Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Cyber-attacks a standard part of doing business with China

Thursday 05 May 2016 04:00 PM

Cyber-attacks a standard part of doing business with China, security experts say

By Fiona Rotherham

May 5 (BusinessDesk) - China has been cited as one of the most active countries for cyber crime attacks at New Zealand's first Cyber Security Summit in Auckland.

Jim Lewis, senior vice president for the US-based Center for Strategic and International Studies, said the most active cyber attackers were based in Russia, Iran, and China, with the latter mainly focused on economic espionage.

Lewis cited the example of an Australian company in talks recently on a deal with Chinese interests who said there had been 200 efforts to break into its IT systems to get data that would have been useful during those negotiations.

“I talked to the head of a UK security firm who said it was just a normal part of doing business with China,” he said. “They want what would give them a competitive advantage in any deal they’re in.”

China has been a growing market for Kiwi exporters, especially dairy product exporters, since New Zealand signed a free trade agreement with Beijing in 2008,

Hacking is standard business practice in China, agreed Richard Bejtlich, chief security strategist at security firm FireEye. Companies doing business there have to decide if they’ll earn enough revenue to pay for better cyber security.

“It’s possible to hold them off. But I had a 40-plus team that were among the best in the world and we were just barely able to hold them off,” he said. “I dealt with some companies who had physical offices in China that knew they were under surveillance and sometimes they were even approached by the government with that surveillance in hand or Chinese companies were told not to do a deal because of what the government had heard.”

China signed landmark deals last year promising not to conduct cyber espionage to steal trade secrets from the US, Britain and Germany and that led to a similar agreement between the Group of 20 nations last November.

However, just weeks after the China/US deal was signed, the cybersecurity firm Crowd Strike caught dozens of alleged Chinese hackers trying to steal copyrighted data from American tech and pharmaceutical companies.

Bejtlich said industrial espionage by Japan used to be a problem and he’s optimistic China will eventually cut it out as well but that doesn’t mean other developing countries won’t adopt similar tactics.

“We could have a similar issue in Africa or Latin America with, say, Nigeria saying ‘that whole steal stuff from other people and put into our economy to jump start it looks a good idea’.”

Lewis said one of the important moves the Obama administration had taken on cyber security was improving attribution. One example was the US Justice Department in March charging seven Iranians allegedly linked to Iran’s Islamic Revolutionary Guard Corps with breaking into the computer network of a small New York dam and attacking more than 40 US companies.

The ability of the US government to find the source of cyber attacks has shifted from one in three to more than two in three because of private sector information sharing with government officials, he said. Microsoft, Google and Twitter all now have policies of sharing information on attacks on their customers if they detect them.

Microsoft vice-president of security Matt Thomlinson said its customer data showed a major upsurge in ransomware attacks since February.

Thomlinson said it often starts with spear phishing – an email that appears to be from someone you know – and has now moved from being targeted at consumers to industrial scale.

The latest Symantec Internet Security Threat Report estimated ransomware attacks in New Zealand averaged 108 per day.

The rise of bitcoin, a digital currency, is one reason for the upsurge in ransomware, said Bejtlich. Bitcoin is now well-established and provides hackers with enough anonymity to protect their identities while providing a ready market for stolen data.

His company had worked with corporate ransomware victims who had paid five to seven figure sums “as they don’t have an alternative”. However victims don’t appear to be hit repeatedly as they are with other cyber crime once they had paid out, he said.

Mandatory reporting by companies that have been hacked can help others learn what's needed to tighten security, Lewis said.

“People don’t like it because it can have a share price effect. That usually only lasts a quarter, though the effects on the brand can be longer-lasting,” he said. “Greater transparency creates market incentives for companies to do better on cyber security.”

New Zealand proposes replacing the current voluntary data breach reporting with a mandatory requirement, in draft legislation that should emerge by early next year.



© Scoop Media

Business Headlines | Sci-Tech Headlines


Paymark: Lockdown Equals Slowdown For Some

The three days of lockdown for Auckland earlier this month made a clear impression on our retail spending figures. While only Auckland moved into Level 3 lockdown, the impact was felt across the country, albeit at different levels. Looking at the ... More>>

Infrastructure Commission: Te Waihanga Releases Report On Water Infrastructure

The New Zealand Infrastructure Commission, Te Waihanga’s latest discussion document highlights the importance of current reforms in the water sector. Its State of Play discussion document about water infrastructure is one of a series looking at the ... More>>

Sci-Tech: Perseverance Rover Lands On Mars – Expert Reaction

NASA has landed a car-sized rover on the red planet to search for signs of past life. The vehicle has more instruments than the four rovers preceding it, and it’s also carrying gear that could help pave the way for human exploration of Mars. The ... More>>


ASB: Quarterly Economic Forecast Predicts OCR Hike As Early As August 2022

Predictions of interest rate rises have been brought forward 12 months in ASB’s latest Quarterly Economic Forecast. Chief Economist Nick Tuffley now expects the RBNZ to begin raising the OCR from its current level of 0.25% as early as August ... More>>

ACT: Matariki Almost A Half Billion Dollar Tax On Business

“Official advice to the Government says an extra public holiday at Matariki could cost almost $450 million,” ACT Leader David Seymour can reveal. “This is a perfect example of the Prime Minister doing what’s popular versus what’s responsible. ... More>>

Genesis: Assessing 6,000 GWh Of Renewable Generation Options For Development By 2025

Genesis is assessing 6,000 GWh of renewable generation options for development after starting a closed RFP process with 11 partners. Those invited to participate offer a range of technologies as Genesis continues to execute its Future-gen strategy to ... More>>

OECD: Unemployment Rate Stable At 6.9% In December 2020, 1.7 Percentage Points Higher Than In February 2020

The OECD area unemployment rate was stable at 6.9% in December 2020, remaining 1.7 percentage points above the level observed in February 2020, before the COVID-19 pandemic hit the labour market. [1] In December, the unemployment rate was also stable ... More>>

Stats NZ: Unemployment Drops To 4.9 Percent As Employment Picks Up

The seasonally adjusted unemployment rate dropped to 4.9 percent in the December 2020 quarter, from 5.3 percent in the September 2020 quarter, Stats NZ said today. Last quarter’s unemployment rate of 5.3 percent followed the largest increase observed ... More>>