Chinese hackers: the root of all evil, or an obvious scapegoat?

By Claudiu Popa

 The Chinese are apparently after our law firms now. They weren’t content to hack Google and the Pentagon. After those hacking attempts on our federal government’s Finance and Treasury Board (considered to have been two of the most secure) departments, denied any wrongdoing.

Claudiu Popa


 And now they’ve set their sights on a notoriously low tech industry. But of course, their government vehemently denies it. The nerve! 

Defined by tradition, plagued by old-world values, the legal space seemed ripe for a sophisticated attack the likes of which we hadn’t seen since, well.. like, noon! Indeed, it was another simple email impersonating a legitimate employee and causing an infected attachment to get executed. Naturally, the remotely controlled malware siphoned out unspecified amounts of data before being detected. 


Related story – How to not get phished like the Canadian government 

Everything from oil companies to PR firms is getting the alleged unwanted attention of the Chinese. The persistent advances aren’t recent either. The FBI addressed the legal industry a couple of years ago with the stern warning to ‘train employees’ and ‘be careful what emails you open’.  Apparently they weren’t listening because someone went and clicked and here we are! 

The most basic Google search will now come back with one of “China denies role in hack” or “Sophisticated attack originated in China”. These advanced phishing and social engineering attacks naturally couldn’t have been avoided due to their sheer complexity. However that hasn’t stopped the alleged victims and their representatives from accusing and suing China to the tune of 2.2B. That’ll learn’em! 

What we do know is that a very high percentage of Asian computers are hopelessly infected with malware, in part due to the mountains of unauthorized software they insist on using. So if that’s the case, could we be looking at individual zombie systems  located practically anywhere, banding together to take advantage of basic gaps in employee security awareness, right across the continent? Let’s not forget: they’re denying it! So they must be guilty! The nerve!

About the author:
Claudiu Popa, is the CEO of Toronto’s Informatica Corporation ( him at
Claudiu Popa
Claudiu Popa
Claudiu Popa is a security and privacy advisor to Canadian enterprises, associations and agencies. He is an author, speaker and lecturer. Connect with him on Twitter @datarisk, Facebook, G+ or LinkedIn.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.