Tag Archives: China

Courtesy of AP Photo The building housing “Unit 61398” of the People’s Liberation Army is seen in the outskirts of Shanghai, Tuesday Feb. 19, 2013. Cyberattacks that stole information from 141 targets in the U.S. and other countries have been traced to the Chinese military unit in the building, a U.S. security firm alleged Tuesday. According to the report by the Virginia-based Mandiant Corp., it has traced the massive amount of hacking back to the 12-story office building run by “Unit 61398”, and that the attacks targeted key industries including military contractors and companies that control energy grids. China dismissed the report as “groundless.” Courtesy of AP Photo

Cyberattacks that stole massive amounts of information from military contractors, energy companies and other key industries in the U.S. and elsewhere have been traced to the doorstep of a Chinese military unit, a U.S. security firm has alleged.

China‘s Foreign Ministry dismissed the report as “groundless,” and the Defense Ministry denied any involvement in hacking attacks.

China has frequently been accused of hacking, but the report by Virginia-based Mandiant Corp. contains some of the most extensive and detailed accusations to date linking its military to a wave of cyberspying against U.S. and other foreign companies and government agencies.

Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a drab, white 12-story office building run by “Unit 61398” of the People’s Liberation Army.

The unit “has systematically stolen hundreds of terabytes of data from at least 141 organizations,” Mandiant wrote. By comparison, the U.S. Library of Congress 2006-2010 Twitter archive of about 170 billion tweets totals 133.2 terabytes.

“From our observations, it is one of the most prolific cyberespionage groups in terms of the sheer quantity of information stolen,” the company said. It added that the unit has been in operation since at least 2006.

Mandiant said it decided that revealing the results of its investigation was worth the risk of the hackers changing their tactics and becoming even more difficult to trace.

“It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,” it said.

In a statement faxed to The Associated Press, the Defense Ministry firmly rejected any involvement in hacking, saying Chinese law forbids all activities harming Internet security.

“The Chinese government has always firmly combated such activities and the Chinese military has never supported any form of hacking activity,” the ministry said. “Statements to the effect that the Chinese military takes part in Internet attacks are unprofessional and are not in accordance with the facts.”

Chinese Foreign Ministry spokesman Hong Lei did not directly address the claims, but when questioned on the report, he said he doubted the evidence would withstand scrutiny.

“To make groundless accusations based on some rough material is neither responsible nor professional,” Hong told reporters at a regularly scheduled news conference.

Reiterating a standard China government response on hacking claims, Hong said China itself is a major victim of such crimes, including attacks originating in the United States.

“As of now, the cyberattacks and cybercrimes China has suffered are rising rapidly every year,” Hong said.

Mandiant’s methodology used in the investigation was sound, said Massimo Cotrozzi, managing director of KCS Group, a London-based international cyber investigation consulting firm that was not involved in Mandiant’s research.

“No one as yet has provided the world conclusive evidence of a link between the Chinese military and the attacks. This report is the nearest thing to conclusive evidence that I have seen,” Cotrozzi said.

Mandiant said its findings led it to alter the conclusion of a 2010 report it wrote on Chinese hacking, in which it said it was not possible to determine the extent of government knowledge of such activities.

“The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them,” the company said in a summary of its latest report.

It said the hacking was traced to the 2nd Bureau of the People’s Liberation Army General Staff’s 3rd Department, most commonly known as unit 61398, in the Shanghai suburbs.

News of the report spread on the Chinese Internet, with many commentators calling it an excuse for the U.S. to impose greater restrictions to contain China‘s growing technological prowess.

Graham Cluley, a British cybersecurity expert who was not involved in Mandiant’s research, said people in the computer industry believe China‘s government is behind such attacks but have been unable to confirm the source.
“None of us would be very surprised or be uncomfortable saying we strongly suspect the Chinese authorities are involved in spying this way,” said Cluley, a senior technology consultant for security firm Sophos in Britain.

“I think we are seeing a steady escalation” of sophistication in hacking, Cluley said. “This is really the new era of cybercrime. We’ve moved from kids in their bedroom and financially motivated crime to state-sponsored cybercrime, which is interested in stealing secrets and getting military or commercial advantage.”

Associated Press writers Gillian Wong and Joe McDonald contributed to this report.

US Security Firm Alleges Massive Chinese Hack | DFI News.

ShutterstockWhite House officials are revealing details of President Barack Obama’s initial plans for protecting the computer networks of crucial American industries from cyberattacks.

Their description of Obama’s executive order was planned for Wednesday, a day after the president signed it. The announcement was also coming hours after the president urged Congress in his annual State of the Union address to pass legislation taking even tougher steps.

