Shanghaied Cyber-Style? Some Real Evidence of Chinese Involvement in US Cyber Attacks Starting to Mount – “Complexity and Longevity of Such Coordinated Attacks Can Take a Heavy Toll,” Says GDF Founder

Share Article

Most of the time organizations like to stay as hush-hush as possible when it comes to being the victim of a cyber attack, but sometimes, the victim has the weaponry to send a salvo of their own in retaliation, as is the case with The New York Times and their global megaphone. To Global Digital Forensics founder, Joe Caruso, “This type of high profile exposé should be a lesson that every US organization with a digital presence should not only take to heart, but take action on as well.”

News Image

One successful cyber attack can start a vicious cycle

having a sound, professionally devised plan to achieve that perfect balance between cost and effectiveness is essential to maximize the results for any budget.

Because of the stigma associated with being victimized by cyber attackers, and the very real effects on public trust and business integrity that come along with it, a spotlight is typically the last thing any organization wants after being successfully targeted by cyber attackers. One such victim, The New York Times (NYT) late last month revealed they were the victim of a cyber attack and their investigation had them pointing to China. But on Monday, The New York Times certainly bucked that normal trend of silence. They didn’t hide, instead they strapped on gloves, stepped in the ring and punched back – hard – bringing an enemy that normally depends on fighting in the shadows squarely into the public spotlight of a heavyweight title cyber-arena fight, the hometown NYT vs PLA Unit 61398 out of Shanghai. Global Digital Forensics (GDF) founder and CEO/CTO, Joe Caruso, hopes, “ this bold move by The New York Times sparks some much needed urgency for US organizations of all sizes with digital assets to protect to make some bold moves of their own, especially infrastructure, financial and technology organizations which are vital to public safety, health, finances and security.”

China not the only threat

“Last year when the Flame virus was making headlines, I was interviewed as an expert by Varney & Co on FOX Business. Before it was over they had me on the hot seat to declare which country I thought posed the biggest cyber threat to US security. I took some heat afterwards from industry colleagues of mine for stepping out of the “neutral zone” and naming China in the end, but I think the details reported in the Times’ story about the evidence uncovered pointing to Chinese involvement in long-term hacking campaigns against US entities will cool that heat quite a bit now,” Caruso said with a grin. “And while China is now the one on the hot seat with some explaining to do, they are far from the only players on the cyber espionage stage,” Caruso added. “From eastern and western Europe, the middle and far east, to South America and right here at home, there plenty of actors with their hat in the ring; a scary prospect when you think about how integral digital technology and information are to our daily lives today. This type of high profile encounter should be a lesson that every US organization with a digital presence should not only take to heart, but take action on as well. Otherwise, it really can be like getting shanghaied. You’re knocked unconscious by a spear phishing email, kidnapped by a malicious payload, and forced to work for an unknown foreign taskmaster that reaps the benefits of all your hard work for nothing in return but grief and agony, but with the 21st century twist of potentially endangering your own friends and family with your efforts in the process.”

An effective E-Defense program is not a luxury, it’s a necessity

“Our cyber security specialists at Global Digital Forensics have responded to hundreds of cyber incidents over the years. But even today, with devastating cyber attacks making the headlines on a routine basis, you would be shocked at how many clients we still see for the first time with so many basic cyber security bases uncovered. But hopefully, seeing jarring information on the size and scope of APTs (Advanced Persistent Threats) launched by coordinated groups with deep pockets, like the state-sponsored PLA (People’s Liberation Army) Unit 61398 implicated in this case, will push the patriot button and finally force a sea-change in taking E-Defense as seriously as it should, and must be taken. Otherwise, they may be the ones under the taskmaster’s whip for years at a time doing someone else’s bidding. And the aftermath could affect every one of us, because the reality is, the complexity and longevity of such coordinated attacks can take a heavy toll on many fronts.”

Setting the right course and taking action

There are many facets to a successful E-Defense program, and having a sound, professionally devised plan to achieve that perfect balance between cost and effectiveness is essential to maximize the results for any budget. But before a plan can be devised, a client must know exactly where they stand now. A comprehensive cyber threat assessment with customized penetration and social engineering testing is the way to take in the big picture and pinpoint the most vulnerable links in the cyber security chain. Due to the evolving nature of technology and new threats being aimed at newly discovered vulnerabilities almost every day, 100% effective cyber security protection is simply unrealistic for any organization with a digital presence. But there’s also good news. Having a firm grasp of the basics alone can protect organizations from over 90% of cyber threats, which every organization relying on ESI (Electronically Stored Information) should be capable of at a minimum. Then it’s just a matter of further fine tuning to close the gap to as close to 100% as possible while living within a client’s budget and personnel restraints to maximize the return on their investment. And in the event the unthinkable does happen and a data breach or cyber intrusion does occur, GDF can instantly transition to emergency incident response mode and quickly identify the problem, contain it and minimize the fallout. That’s means less damage from the client, vendor, investor and regulatory compliance perspectives. And with a network of experienced responders strategically positioned both nationally and worldwide, GDF has response times unrivaled in the industry. Taking action doesn’t have to be difficult, but it does have to be done.

*Global Digital Forensics is a recognized industry leader in the fields of cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Aris Demos
Visit website