Firm traces huge cyberattacks against U.S. to Chinese Army
BEIJING (AP) - Cyberattacks that stole massive amounts of information from military contractors, energy companies and other key industries in the U.S. and elsewhere have been traced to the doorstep of a Chinese military unit, a U.S. security firm alleged Tuesday.
China's Foreign Ministry dismissed the report as "groundless," and the Defense Ministry denied any involvement in hacking attacks.
China has frequently been accused of hacking, but the report by Virginia-based Mandiant Corp. contains some of the most extensive and detailed accusations to date linking its military to a wave of cyberspying against U.S. and other foreign companies and government agencies.
Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a drab, white 12-story office building run by "Unit 61398" of the People's Liberation Army.
The unit "has systematically stolen hundreds of terabytes of data from at least 141 organizations," Mandiant wrote. By comparison, the U.S. Library of Congress 2006-2010 Twitter archive of about 170 billion tweets totals 133.2 terabytes.
"From our observations, it is one of the most prolific cyberespionage groups in terms of the sheer quantity of information stolen," the company said. It added that the unit has been in operation since at least 2006.
Mandiant said it decided that revealing the results of its investigation was worth the risk of the hackers changing their tactics and becoming even more difficult to trace.
"It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively," it said.
In a statement faxed to The Associated Press, the Defense Ministry firmly rejected any involvement in hacking, saying Chinese law forbids all activities harming Internet security.
"The Chinese government has always firmly combated such activities and the Chinese military has never supported any form of hacking activity," the ministry said. "Statements to the effect that the Chinese military takes part in Internet attacks are unprofessional and are not in accordance with the facts."
Chinese Foreign Ministry spokesman Hong Lei did not directly address the claims, but when questioned on the report Tuesday, he said he doubted the evidence would withstand scrutiny.
"To make groundless accusations based on some rough material is neither responsible nor professional," Hong told reporters at a regularly scheduled news conference.
Reiterating a standard China government response on hacking claims, Hong said China itself is a major victim of such crimes, including attacks originating in the United States.
"As of now, the cyberattacks and cybercrimes China has suffered are rising rapidly every year," Hong said.
Mandiant's methodology used in the investigation was sound, said Massimo Cotrozzi, managing director of KCS Group, a London-based international cyber investigation consulting firm that was not involved in Mandiant's research.
"No one as yet has provided the world conclusive evidence of a link between the Chinese military and the attacks. This report is the nearest thing to conclusive evidence that I have seen," Cotrozzi said.
Mandiant said its findings led it to alter the conclusion of a 2010 report it wrote on Chinese hacking, in which it said it was not possible to determine the extent of government knowledge of such activities.
"The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them," the company said in a summary of its latest report.
It said the hacking was traced to the 2nd Bureau of the People's Liberation Army General Staff's 3rd Department, most commonly known as unit 61398, in the Shanghai suburbs.
News of the report spread Tuesday on the Chinese Internet, with many commentators calling it an excuse for the U.S. to impose greater restrictions to contain China's growing technological prowess.
Graham Cluley, a British cybersecurity expert who was not involved in Mandiant's research, said people in the computer industry believe China's government is behind such attacks but have been unable to confirm the source.
"None of us would be very surprised or be uncomfortable saying we strongly suspect the Chinese authorities are involved in spying this way," said Cluley, a senior technology consultant for security firm Sophos in Britain.
"I think we are seeing a steady escalation" of sophistication in hacking, Cluley said. "This is really the new era of cybercrime. We've moved from kids in their bedroom and financially motivated crime to state-sponsored cybercrime, which is interested in stealing secrets and getting military or commercial advantage."
China's Foreign Ministry dismissed the report as "groundless," and the Defense Ministry denied any involvement in hacking attacks.
China has frequently been accused of hacking, but the report by Virginia-based Mandiant Corp. contains some of the most extensive and detailed accusations to date linking its military to a wave of cyberspying against U.S. and other foreign companies and government agencies.
Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a drab, white 12-story office building run by "Unit 61398" of the People's Liberation Army.
The unit "has systematically stolen hundreds of terabytes of data from at least 141 organizations," Mandiant wrote. By comparison, the U.S. Library of Congress 2006-2010 Twitter archive of about 170 billion tweets totals 133.2 terabytes.
"From our observations, it is one of the most prolific cyberespionage groups in terms of the sheer quantity of information stolen," the company said. It added that the unit has been in operation since at least 2006.
Mandiant said it decided that revealing the results of its investigation was worth the risk of the hackers changing their tactics and becoming even more difficult to trace.
"It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively," it said.
In a statement faxed to The Associated Press, the Defense Ministry firmly rejected any involvement in hacking, saying Chinese law forbids all activities harming Internet security.
"The Chinese government has always firmly combated such activities and the Chinese military has never supported any form of hacking activity," the ministry said. "Statements to the effect that the Chinese military takes part in Internet attacks are unprofessional and are not in accordance with the facts."
Chinese Foreign Ministry spokesman Hong Lei did not directly address the claims, but when questioned on the report Tuesday, he said he doubted the evidence would withstand scrutiny.
