Eastern European and Russian hackers mostly steal financial information, while Chinese ones are mainly after intellectual propriety or other sensitive data, say security analysts and US officials, and the great majority of the attacks believed to be originating from China can be tied to as few as 12 distinct hacking groups.
These groups are mostly backed or directed by the Chinese government, they say, although it is difficult to prove beyond the shadow of a doubt who is behind a particular attack.
According to information given to The Guardian by unnamed US cyber security analysts who have worked both for private businesses and government agencies, each of these groups has a particular “signature” constructed by the code, tools and C&C computers it uses, and this makes it possible to see which of the groups are responsible for what attack.
Sometimes more than one group is tasked to attack a target and retrieve information from its systems, they say, and they compete against each other and time to retrieve the desired data.
US analysts can sometime even tie the activity to specific members of each group, and occasionally even make an educated guess regarding who they are and where they are located, but the US is in the unenviable situation of being unable to do anything about it.
The Chinese government continually insists that they have nothing to do with the attacks, and the two countries have no extradition treaties in place that would allow the US to demand the handing over of suspects.
As the number of cyber espionage attacks believed to be coming from China rises seemingly by the minute, US analysts and cyber security experts clamor for the US to put its foot down and put the option of retaliating for the attacks on the table.
“In the private sector we’re always on defence. We can’t do something about it, but someone has to. There is no deterrent not to attack the US,” says Jon Ramsey, head of Dell SecureWorks’ counter threat unit.
While for a long time US intelligence officials avoided to point to China and Russia as the culprits of these attacks, it seems that they have decided to stop hiding behind allusions and make definitive accusations. Sooner or later it had to come to this point, and changes in the US’ approach to this threat are likely to be very near.