US Firm Links Chinese Army to Cyber Attacks
by William Gallo February 19, 2013
A U.S.-based Internet security group is accusing the Chinese government of involvement in a sophisticated campaign of cyber attacks against American businesses, government and critical infrastructure.
A 60-page report released Tuesday by Mandiant details dozens of attacks by a prolific, China-based hacker group it says is using 'direct government support' to wage a 'long-running and extensive cyber espionage campaign.'
Mandiant says the group, referred to as APT1, has stolen massive amounts of data from nearly 150 organizations, mostly located in the United States, since 2006. It does not name the targets, but says they span 20 major industries, ranging from IT to financial services.
It says it has traced the activities of the group to a Shanghai neighborhood surrounding the headquarters of the People's Liberation Army's secretive unit 61398, which Internet security analysts previously linked to cyber attacks.
Chinese Government Reacts
China's foreign ministry spokesperson Hong Lei strongly denied the accusations at a regular briefing Tuesday.
'Hacker attacks are an international problem and should be dealt with based on mutual trust and international cooperation,' he said. 'It is neither professional nor responsible to make groundless accusations without hard evidence. It is also not conducive to settling the relevant problem.'
When asked about the building Mandiant says is likely responsible for the hacking attempts, Hong said he does not see how the evidence is credible, given the difficulty in tracing the origin of cyber attacks. He also returned the accusation, pointing to a Chinese study that claims the U.S. is the source of most cyber attacks in China.
China has long been viewed as a major source of global hacking attempts. But Mandiant, like many other IT firms, has been reluctant to directly accuse the Chinese government of overseeing cyber attacks. Now, the group says it has acquired evidence to change its mind, saying 'It is time to acknowledge the threat is originating in China.'
The Virginia-based company says its seven-year investigation revealed that more than 90 percent of APT1's cyber attacks originated from the neighborhood of the 12-story PLA building. Although it could not trace the attacks directly to the facility in Shanghai's Pudong district, it argued it is extremely unlikely the Chinese military would be unaware that hundreds of attackers were operating so closely to its grounds.
Recent Hacking Attempts Revive Concerns
A series of recent China-based hacking attempts on high-profile U.S. media outlets, including the New York Times and Wall Street Journal, have revived concerns about Chinese cyber espionage. U.S. officials have increasingly warned of the threat, but some say Washington has not done enough to discourage the attacks.
Asia security analyst Wendell Minnick tells VOA that he was not surprised by the report. He says there is little incentive for China to discourage computer espionage activity originating from inside its borders.
'There's no reason for (the Chinese) to behave themselves. They're a hungry nation and they want to win. And, they want to dominate,' says Minnick.
The Tuesday report said Chinese hackers such as APT1 have traditionally focused on stealing information like technology blueprints, manufacturing processes and other information from foreign companies.
But Mandiant says APT1 recently has become more focused on attacking U.S. infrastructure, such as companies that control electrical power grids, gas lines and other utilities.
Washington this year increased the size of its own cyber security force by more than 4,000 people - up from the current 900. Defense Secretary Leon Panetta recently warned of the vulnerability of critical U.S. infrastructure, saying America faces the possibility of a 'cyber Pearl Harbor' attack in the future.
|Join the GlobalSecurity.org mailing list|