"To make groundless accusations based on some rough material is neither responsible nor professional," Hong told reporters at a regularly scheduled news conference.
Reiterating a standard China government response on hacking claims, Hong said China itself is a major victim of such crimes, including attacks originating in the United States.
"As of now, the cyberattacks and cybercrimes China has suffered are rising rapidly every year," Hong said.
Mandiant's methodology used in the investigation was sound, said Massimo Cotrozzi, managing director of KCS Group, a London-based international cyber investigation consulting firm that was not involved in Mandiant's research.
"No one as yet has provided the world conclusive evidence of a link between the Chinese military and the attacks. This report is the nearest thing to conclusive evidence that I have seen," Cotrozzi said.
Mandiant said its findings led it to alter the conclusion of a 2010 report it wrote on Chinese hacking, in which it said it was not possible to determine the extent of government knowledge of such activities.
"The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them," the company said in a summary of its latest report.
It said the hacking was traced to the 2nd Bureau of the People's Liberation Army General Staff's 3rd Department, most commonly known as unit 61398, in the Shanghai suburbs.
News of the report spread Tuesday on the Chinese Internet, with many commentators calling it an excuse for the U.S. to impose greater restrictions to contain China's growing technological prowess.
Graham Cluley, a British cybersecurity expert who was not involved in Mandiant's research, said people in the computer industry believe China's government is behind such attacks but have been unable to confirm the source.
"None of us would be very surprised or be uncomfortable saying we strongly suspect the Chinese authorities are involved in spying this way," said Cluley, a senior technology consultant for security firm Sophos in Britain.
"I think we are seeing a steady escalation" of sophistication in hacking, Cluley said. "This is really the new era of cybercrime. We've moved from kids in their bedroom and financially motivated crime to state-sponsored cybercrime, which is interested in stealing secrets and getting military or commercial advantage."
China owns America. Who do you think has absorbed the majority of our debt?? And the "Liberal" messiah has sold us out to them. Do you think fines and embargo's are going to deter the Chinese from continueing these cyber attacks. Think again......
Good way to start stopping this. Remove China from "most favored" trading status, then ban all import for 1 year for every count of hacking they can prove came from them. It will hurt their economy a lot more than ours. Wall-Mart and Target will just get their stuff from Indonesia for a while, and China will lose about 50% of their exports.
We should be preparing for war with China in the not too distant future. In fact, what they are doing with these cyber attacks are in fact an act of war. We are so foolish to consider cutting our military ahead of this threat.
I try to avoid purchasing Chinese made products but is is darn hard to do. Everyone likes to bash Walmart for selling so many Chinese made goods but look around at Costco, Target and other large retailers and the "Made In China" label is everywhere. I was at the grocery store the other day and every toothbrush was made in China. I'm willing to pay more for US made products but they are getting harder and harder to find.
We are doing the same thing to others too,so we don't come clean neither !Â
It seems fairly obvious that the Chinese government is just going to keep doing this until we make it too expensive for them to continue.
For example, China's "Most Favored Nation" status regularly gets rubber-stamped per World Trade Organization rules, but there must be some clause in the WTO treaties that allows exceptions for countries that commit such egregious levels of industrial espionage against other "trade partners."
@Sutekh, Yes, you would think so. Don't you just love how we can clearly show they hacked our systems and they still stick their noses up and say, "Oh no we didn't. You lie. But you hacked ours."
Our gutless wonders in government won't take them to task and use our knowledge for leverage. Â
A much better report from BBC, fairly in depth with additional sources linked;
http://www.bbc.co.uk/news/world-asia-china-21502088
Use this as a reason to set embargoes and heavy importation taxes. Start reducing our debt to them.
@SargeMcCÂ Toothless Tigers each of our politicians....
And this is news because?
@WindowseatBecause having a war with China is bad understand?
Ok, so now what is being done about it??
What a joke.lol And we aren't doing the same thing? Tyrannical government always spy and everyone they can, thats why our criminal congress passed the Patriot Act and NDAA. Time for us to actually become the first democracy thats ever existed and allow the voters to vote on all these bills.Â
So, at what point do we treat such acts of war as what they are, attacks, and actually DO something about them. I don't expect President Zero to do anything but vote "present," but someone should be doing something.
@RN1Â I get email spam from Nigeria... should we declare war on them too? - Or how about declaring war on Viagra... I deleted so much of that garbage from my spam folder this morning it was disgusting... of course it is my online shipping email address I use so I can't really expect much...
@Freespeech @RN1 Spam and junk-mail is one thing, electronic espionage and intellectual property theft and hacking systems that may put lives at risk are quite another.
@RN1Â When they no longer own over a trillion dollars worth of U.S. debt. The government lives in so much fear that China is going to decide to cash in, that they let them do whatever they want.
@JK15Â @RN1 Them owning our debt gives US as much leverage as it does THEM.
