China is victim of hacking attacks
China has been the target of serious cyberattacks from the United States, but Beijing has neverblamed Washington or the Pentagon because such accusations would be "technicallyirresponsible", Chinese Internet insiders said.
The cyberattacks from the US have been as grave as the ones the US claims China hasconducted, they said on Tuesday.
China's Internet emergency response agencyhas tried its best to handle all the UScomplaints made this year, they said.
However, the US never mentioned thealleged Chinese hacking theft of the designsof more than 20 kinds of top US weapons, butinstead gave the unverified informationdirectly to the media.
"We have mountains of data, if we wanted toaccuse the US, but it's not helpful in solvingthe problem," said Huang Chengqing,director of the National Computer NetworkEmergency Response TechnicalTeam/Coordination Center of China, alsoknown as CNCERT.
"The importance of handling Internet securitycases keeps rising, but the issue can only besettled through communication, notconfrontation."
Huang's remarks came after a slew of reportsaccusing China of hacking were released inthe US this year. High-ranking officials inWashington also pressed Beijing on the issuein recent weeks.
According to CNCERT, in the first five monthsof this year, 13,408 overseas trojan horsesor bot control servers — two popular hackingtools — hijacked around 5.63 millionmainframes in China. Of those, 4,062 US-based control servers hijacked 2.91 millionmainframes in China.
The US ranked first in both the number ofcontrol servers and the number of mainframes controlled in China.
In the same period, websites of 249 important Chinese organizations including governmentdepartments, key information systems and research institutions were implanted with backdoorprograms. Among them, 54 websites were hijacked by US-based IP addresses for stealinginformation.
"However, it's hard to judge whether the US government supported or got involved in thehacking. Besides, hackers can easily hide their real location and identities," Huang said.
"So technically it is irresponsible and unfounded for some people to talk about alleged hackingsupported by the Chinese authorities."
As for the Washington Post report in late May about Chinese hacking on US weapons, Huangsaid design information of top-class weapons are usually listed as top national secrets. "Evenfollowing the general principle of secret-keeping, it should not have been linked to the Internet."
Huang said his agency has been fighting with hackers. Except for daily work of Internet securitymonitoring, prewarning and emergency response, CNCERT cut hackers’ remote control on39.37 million infected mainframes in 2012.
The agency has set up Internet security cooperative relations with 91 organizations in 51countries and regions.
Huang said a case in March explains the importance of such cooperation. At that time, SouthKorea suspected that Chinese hackers paralyzed the network of some local media and banksand required assistance from CNCERT. Through joint efforts, it was discovered that the IPaddress connected to the hacking was in the range of Chinese IP addresses but was actuallyused by a South Korean bank.
As for cooperation with the US, Huang said in the first four months of this year CNCERTreceived 32 Internet security cases from the US, among the 227 complaints from abroad.
They handled the US cases in time, except for attempted IP address attacks, which lackedsufficient proof. And they sent feedback to the US on all the cases.
"But they did not mention these efforts, instead they advocated cases that they never let usknow about. Some cases can be addressed if they had talked to us, why not let us know? It isnot a constructive train of thought to solve problems," Huang said.
"Besides, we have smooth communication at the civil level. I don't understand why all levels ofthe US government are accusing China of cybersecurity recently. I felt it is driven by somepolitical intentions, though I don't know what the intentions are."
Huang said he noticed the US has kept beefing up its cyberwar forces as it hyped hackingthreats from China.
After Mandiant, a Washington-based cybersecurity group, said in a report in February that thePeople's Liberation Army sponsors hacking, US Cyber Command and National Security Agencychief General Keith Alexander told Congress in March that of the 40 new Cyber Commandteams being assembled, 13 would be focused on offensive operations.
Gao Xinmin, vice-chairman of Internet Society of China, said: "The US is much more dependenton the Internet than developing nations, so it is fully understandable that they attach greatimportance to the issue."
"However, because of the lack of mutual trust, it is easy for some countries to blame hacking onother governments. And driven by some political needs, the dirty water is often poured ontoChina," Gao said.
The White House has announced that cybersecurity will be high on the agenda of President XiJinping's meeting with US President Barack Obama this week in California.
CNCERT's Huang said it is necessary to have multi-level talks, but the most effective way is to"start from the basic level" and beef up communication between frontline agencies, such asemergency response organizations, from relevant countries.
