China is “probably” spying on US businesses and the government, according to a new security report.
The report, which was commissioned by the US-China Economic and Security Review Commission, states that the country poses the biggest cyber security risk to the US, claiming “China is likely using its maturing computer network exploitation capability to support intelligence collection against the US government and industry by conducting a long term, sophisticated computer network exploitation campaign.” The claim suggests that China is using hacking techniques to obtain government and industry secrets.
The claim follows a series of computer virus and security attacks on American government departments, many of which are believed to have originated from China.
This report however details how many of these attacks play out, including an attack that exploited an unpatched flaw in Adobe Acrobat that was patched earlier this year.
Citing US Air Force data from 2007, the report says at least 10 to 20 terabytes of sensitive data has been collected from US government networks as part of a “long term, persistent campaign to collect sensitive but unclassified information”.
It’s claimed that some of this information is used to create very targeted and credible phishing messages that then lead to the compromise of even more computers.
The report describes sophisticated, methodical techniques, and speculates on possible connections between Chinese government agencies and the country’s hacker community, increasingly a source of previously unknown “zero-day” computer attacks.
“Little evidence exists in open sources to establish firm ties between the [People’s Liberation Army] and China’s hacker community, however, research did uncover limited cases of apparent collaboration between more elite individual hackers and the [People’s Republic of China’s] civilian security services,” the report stated.