Does anyone here know how one would differentiate between someone (or group of hackers) in China doing this vs. the Chinese government being behind it? I'm just curious how that's determined.
Look at the targets, governments like US, India, Vietnam with which China has a beef, and corporations accessing whose data can give leverage to Chinese companies and government. So, in the end, if you consider all the data that must have been collected, who is the most obvious customer of that data? Its the Chinese government. So even if it is a group of hackers, they must do something with that data. If it was a small time intrusion for bragging rights, then it wouldn't have continued for so long.
So, the way I see it, whether it was a group of hackers (i.e. not directly affiliated with the Chinese govt.) or Chinese government employees, the end customer of the data is the same and hence this activity must have been sanctioned by the government and hence even if they were not in the beginning, I have no doubt that they are currently behind it (whether that implies involvement or support is irrelevant).
Let me present another scenario. This is what the intelligence community calls a "false flag attack". Another (rather technologically advanced) state, that for some reason would like China to be attacked publically as a state sponsoring cyber-terrorism, could for example build a large botnet in China and use it to conduct these attacks.
China is the current token 'rogue cyber terrorist' state. So this other agent/state could take advantage of that perception to either gather real data from the attacked entities or conduct all this activity just to damage China's reputation.
Not completely out of the question, but considering the risk to China's reputation (as you stated), and their ability to control the internet in China, you would think they would understand this false-flag risk, and take action to prevent this.
If data isn't secure to governments, it isn't secure to anyone. If data is insecure the question should then become, how do we secure our data? Controlling the global flow of information hardly addresses that.
I have the same question. We have security in being nobodies at least, as the best hackers would be unlikely to go into my information for instance unless mass hacking for identity purposes. It is a matter of time before new technology in security, database and transfer of information is upgraded and available at a premium. With placing the mass population on the cloud, who would be better targets to fund this upgrade?
You can't easily, and some obvious incentives muddle the issue further. The Chinese government, in the hypothetical case where they are behind it, has the incentive to disguise them as criminal-driven. The US DoD and some other agencies, in the opposite case, have the incentive to pretend that the Chinese gov is behind the attacks so that they may bring defense against such attacks among their tasks, which entails budget, manpower, prestige etc.
Let's say a group of Chinese citizens took it upon themselves to build a rocket that could carry a warhead.
These citizens then loaded a bomb onto the rocket and launched it at a neighbor (Japan, India, Russia) take your pick.
What would happen?
What if the Chinese gov't had full knowledge of this but failed to stop them?
OR say that a bunch of hackers in the US decided to hack into German banks and steal info.
Would the US gov't be negligent if they didn't stop them?
After say 100 attacks of either type above, would the gov't still have an excuse? Could it claim "this is a group of private citizens" and be taken seriously in the world stage.
Either it's government sponsored or it's a government law enforcement problem.
A lot of physical world techniques. Human intelligence, bugs, covert entries, tailing and surveillance. Also financial analysis, who is paying the bills.
