BEIJING, Aug 5, (Agencies): A Chinese state newspaper on Friday rejected suggestions Beijing might be behind global cyberattacks over the past five years targeting more than 70 government entities, nonprofit groups and corporations.
The ruling Communist Party flagship People’s Daily said it was “irresponsible” to link China with Internet hacking attacks reported by computer security firm McAfee Inc on Wednesday.
McAfee’s report said the attacks have targeted a broad range of organizations, including the United Nations, the International Olympic Committee and companies mostly in the United States.
Some experts quoted in news reports said the targets of the attacks suggested that China was a prime suspect. McAfee did not say who may be behind the attacks but said the culprit is likely a nation state, a claim the Chinese newspaper criticized.
“McAfee’s new report alleges that ‘a government’ carried out a large-scale Internet espionage hacking action but its analysis of the justification is obviously groundless,” the People’s Daily said.
China has not officially commented on the report but has denied all charges of hacking in the past and says the country itself is a victim of hacking.
The newspaper said China is often accused of being the perpetrator of cyberattacks.
“Linking China with Internet hackers is irresponsible,” it said. “In fact, as hacking attacks against internationally renowned companies or international organizations have increased this year, some Western media have repeatedly described China as ‘the black hand behind the scenes.’”
The newspaper seemed to imply that the United States was a more likely culprit, pointing to media reports that the US government openly recruits hackers - sending officials from the Department of Defense, Homeland Security, NASA and the National Security Agency to hacker conferences.
The McAfee report comes shortly after South Korean officials said last week that a hacking attack allegedly originating in China resulted in the theft of the personal information of about 35 million Internet users there. China did not respond to the accusation.
Citigroup, Sony Corp., Lockheed Martin, PBS and others have been targeted by hackers this year, but McAfee says the majority of those attacks have been “exploitations for the sake of notoriety” by groups such as Anonymous and Lulzsec.
But the threats that McAfee’s report focuses on are “much more insidious and occur largely without public disclosures,” wrote Dmitri Alperovitch, vice president of threat research at McAfee and the report’s author. He said the perpetrator is motivated by “a massive hunger for secrets and intellectual property.”
Meanwhile, a hacker-turned-defense official, decrying the government’s slowness to change, rolled out a new program on Thursday that would enable the Pentagon to more quickly fund hackers to tackle its tough cybersecurity challenges.
Peiter Zatko, a hacker known as Mudge who is now at the Defense Advanced Research Projects Agency, said he joined the Pentagon’s research arm to try and build bridges between the government’s cybersecurity needs and hackers working on innovative projects.
What he found instead was a lumbering bureaucracy on the government side that had the more nimble hacking community throwing up its arms in frustration as its members tried to navigate unfathomable bureaucratese on reams of forms, in a process that lasted months.
So in the latest attempt to pull cybersecurity expertise into government, DARPA has launched the “Cyber Fast Track” program, intended to cut red tape for hackers to apply for funding for projects that would help the Defense Department secure computer networks.
Instilling change in a government bureaucracy is “insanely difficult” because government is used to operating in a certain way, said Zatko, head of DARPA’s information innovation office. “And that’s fine in many, many areas. But I don’t think that’s fine for cyber,” he said.
Zatko said he decided it was time to start funding hackers and boutique security firms, “and making it actually easy enough for them to compete for government research money with the large, traditional government contractors.”
Addressing a key issue for hackers doing government projects, they will be allowed to keep the commercial intellectual property rights while giving the Defense Department use of the project.
Zatko told the audience of technology and security experts at the Black Hat conference in Las Vegas that 20 to 100 of these projects will be funded every year, with about two weeks required to land a contract — lightning-fast by Pentagon contracting standards.
He did not say how much money would be used to fund the projects and a DARPA spokesman did not immediately respond to an emailed question.
Jim Lewis, a cyber expert with the Center for Strategic and International Studies, earlier told Reuters it was very likely China was behind the hacking because some of the targets had information that would be of special interest only to Beijing.
McAfee’s report said the attacks were the biggest ever discovered.
The People’s Daily cited comments on the Internet that suggested McAfee published the report to alarm people into buying more of its cyber security technology.
“In fact, as the number of hacking attacks on prominent international businesses and organisations has grown this year, some Western media have repeatedly depicted China as the villain behind the scenes,” said the paper.
The Chinese government has used the People’s Daily to round on earlier foreign claims of hacking.
In early June, Google said it suspected Chinese hackers of trying to steal the passwords of hundreds of Google email account holders, including those of US government officials, Chinese rights activists and journalists.
The overseas edition of the People’s Daily hit back by saying that Google had become a “political tool” used to vilify the Chinese government, and warning that the US Internet giant’s statements could hurt its business.