China Reveals Its Cyberwar Secrets

china-is-waging-cyberwar-2-650x0.jpg?1361548326
A high-level Chinese military organization has for the first time formally acknowledged that the country’s military and its intelligence community have specialized units for waging war on computer networks.
China’s hacking exploits, particularly those aimed at stealing trade secrets from US companies, have been well known for years, and a source of constant tension between Washington and Beijing. But Chinese officials have routinely dismissed allegations that they spy on American corporations or have the ability to damage critical infrastructure, such as electrical power grids and gas pipelines, via cyber attacks.
Now it appears that China has dropped the charade. “This is the first time we’ve seen an explicit acknowledgement of the existence of China’s secretive cyber-warfare forces from the Chinese side,” says Joe McReynolds, who researches the country’s network warfare strategy, doctrine, and capabilities at the Center for Intelligence Research and Analysis. 
The acknowledgment could have political and diplomatic implications for China’s relationship with the United States and other Western powers.  
China has divided its cyber warfare forces into three types, said McReynolds, whose analysis is included in his forthcoming book, China’s Evolving Military Strategy, which will be published in October.
First, there are what the Chinese call “specialized military network warfare forces” consisting of operational military units “employed for carrying out network attack and defense,” McReynolds said.
Second, China has teams of specialists in civilian organizations that “have been authorized by the military to carry out network warfare operations.” Those civilian organizations include the Ministry of State Security, or MSS, which is essentially China’s version of CIA, and the Ministry of Public Security (its FBI).
Finally, there are “external entities” outside the government “that can be organized and mobilized for network warfare operations,” McReynolds said.
As to which of those groups is responsible for targeting American companies to steal their secrets, the short answer, says McReynolds: “They all do it.” Espionage by the PLA has been extensively documented, McReynolds said. And a Chinese hacking unit dubbed Axiom that has been linked to intrusions against Fortune 500 companies, journalists, and pro-democracy groups is reportedly an MSS actor. He noted that there are also many ways that Chinese civilians have been seen assisting in industrial espionage, including through “hack-for-cash” operations.
Now that China is coming clean about its cyber warfare forces, other countries may question whether they can safely cooperate with the government on combating cybercrime. The Ministry of Public Security (MPS), for instance, has assisted more than 50 countries with investigations of more than a thousands cases of cybercrime over the past decade, and China has set up bilateral law enforcement cooperation with more than 30 countries, including the United States, the United Kingdom, Germany, and Russia.
Experts generally agree that Russia, China, and the United States have the most advanced and sophisticated cyber warfare forces. 
The Daily Beast http://bbc.in/1OyIa0a

 

« You Can Tell Which Emails are Being Tracked.
Crime has gone High-Tech and the Law Hasn’t »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

JPCERT/CC

JPCERT/CC

JPCERT/CC is the first Computer Security Incident Response Team (CSIRT) established in Japan.

Software Engineering Institute (SEI)

Software Engineering Institute (SEI)

At the CERT Division of SEI we study and solve cybersecurity problems, research security vulnerabilities in software, and develop information and training to help improve cybersecurity.

SecuTech Solutions

SecuTech Solutions

SecuTech is a global leader in providing strong authentication and software licensing management solutions.

Gilbert + Tobin

Gilbert + Tobin

Gilbert + Tobin is an Australian corporate law firm serving clients throughout Australia, and around the world, on a broad range of legal issues including cyber security.

Dualog

Dualog

Dualog provides a maritime digital platform which ensures that services work reliably and securely onboard.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

Keyless Technologies

Keyless Technologies

Simple, secure, and interoperable authentication. Keyless offers unmatched security, privacy and usability, while reducing risk and infrastructure costs.

SterlingRisk Programs

SterlingRisk Programs

SterlingRisk’s Cyber practice brings experience working with a wide array of clients across a broad spectrum of industries.

Valarian

Valarian

Valarian (formerly Worldr) is on a mission to build cutting-edge solutions that empower borderless collaboration in the new era of digital sovereignty.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

Stryve

Stryve

Stryve is a leading carbon-neutral provider of specialist cloud and cybersecurity services in Europe.

Menaya

Menaya

Menaya provide Ethical Hackers for leading companies while also providing cyber security solutions to help major infrastructures protect against cyber crime.

BitLyft

BitLyft

BitLyft is a managed detection and response provider that is dedicated to delivering unparalleled protection from cyber attacks for organizations of all sizes.

Chorus Cyber

Chorus Cyber

Chorus are a leading Managed Security Service Provider (MSSP), and member of the Microsoft Intelligent Security Association (MISA), with three Microsoft Advanced Specialisations in security.

Pixee

Pixee

Pixee fixes vulnerabilities, hardens code, squashes bugs, and gives engineers more time to focus on the work that counts.

Prizsm Technologies

Prizsm Technologies

Prizsm is a computational storage capability that provides flexible, easy-to-use, resilient solutions for quantum-resistant, hyper-secure cloud storage and communications.