in other areas, especially where intellectual property (IP) is involved. And since IP is becoming the de-facto currency of choice amongst hackers of all types, it stands to reason that defending IP should become a high priority for all IT security professionals.

My observations suggest that it is no longer possible to develop an IT resource that is completely resilient against an external cyber-attack, but the use of authentication as a means of enhancing other credential-enabled data security is a useful additional weapon in the ongoing battle against hackers.

Developing a solid layer of authentication also has the additional advantage that – as well as securing data from external prying eyes – it also defends against the insider attacker problem, which can range from the actions of a rogue employee all the way to a careless action by a new member of staff.

Whatever the cause, however, authentication is clearly the way forward when it comes to developing a better security mousetrap.

Steven Watts brings 25 years’ of industry experience to his role at the helm of Sales & Marketing for SecurEnvoy. He founded the company with Andrew Kemshall in 2003 and still works tirelessly to grow the company in new and established markets. His particular value is market and partner strategy; having assisted in the development and design of the products, designed the pricing strategy and recurring revenue model that has been so key to the businesses growth and success. Before starting SecurEnvoy, Steven was responsible for setting up nonstop IT, the UK’s first IT security reseller in 1994. Prior to setting out on his own, Steven worked as Sales Director at the networking and IT division of Comtec, and had started his career in office solution sales in 1986.