Don't freak out (yet) about 'scary' Chinese cyber attacks
A person walks past a 12-story building alleged in a report on Feb. 19, 2013 by the Internet security firm Mandiant as the home of a Chinese military-led hacking group after the firm reportedly traced a host of cyberattacks to the building in Shanghai's northern suburb of Gaoqiao.
A recent piece in the New York Times said that the Chinese army is constantly hacking American computers. The article is based on a study by cybersecurity firm Mandiant. The study shows Chinese intrusions into corporate networks in the U.S. trace back to an Army unit in Shanghai.
Scary stuff, right? Kim Zetter of Wired says “scary” may be the wrong word to use.
“I don’t like to use that word. This is espionage, and a lot of it is economic espionage; in the past, it’s happened in a lot of other ways. Computers just make it a lot easier and a lot more stealth,” said Zetter.
But how do these guys even go about hacking into corporate systems? Zetter says the main avenue for hackers is through email.
“It’s very easy to get into email. You have a lot of protections on a network, but you can’t block email from getting in,” said Zetter.
Zetter said hackers use “spearfishing” attacks: Malware emails that are crafted in a way that entice users to click. These emails usually come from a person that the user knows or is about a topic that the employee is interested in. When the email is open, it allows malware into the system, and hackers use that to dig deeper into a system.
Although it may seem like common sense to stray away from clicking something suspicious, Zetter says you can take all the measures you want to get employees not to do something, but they will still do it.