The Top Gun of Hackers

In case there’s any doubt about which country is the world’s top industrial cyberspy, a new report adds to the mounting pile of evidence — it’s China.

Verizon’s new Data Breach Investigations Report issued Monday estimates that 96 percent of recorded, state-affiliated attacks targeting businesses’ trade secrets and other intellectual property in 2012 could be traced to Chinese hackers.

“This may mean that other threat groups perform their activities with greater stealth and subterfuge,” Verizon notes in its report. “But it could also mean that China is, in fact, the most active source of national and industrial espionage in the world today.”

Verizon’s annual DBIR, a fixture in the cybersecurity community, should add fuel to the political firefight on Capitol Hill over improving the nation’s digital defenses. The report also describes criminal organizations and hackers elsewhere taking aim at banks, retailers, utilities and manufacturing companies.

The new findings come a week after the House passed the bill known as CISPA — a proposal meant to help companies and the government share cyberthreat data. But the measure faces a skeptical Senate, not to mention the renewed threat of a presidential veto.

In the meantime, lawmakers and the Obama administration are pushing China on the cyberattacks amid a steady stream of reports naming the country as a hacker haven. Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, is headed there this week, the second such high-profile trip with cybersecurity on the agenda after Secretary of State John Kerry visited Beijing earlier this month.

In the end, it’s practically impossible to determine the full extent of Chinese hacking: attributing attacks to their true source is difficult, companies are reluctant to disclose when they’ve been victimized and much information about China’s cyber activities remains classified.

Even the incomplete picture painted by Verizon’s new report, though, reveals the serious, novel challenges posed by digital hackers, many of whom appear to be located in China.

In total, Verizon confirmed 621 total breaches among more than 47,000 reported cyber incidents. Three-fourths of those 621 breaches were “financially motivated” cyber crimes, according to Verizon, while state-affiliated espionage — including from China — represented just about 1 in 5 incidents.

Even though China is responsible for much of the cyber espionage reported to Verizon last year, it’s still among a larger group of countries affiliated with foul play in cyberspace. Romania, for example, was home base to hackers with financial motivations in mind. Rounding out the top three: the United States, which is responsible for a small fraction of the state-affiliated attacks recorded by Verizon in 2012.

Across the board, financial organizations, including banks, were most under siege last year, followed by retailers and restaurants. In addition, 1 in 5 intrusions involved manufacturing, transportation or utility companies, according to Verizon.

The threat of hacktivism, which sharply increased in Verizon’s previous report, remained steady in 2012 — but it didn’t result in much stolen data, as groups “shifted” to disrupting services and systems. Meanwhile, Verizon noted a sharp uptick in attacks with “social tactics” as cyber criminals — many of whom are believed to be state-sponsored — took to email and other forms of communication as a way to establish “a foothold in their intended victims’ systems,” according to the report.     Read more: