I'm somewhat skeptical that any commercial organization, other than those directly involved in the infosec profession, are operating any sort of a "honey pot", much less doing so for the purpose of feeding bad/false/fake information to the Chinese. Organizations don't have the resources or tools in place to monitor their operational production computer systems, never mind expending the effort to actively monitor a honeypot.
I also think that the Chinese (and any other adversarial nation-state) are quite aware of exactly what they want to target, and those targets are being engaged directly via social engineering. Generally speaking, honeypots are designed to catch connections from "broadcast" malware ... stuff that goes out and pings anything that's alive and tries to replicate to it only because it is alive; I can't see any practical contribution a honeypot could make in the realm of directed social-engineering based attacks. We also know that modern sophisticated malware now has logic built into it to identify a "honey pot" and actively avoid it, so even that attack-anything malware is now intelligently avoiding honeypots, and the value of the honeypot is being reduced as a result.
I'm not quite sure what the alleged theft of 18th century British intellectual property to fuel the Industrial Revolution has to do with 21st century attempts to steal military intelligence, and it wasn't until the 19th century that "intellectual property" became recognized as a protected entity. Some might take exception to the characterization of those events as "theft" in that time frame, and I'd also note that at the start of the Industrial Revolution (1760-1820), the U.S. was "at war" with the British for a good portion of that time, so who's to say what was "stolen" vs what was "spoils of war to the victor". :-)
Nevertheless, it's no secret that nation-states have been actively trying to steal U.S. military intelligence since the U.S. declared independence.. Cyber-technology is just another means to the end.
In the end, I disagree that SMBs are at any higher risk from nation-state based cyber attacks, unless it's an SMB directly associated with the military and has been identified as a value target.
Thanks for the thoughtful response. I love the "spoils of war to the victor" - but I sure hope that we don't fall victim to the same phenomenon in the attacks China continues to mount. It's interesting, I heard a talk at FOSE last week by John Lee of Lee Core Consulting - he had some interesting observations about how China and others find the US incredibly naive - it's a clear cultural difference.
As for strategies the government and large US companies are using against APTs, I sure hope they are using some very clever deflection techniques. I believe there are honeypot and other strategies in play that are, naturally, not shared. It was interesting that John Lee suggested a strategy to try to have the Chinese attack your competitors rather than your company - a story of "just running faster than the other guy, when a bear is chasing you - let the other guy get eaten."
It's worth checking out what the most recent Chinese communist five year plan is targeting - previous five year plans have successfully targeted heavy manufacturing, then light manufacturing.. Those they now dominate. Now they're targeting things like software and transportation. More than a little scary.
Here's a related article on our sister "CMDPrompt" blog:
I tend to agree with LGarvin on the honeypots. Where I've seen them, they've been a "hobby" of an InfoSec team, and once upper management finds out about them, they're usually toast.
If they really wanted to be evil, companies could just feed their current SharePoint or Notes site to an adversary. That should slow them down for years with outdated information, unused policies, and unimportant tangents!
Great thoughts. Too funny - yes, boring and wordy corporate Sharepoint sites could keep them busy for ages! And they might break into some marketing resources, but heck, marketing people want people to read their stuff.