Report links China’s army to cyber attacks
Published on February 19, 2013 by Akashma Online News
By David E. Sanger
The New York Times
On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyber warriors.=
The building off Datong Road is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence -confirmed by U.S. intelligence officials who say they have tapped into the activity of the unit for years – leaves little doubt that an overwhelming percentage of attacks on U.S. corporations, organizations and government agencies originate in and around the white tower.
A 60-page study to be released by the U.S. security firm Mandiant tracks for the first time individual members of the most sophisticated of the hacking groups-known to many of its victims as “Comment Crew” or “Shanghai Group” – to the doorsteps of the military unit’s headquarters.-
The computer security firm Mandiant provided an advance copy of its report, saying hoped to “bring visibility to the issues addressed.” New York Times reporters then tested the conclusion with others experts inside and outside government. (Mandiant was hired by The New York Times Co. to investigate a Chinese-origin attack on its news operations, but concluded it was not the work of Comment Crew, but another group. The firm is not currently working for The Times.)
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about of thousands of people generating attacks from this neighborhood.”
Other firms that have tracked “Comment Crew” say they also believe the group is state-sponsored, and a recent classified National Intelligence Estimate, issue as a consensus document for all 16 U.S. Intelligence agencies, makes a strong case that many of these groups are either run by army officers or are contractors working for commands like Unite 61398.
While Comment Crew has drained terabytes of data from companies like Coca-Cola, increasingly its focus is on companies involved in physical and virtual infrastructure electrical power grids, gas lines, waterworks and government and corporate databases. According to the security researchers, one target was a company with remote access to more than 60 percent of oil and gas pipelines in North America.
Contacted Monday, Chinese officials in Washington said their government does not engage in computer hacking, and that such activity is illegal. They described China itself as victim of hacking, and note that other are many hacking groups in the United States. But in recent years the Chinese attacks have grown significantly, security researchers say. Mandiant has detected more than 140 Comment Crew intrusions since 2006.
“Right now there is no incentive for the Chinese to stop doing this,” Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee, said in an interview. “If we don’t create a high price, it’s only going to keep accelerating.”
The White House said it was “aware” of the report, and Tommy Vietor, the spokesman for the National Security Council, said, “We have repeatedly raised our concerns..with senior Chinese officials, including in the military, and we will continue to do so.”
Under a directive signed by President Barack Obama last week, the government plans to share with American Internet providers-starting today-information it has gathered about the unique digital signature of the largest of the hacking groups, including Comment Crew and other emanating from near where Unit 61398
While the warnings will not explicitly link those groups or their giant computer servers to the Chinese army, U.S. officials say they are planning to tel China’s new leaders in coming weeks that the volume and sophistication of the attacks have become so intense that they threaten the relation between Washington and Beijing.
The U.S. government also has cyber warriors. But officials insist they operate under strict, if classified, rules that bar using offensive weapons for nonmilitary purposes or stealing corporate data.