中国国家级网络安全应急机构和互联网协会的高层人士周二表示,中国遭受来自美国的网络攻击的严重程度并不亚于美国所声称的来自中国的威胁,但中国采取了“对事不对国”的态度,从未为此怪罪美国政府或军队,因为“技术层面上这样的做法不负责任”。
他们还表示,中方今年已尽其所能地处理并反馈了美国计算机紧急响应小组(US-CERT)向中方投诉的个案。这些专业人士称美方从未向中国国家计算机网络应急技术处理协调中心(CNCERT)提及美国媒体近期报道的中国黑客盗取美国重大武器系统设计一事,而是直接把未经证实的资料泄露给媒体。
这些官员是在《中国日报》的专访中就美方最近密集发表所谓中国在网络安全方面对美构成极大威胁的言论,以及美方高官不断就此对北京施压的情况做此表态的。
“如果我们想指责美国的话有大量数据,但这无助于问题的解决,随着信息化的发展,网络安全事件的处理越来越重要。但这些问题的解决应该通过对话而不是对抗。”CNCERT主任黄澄清说。
据CNCERT向《中国日报》独家披露的最新数据,2013年1至5月,境外约有13408台木马或僵尸网络控制服务器控制了中国境内近563万台主机,其中位于美国的4062台控制服务器控制了中国境内近291万台主机,无论是按照控制服务器数量还是按照控制我国主机数量规模进行排名,美国都名列第一。
此外,同期中国有249个重要政府部门、重要信息系统和科研机构等单位的网站被境外入侵并植入网站后门,其中54个单位被美国地址入侵和窃取信息。
“但是很难判定美国政府支持和参与了这些事件。另外,拥有专业技术的黑客可以轻而易举的隐藏自己的真实位置和身份。所以单从技术层面上讲,一些国家和人士有关中国网络安全威胁论的言论是不负责任和缺乏依据的。”黄澄清说。
至于《华盛顿邮报》5月底报道的中国窃取美国二十多项武器设计机密的指责,黄表示尖端武器的研制资料一般被列为国家最高等级机密,“即使遵循一般的保密原则,也绝不可能放在互联网上”。
黄说事实上他负责的机构一直在与黑客做着艰苦的斗争。除了日常的网络安全事件的监测、预警和应急处置工作外,2012年CNCERT切断了黑客对3937万余台感染主机的远程操控。
这个机构目前已经与51个国家和地区的91个组织建立了网络安全合作关系。
黄说,今年3月有一个案例,当时韩国怀疑中国的黑客行为导致了当地一些媒体和银行计算机网络同时瘫痪,韩国通过CNCERT请求帮助协调,经双方共同努力,证实疑似IP地址实为韩国银行内部自用,而其恰好使用了中国IP地址范围,从而导致韩方误认为攻击来自中国。
黄澄清说,今年1月至4月CNCERT接到的227起来自境外的网络安全投诉中,有32起来自US-CERT。除了部分恶意IP地址尝试攻击事件因对方提供证据不足无法处理外,其余的事件中方均及时处理并向美方反馈。
“但他们并没有提到这些,而是把没有告诉我们的问题大肆渲染,如果跟我们说的话有些问题是能解决的,为什么不让我们知道呢?这不是解决问题的建设性思路,”他说。
“另外,现在民间层面的沟通是畅通的,但我们不知道为什么近一段时间来美国政府各个层面都在就网络安全问题攻击中国。我认为这种做法是出于政治上的考量,尽管我不清楚他们的目的。”
黄说他注意到美国在发布“中国黑客威胁论”的同时一直在加强自己网络战的力量。美国网络安全公司曼迪昂特2月18日发布报告指责中国军方黑客威胁,3月12日美国网络战司令部司令亚历山大随即宣布新增40支网络部队,其中13支确定用来进攻。
“美国社会对网络的依存度比我们发展中国家高的多,所以他们对网络安全更加重视是可以理解的,”中国互联网协会副理事长高新民说。
“但有些国家之间由于缺乏战略互信,容易认为攻击源受到对方政府的支持,再加上某些政治需要,经常把脏水泼向中国。这样只会加深猜忌,”他说。
关于白宫宣布网络安全将会是国家主席习近平和美国总统奥巴马本周在加州会晤的首要议题之一,黄澄清表示多层次沟通是必要的,但最有效的办法是从基层做起,让网络安全应急处置的专业部门和各国政府执法部门开始加强沟通。
CNCERT已经参与了美国东西方研究所牵头举行的定期国际民间网络安全问题沟通和协调。黄说他欣赏该机构“积极和建设性的”的态度和具体的解决方法。据《纽约时报》5月26日报道,东西方研究所正同包括中美在内的多个国家政府代表合作讨论信息技术基础设施保护方面的基本规则。
“互联网是自下而上发展起来的,现在单纯靠政府解决全部问题是不现实的。而东西方研究所跟各个层面建立了广泛的沟通渠道,”黄说。
2011年,CNCERT完成了与该机构开展的为期两年的中美网络安全对话机制反垃圾邮件专题研究。从2012年至今,双方正在就”反黑客攻击”专题开展对话。