In his speech, Obama said America’s enemies are “seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”

He added, “Now, Congress must act as well by passing legislation to give our government a greater capacity to secure our networks and deter attacks.”

On Tuesday, senior administration officials said Obama’s order starts the development of voluntary standards to protect the computer systems that run critical sectors of the economy like the banking, power and transportation industries. It also directs U.S. defense and intelligence agencies to share classified threat data with those companies.

Obama’s executive order has been months in the making and is the product of often-difficult negotiations with private sector companies that oppose any increased government regulation.

While largely symbolic, the plan leaves several practical questions unanswered:

  • Should a business be required to tell the government if it’s been hacked and U.S. interests are at stake?
  • Can a person sue her bank or water treatment facility if those companies don’t take reasonable steps to protect her?
  • If a private company’s systems are breached, should the government swoop in to stop the attacks — and pick up the tab?

Under the president’s new order, the National Institute of Standards and Technology has a year to finalize a package of voluntary standards and procedures that will help companies address their cybersecurity risks. The package must include flexible, performance-based and cost-effective steps that critical infrastructure companies can take to identify the risks to their networks and systems and ways they can manage those risks.

There also must be incentives the government can use to encourage companies to meet the standards, and the Pentagon will have four months to recommend whether cybersecurity standards should be considered when the department makes contracting decisions.

The order also calls for agencies to review their existing regulations to determine whether the rules adequately address cybersecurity risks.

Congress has been struggling for more than three years to reach a consensus on cybersecurity legislation. Given that failure and the escalating risks to critical systems, Obama turned to the order as a stopgap measure with the hope that lawmakers will be able to pass a bill this year. Leaders of the House Intelligence Committee said they plan to reintroduce their bill that encourages the government to share classified threat information, empowers companies to also share data and provides privacy and liability protections.

The process has exposed how difficult and complex the issue is, turning the long-awaited executive order into a bureaucratic scramble aimed at showing countries like China and Iran that the U.S. takes seriously the protection of business secrets. It has been an intensive effort by White House staff and industry lobbyists wary of government intervention but fearful about their bottom line.

The cyberthreat to the U.S. has been heavily debated since the 1990s, when much of American commerce shifted online and critical systems began to rely increasingly on networked computers.

White House Reveals Obama’s Cybersecurity Plan | DFI News.

ShutterstockA new intelligence assessment has concluded that the United States is the target of a massive, sustained cyber-espionage campaign that is threatening the country’s economic competitiveness, according to individuals familiar with the report.

The National Intelligence Estimate identifies China as the country most aggressively seeking to penetrate the computer systems of American businesses and institutions to gain access to data that could be used for economic gain.

The report, which represents the consensus view of the U.S. intelligence community, describes a wide range of sectors that have been the focus of hacking over the past five years, including energy, finance, information technology, aerospace and automotives, according to the individuals familiar with the report, who spoke on the condition of anonymity about the classified document. The assessment does not quantify the financial impact of the espionage, but outside experts have estimated it in the tens of billions of dollars.

Cyber-espionage, which was once viewed as a concern mainly by U.S. intelligence and the military, is increasingly seen as a direct threat to the nation’s economic interests.

US, Target of Massive Cyber-espionage Campaign | DFI News.

Courtesy of Petar Kujundzio/Reuters

The New York Times published an article in October about the wealth of the family of China‘s prime minister, Wen Jiabao, in both English and Chinese. Courtesy of Petar Kujundzio/Reuters

For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees.

After surreptitiously tracking the intruders to study their movements and help erect better defenses to block them, The Times and computer security experts have expelled the attackers and kept them from breaking back in.

The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, 2013, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.

Hackers in China Have been Attacking The Times | DFI News.

There are a lot of hard working software developers in the world who are dedicated to their job and their employers. They show up to work every day and get their assignments done. This story is not about one of those developers but a person, who instead, got others in China to do his job.

This week, the Verizon security blog tells the story of a man they call “Bob”, a developer at an unnamed “critical infrastructure company”. Apparently this company called in Verizon sometime in 2012 when they noticed some odd VPN logs that had connections in China. The connections were centered on “Bob’s” workstation.

The computer forensic team examined the evidence and discovered that “Bob” was outsourcing all of his work to Chinese software teams and paying them a fraction of his six figure salary to do so. That meant he could come to work and basically goof off; the Verizon blog states that “Bob’s” real daily schedule of work consisted of him going to Reddit and eBay and watching cat videos like this one:

Obviously, this kind of activity (or non-activity, if you think about it that way) did not sit well with the unnamed company and they fired “Bob”. He now has loads of time to go to Reddit and search for cat videos to watch; he’s just not using company resources and money for it anymore.

Developer outsourced his own job to China; watched cat videos before getting fired.