CHINA MILITARY UNIT ‘BEHIND PROLIFIC HACKING’

BBC News on February 19, 2013, reported that a secretive branch of China’s military is probably one of the world’s “most prolific cyber espionage groups”, a US cyber security firm has said. Excerpts below:

The firm, Mandiant, said Unit 61398 was believed to have “systematically stolen hundreds of terabytes of data” from at least 141 organisations around the world.

The White House said it has taken its concerns about cyber-theft to the highest levels of China’s government.

—

In an indication of the military sensitivity around the Shanghai site, the BBC’s John Sudworth and his camera crew were briefly detained by soldiers when they went to film the facility. They were only released once they had handed over their footage.

In its unusually detailed report, US-based computer security company Mandiant said it had investigated hundreds of data breaches since 2004, most of which it attributed to what it termed “Advanced Persistent Threat” actors.

The scale of the Chinese hacking alleged by the computer security firm Mandiant is striking. Until now the bulk of this hacking has been a digital version of old-fashioned industrial espionage – stealing designs and company secrets.

But there is a more sinister side to this activity as well. Chinese hackers are alleged to have a growing interest in gaining access to key parts of the US infrastructure – gas lines, power grids and waterworks. President Barack Obama himself warned during his recent State of the Union address that the nature of the cyber threat was changing.

Gaining access to critical systems is the key. Once inside the digital perimeter – especially if the intrusion is not identified, there is the possibility of causing real physical damage to the infrastructure that the computers control.

The details it had uncovered, it said, “convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them”.

—

The firm said it had traced the hacking activities of APT1 to the site of 12-storey building in the Pudong area of Shanghai. It said that Unit 61398 of the People’s Liberation Army “is also located in precisely the same area” and that the actors had similar “missions, capabilities and resources”.

—

Among the findings about APT1 in the report were that it:
• is staffed by hundreds, possibly thousands, of proficient English speakers with advanced computer security and networking skills
• has hacked into 141 companies across 20 industries, 87% based in English-speaking countries, and is able to steal from dozens of networks simultaneously
• has stolen hundreds of terabytes of information including blueprints, business plans, pricing documents, user credentials, emails and contact lists
• stayed inside hacked networks for an average of 356 days, with the longest lasting 1,764 days
• targeted industries identified by China as strategically important under its Five Year Plan for economic growth
Unit 61398 has for some time been suspected by the US of being central to China’s cyber espionage programme, the New York Times reports.

—

Several governments, foreign companies and organisations have said in the past they suspect China of carrying out extensive cyber espionage over periods of several years.

—