Americas

  • United States

Asia

Oceania

roger_grimes
Columnist

Which country has the best hackers: Russia or China?

Analysis
Oct 18, 20164 mins
Advanced Persistent ThreatsCyberattacksCybercrime

Both are notorious for high-profile attacks, advanced persistent threats, and theft of money or intellectual property. And the award goes to ...

For many years I worked for Foundstone teaching hacking classes and doing penetration testing. It was the most enjoyable job I ever had.

As part of that job, I traveled the world, including China, and got to determine firsthand which country had the best hackers. Although I didn’t travel to Russia during that time, lots of Russian-born hackers showed up in my classes.

Rumblings of cyberwar

Foreign hacking is top of mind right now, thanks to Russia’s attempts to shake up the U.S. presidential election. With a high degree of confidence, U.S. intelligence agencies say the highest levels of Russia’s government are behind the Democratic National Committee email leaks intended to embarrass Hillary Clinton. According to the reports I’ve read, most of these Russian hacks seems to be based on simple password phishing.

China has been involved in hacking American (and other) companies for decades. Most computer security experts believe that China already has every intellectual property secret it wants. I didn’t believe the Chinese hacking rumors for years because accusers failed to provide public evidence. I’ve since changed my tune because many companies have released that evidence, and it appears quite convincing. Also, the Chinese government’s tight control over its domestic internet makes it unlikely that Chinese hackers could have hacked U.S. targets without either direct orders — or at least tacit acceptance.

Regardless, recent evidence suggests that Chinese hacking against American companies has decreased since President Obama and Chinese leaders signed an antihacking agreement last year. I’ve been involved in dealing with advanced persistent threat (APT) attacks for more than a decade, and I’m personally hearing less complaints about Chinese intrusions.

Which hackers cause the most damage?

If by “damage” you mean frequency and severity of attacks, Chinese hackers take the No. 1 spot. Very likely tens of thousands of them, funded by the government, have broken into any company they like. I’m convinced they’ve stolen more secrets and intellectual property than any other country, with a single breach potentially incurring many millions of dollars in damage. 

I’ve seen American companies work on a secret new product, only to have a Chinese company release a very similar, if not identical product first. Sometimes even the wording in the documentation is identical. I’ve seen entire American company divisions shut down as a result. 

Russia’s hackers are more focused on direct financial crime and probably incur hundreds of millions of dollars in damage each year. Who knows — it could be billions of dollars. But if I compare the direct financial costs of Russia versus China, China probably wins that battle due to its theft of high-value intellectual property.

What about Russia’s impact on the American elections, especially if that hacking results in a presidency friendly to the Russian government? Luckily, despite Russia’s best efforts, the American voting system is probably too much of a hodgepodge systems to be affected in a material way.

Best hacking skills

In my personal experience, the best hackers have always come from the United States or one of its friendly allies. I know that sounds biased, but when I taught hacking classes, the U.S. hackers always completed the hacking tests the fastest.

In the Foundstone classes we ran little tests during the day that allowed our students to practice some skill we had taught them. Most students, regardless of country, tended to perform roughly the same. At the end of the class, we had a major capture-the-flag test, which required that students put together everything we had taught them, but in slightly different ways. It required thinking outside the box. U.S. students were always able to complete the major test and were always fastest.

Unfortunately, my Foundstone experiences ended 10 years ago. Since then, several other countries have risen to become part of the elite club of hackers. Israel, for such a small country, has an enormous number of incredible hackers, and they enjoy a well-earned reputation as the best-thinking defenders.

Who’s the best?

Sorry to disappoint you, but the real answer is that we don’t know who’s best. To be a “good” hacker you have to be invisible. The best hackers are the ones we don’t see and don’t know about.

But the real irony is that breaking into most organizations requires little in the way of advanced techniques anyway. Even the elite hacking units don’t use their best stuff unless they have to. Why hack smart and give away your best stuff when you can hack like any script kiddie and get into the same results without being discovered?

roger_grimes
Columnist

Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author