Home | Politics | China military linked to hacking attacks

China military linked to hacking attacks

image
A US company has accused a Chinese military intelligence unit in Shanghai of conducting a huge cyber espionage campaign against western companies, in the most specific allegations that the People’s Liberation Army sponsors hacking.

 

 

 

By Kathrin Hille in Beijing and Patti Waldmeir in Shanghai

 

 

 

 

 

 

 

 

A US company has accused a Chinese military intelligence unit in Shanghai of conducting a huge cyber espionage campaign against western companies, in the most specific allegations that the People’s Liberation Army sponsors hacking.

 

Mandiant, a Washington-based cyber security group, said APT1 – a group of hackers it observed attacking at least 141 companies in the US and 15 other countries over the past seven years – was in fact a PLA group called Unit 61398.

 

 

In a report, Mandiant said the Chinese military unit was “similar to APT1 in its mission, capabilities, and resources”. It added that the group was located in the same area where APT1 activity appears to originate.

 

The accusation follows a string of recent announcements by US media groups that they had been hacked from China. The most recent spate of incidents is part of a rise in reports of cyber attacks over the past few years.

 

In recent years, cyber warfare experts have repeatedly identified Chinese hackers as the most likely perpetrators of such attacks. They have cited evidence such as IP addresses in China and the detection of software strands or tools in malware common only in China. They have also highlighted signs that some code used in the attacks was made on systems running the kind of simplified characters used to write Chinese on the mainland.

 

Previous analyses have also claimed that the Chinese government or military was likely sponsoring many cyber attacks, a view shared by the US government. But past assessments have been more cautious in linking particular PLA units to specific attacks because the PLA’s secrecy makes it difficult to find evidence for how it conducts information warfare.

 

The Chinese government and military insist they do not hack. But last year, a PLA newspaper said a “Blue Team” had been created to defend against cyber attacks.

 

Information gathered from military publications, university websites, local state media and other public sources show that the PLA operates cyber militias and that several PLA units overseen by the general staff department perform tasks related to cyber warfare.

 

Cyber attacks are anonymous and transnational and it is hard to trace the origin of attacks

 

In 2011, Project 2049 Institute, a US think-tank focused on Asia, said Unit 61398 was responsible for “targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence”.

 

However, the Mandiant report is the first to suggest that a particular group of hackers is part of that unit.

 

The 12-storey building identified in the report is located in a Shanghai suburb near one of the city’s main ports. On Tuesday, a uniformed soldier guarded the main gate to the building and the larger complex where it stands, which is surrounded by a wall decorated with posters depicting PLA soldiers helping members of the general public or engaged in peacekeeping activities.

 

The complex is marked with a sign that says “restricted military area – no photography” in both English and Chinese. When a foreign photographer attempted to snap a photo there on Tuesday afternoon, several unformed soldiers surrounded him and ushered him into the military area for questioning. 

 

Across the street from the military complex is a kindergarten attached to Unit 61398, which is accused of conducting the hacking. A workman running electrical wire at the kindergarten said, when asked about the building, that he did not know anything about it, then added “are you a spy?” Mothers picking up children from the kindergarten declined to be interviewed.

 

The complex where the building stands is about the size of square city block and is surrounded by a fence about 8 feet high. Two large satellite dishes sit on top of the building.

 

Mandiant’s main argument for establishing the link is that the APT1 hacker group to which it traced the attacks operates predominantly on four large telecom networks in Shanghai, two of which serve the Pudong district where Unit 61398 is located.

 

Pudong is a huge district of Shanghai with a population of millions. Apart from Unit 61398, it is also home to the Shanghai branch of the Institute of Computing Technology at the Chinese Academy of Sciences.

 

As online threats race up national security agendas and governments look at ways of protecting their national infrastructures a cyber arms race is causing concern to the developed world

 

Mandiant said one of three APT1 hackers it identified used a password that could be read as an acronym for the military unit’s name. It also highlighted information on the internet in Chinese which suggests that the military is hiring IT experts with the kind of English language proficiency needed for information warfare.

 

Mandiant said the scale of the attacks from one group in China left little doubt who was behind them, but said there could be “one other unlikely possibility”. It said that was the existence of a secret organisation of Chinese speakers with “direct access to Shanghai-based telecommunications infrastructure [that] is engaged in a multiyear, enterprise scale computer espionage campaign right outside of Unit 61398’s gates”.

 

The Chinese government rejected the allegations on Tuesday. “Cyber attacks are anonymous and transnational and it is hard to trace the origin of attacks, so I don’t know how the findings of the report are credible,” said Hong Lei, a foreign ministry spokesman. 

 

Mr Hong added that China was frequently a victim of cyber attacks, most of which originated in the US. 

 

China’s defence ministry repeated its default statement that hacking is illegal in China, that the country is one of the world’s main targets of cyber attacks and that the PLA had never supported hacking attacks.

 

“Allegations that the Chinese military engages in hacking are unprofessional and inaccurate,” it said on Tuesday.

 

Copyright The Financial Times Limited 2013. 

 

Subscribe to comments feed Comments (0 posted)

total: | displaying:

Post your comment

  • Bold
  • Italic
  • Underline
  • Quote

Please enter the code you see in the image:

Captcha
Share this article
Rate this article
0