RSA Europe 2013: Is China still the world's number one source of cyber-attacks?

The early years of cybercrime are typically associated with dark online practices in Eastern Europe where an underground hacking economy thrived, but in recent times it is world superpower China that is routinely accused of sourcing most of the world’s cyber-attacks.

But is this fair? And how accurately can security researchers match attacks to their source?

At RSA Europe in Amsterdam today, Kaspersky Lab’s director of global research Costin Raiu said evidence collected by his team suggests China is indeed the world’s worst offender in harbouring cyber-criminals.

“I would say if we’re talking about [cyber-criminal] groups operating from China, we’re talking maybe between 100 and 200 different groups. I would say that’s the largest operating base of threat actors in the world.”

Speaking at a packed panel debate on day one of the security conference, Raiu did insist that China was far from the only nation involved in sourcing hackers and launching state-sponsored attacks.

“Pretty much every big nation state is doing some form of cyber-espionage,” he said. “Some are more noisy that others; they hit everyone and don’t care if it’s in the news, all they care about is getting the documents from your systems. While others are more careful, more advanced, and are very scared of being exposed.”

Well placed to comment on the matter was panellist Jaap van Oss, a cybercrime team leader at Europol. According to van Oss, fingers shouldn’t be pointed at China so readily, as cyber-criminals in different countries altogether regularly disguise attacks so they fit the convenient narrative of originating from the People’s Republic.

“There are groups which like to register names through Chinese registers and they like to use servers in China, just because there is this pre-conception that 99 per cent of APT attacks originate in China. So when a CIO sees that all his precious gigabytes of information went to a Chinese server, it’s quite easy to draw the conclusion that a Chinese APT group was behind the attack.”

Such incidents thus throw up a lot of “misinformation and red herrings,” Oss said, making attack attribution “extremely difficult.” Illustrating the point, a study on web application attacks conducted by Imperva this summer found that the US was more prolific than its Asian rival.

The panel was nevertheless in agreement that state-sponsored cyber-attacks are on the rise, and, somewhat ominously, Websense Strategy Officer Neil Thacker warned there is little organisations can do to fend off attacks on this scale.

“I always talk about sponsorship, and if we’ve got state-sponsored attacks, are we ever going to be able to stop them with the resources they have? I don’t think so,” he said.

For more news and opinion from RSA Europe, make sure you check out our live coverage page, bringing you all the updates throughout the week.