It´s taken a while, but finally the Dutch intelligence service AIVD has started warning (article in dutch) the people about Chinese cyber espionage practices against Dutch firms.
They state that Dutch awareness of these practices is very low, which increases the chances of success for the Chinese. They also mention that the Chinese government is actively recruiting Chinese researchers and technical experts to work for them in foreign countries.
To support this recruiting drive, the AIVD says, the Chinese government does not shy away from extortion. For instance, there have been cases where they have withheld important medical treatment or education of family members still living in China.
Now, I am certainly not complaining about this. I think it is an important and correct warning. I have witnessed firsthand such attacks on several Dutch firms and these all had some serious links to China.
Furthermore, even if I had not, the AIVD is globally considered very well-informed about what goes on here in the Netherlands. They do not have a reputation for making wild, unverified claims.
That said, I would like to point out that we should not fall into the same trap that seems to be happening in the US: It’s not JUST China that is engaging in large scale Cyber Espionage operations. Over 30 countries have been implicated in large scale attacks of this nature and it is highly foolish to discount them all and only look to China.
Several experts have made the same warning statement, including Jeff Carr, author of Inside Cyber Warfare, and USMC LTCol Bill Hagestad who is a renowned expert on Chinese cyber warfare.
As always I would like to see more global awareness regarding general information security, cyber security and cyber intelligence practices. In fact I would prefer it if we started this process of raising awareness in school.
About the author: Don Eijndhoven has a BA in Informatics (System & Network Engineering) with a Minor in Information Security from the Hogeschool van Amsterdam, The Netherlands and is currently pursuing an MBA at Nyenrode Business University. Among a long list of professional certifications he obtained are the titles CISSP, CEH, MCITPro and MCSE. He has over a decade of professional experience in designing and securing IT infrastructures. He is the Founder and CEO of Argent Consulting and often works as a management consultant or Infrastructure/Security architect. In his spare time he is a public speaker, occasionally works for CSFI and blogs for several tech-focused websites about the state of Cyber Security. He is a founding member of Netherlands Cyber Doctrine Institute (NCDI), a Dutch foundation that aims to support the Dutch Ministry of Defense in writing proper Cyber Doctrine, and the founder of the Dutch Cyber Warfare Community group on LinkedIn.