Why is Twatter being archived? Huge waste of data storage
@Lrry*x*KÂ The Library of Congress archives everything that's coyrighted--photos, comic books, romance novels, etc... Â It's been going on for a long time.Â
@Lrry*x*KÂ So that future generations can read about how much people loved their stupid dog, or how much teens hated schools, and other stupid crap. /sarcasm
Darn Commies at it again.
I don't care what the Chinese gov't says -- of course they are hacking into our computers, just like we are hacking into theirs. We just need to be smarter about it -- make it so they get false info, a virus, etc.Â
Sick man of the orient strikes again..............
@rnco Fu Manchu?
Of course the USA is not going to want to anger our red ally who up until recently was the main purchaser of our debt - keeping this country able to barrow money and keep spending away our futures.... sorry you cannot jump into the mud hole and not get yourself dirty... Chinese growing technological prowess ... yeah right ... they had a freeway overpass collapse in mainland china a few weeks back... I think before China worries about getting technological prowess they should try and learn more about construction and what happens when your contractors pocket money instead of using it to buy things like sufficient rebar re-enforcement ... just a suggestion!
They don't have to steal our technology it is made over there.
@Thepriest By made you mean reverse engineered right?Â
@Lrry*x*K @Thepriest Nope, it came in the box that most of our manufacturing jobs came in.
Some would consider this as an act of war....... those people would be absolutely correct. The United States has become a toothless Tiger pertaining to China and their scumbag leadership/military. Just try and buy something for your day to day household that doesn't come from that poo hole.... hard to do. :(
@Funky-Munky Correct, unfortunately.  People wonder why it is so much cheaper to buy Chinese-made goods...  why it is literally cheaper to ship materials to China, have an item made, then have it shipped clear across the world back to the U.S., instead of maintaining a manufacturing base and making it right here.  If the U.S. had large compounds that housed thousands of workers; paid slave-wages with no benefits and no unions; had no concern at all for human welfare;  and had no environmental regulations at all,then  maybe we could compete.  It is so sad what has happened to this country.
@belsnickles @Funky-Munky  Agreed....
@JK15Â You got it right.... thumbs up!
@Funky-Munky @belsnicklesThere are more and more people who are willing to pay a higher price for products made in the U.S. I take my son to a small toy store that has a lot of stuff made in the U.S. It's more expensive than Toys R Us, but at least the toys don't break in 10 minutes.Â
I think a lot of companies who do make their products in the United States are missing the boat. They should be plastering a huge American flag on the front with "Made in the U.S.A." in bold letter across the front of the packaging.Â
All the more reason to curtail the insane trade imbalance with this country.
Get a spine, U.S.
So we have enough teenage hackers here in the USA with nothing better to do than play video games and such. Why not put them to work hacking China's system. A little taste of their own medicine....
@Logical1Â Those video game kids started in my generation so most of the experienced hackers are in their 30s and 40s.
I'm not computer expect but I think it would be great if a website was hacked it would automatically send a virus back to that computer.
Proving yet again that China doesn't give a damn about how they attain technology, or who is harmed in the effort. Tell me again why they enjoy Most Favored Nation status with the US? It still amazes me that we continue that policy despite constant reminders that China will do what it wants when it wants to further its own political and economic agendas. Say what you want about the US establishing democracies around the globe or colonial imperialism (I think that's the right buzzword). Yeah, we've got our own problems but the US and EU are going to get steamrolled by China, and possibly Russia, because it's apparent they're only out for number 1. As far as they're concerned there are no rules, no dirty plays, no boundaries...whatever it takes to get what they want they'll do it.
Mike
@MikeCoomer Very well said; couldn't have said it better. However, I don't think that means we should shut the door (not that you implied that!). Knowing this and acknowledging it, we can negotiate who to proceed. The Chinese still represent a vast market for all countries of the world and is worth pursuing. Just do so very cautiously. In other words:forgive, but do not forget.
Perhaps it's time for an organized boycott of Chinese products.
@maddog Everyone in the U.S.A should practice trying to buy anything but Chinese..... sadly it's a difficult task! :(
Then there would be nothing to buy.
And the downside to that is???
@mstipton Sad, but true.  Also, I would guess that driving or flying in an airplane would be difficult, as so many parts are now manufactured there.  China, like it or not, has us in a stranglehold that it will be hard, if not impossible, to escape.
"groundless accusations based on rough materials"?Â
how about IP addresses?
Maybe it's time that somebody "hacked back". Not to infiltrate and take their data, but to destroy data and render their hardware useless.Â
China years ago opened up a bit, guessing the greed of global corporations would assure they were fed everything they need.
They guessed correctly.  What will come out of this report? Nothing. Nothing at all.
Correct me if I am wrong but I believe that the DNS root servers are still under US control. If they are lock China out of them and then they won't be doing anything on the internet. The United States invented and made the internet so we should be able to do what we want with it. Our money made it. Just my thought.
@Thepriest Not exactly. Yes, the foundations of the Internet were begun on the west coast but the net as we know it today is a collaborative effort of folks around the world. Beyond that, locking out an entire country like China would be virtually impossible. Where there's a will there's a way and China has proven time and again they'll get what they want and don't give a damn about rules or who get's hurt in the process.
Mike