According to an article in the New York Times, the recent wave of APT attacks on US businesses “have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military.” This conclusion is apparently based on information gained from the forensics investigators. Given that pretty much every entity in China has some ties to the Chinese military, this revelation is hardly noteworthy. What is noteworthy is the fact that the investigation has found no direct linkage to the Chinese government.
In fact, the article goes so far as to state: “the findings raise as many questions as they answer, including the possibility that some of the attacks came from China but not necessarily from the Chinese government, or even from Chinese sources.” A professor at one of the schools had two guesses as to how the attacks may have originated from the Chinese schools: “One is it’s a completely individual act of wrongdoing, done by one or two geek students in the school who are just keen on experimenting with their hacking skills learned from the school, since the sources in the school and network are so limited. Or it could be that one of the university’s I.P. addresses was hijacked by others, which frequently happens.”
As we learn more about these attacks, we will likely find out two things. First, that these attacks have been going on for longer than originally anticipated against a wider net of companies. Moreover, the attacks will not abate any time soon. Second, that the Chinese government was deliberately set up by the actual attackers – one or more sophisticated company or governmental entity. Given that for many years now, the Chinese government has had the luxury of US companies sharing their IP confidences in return for access to Chinese markets, this “blame the Chinese” storyline made little sense from the beginning. More to the point, the Chinese have enough boots on the ground to get whatever information they need in a much more direct way.