National Security Agency director General Keith Alexander has revealed that the attack against online security company RSA last year originated from China. He told the Senate Armed Services Committee yesterday that China is responsible for "a great deal" of theft of military-related intellectual property from the US, citing the RSA as one particularly public example. RSA itself has previously attributed the attack to two groups working on behalf of "a nation state." Alexander also described the complexity of the attack — using emails containing malware which exploited a zero-day exploit in Adobe's Flash plugin — as highly sophisticated, and said that if the hackers were able to do this to a company like RSA, many other firms are also vulnerable.
Gen. Alexander suggested that in order to combat this threat, "we need to make it more difficult for the Chinese to do what they're doing. Intellectual property isn't well protected and we can do a better job at protecting it." His suggestion is to develop a neighborhood watch-style system, making it easier for companies to inform the NSA directly when facing cyber attacks. Whether companies will so readily admit to flaws in their security systems remains to be seen.
This isn't the first time that China has faced allegations from the US of hacking — back in December the Chinese military were accused of computer espionage by a US Government investigation, and were also suspected of gaining control of US satellites between 2007 and 2008. It's clear that the US is worried by the threat this poses, but without a real-time response method as Gen. Alexander proposes, will it be able to counter these attacks?