China Has Found A Brutally Simple Way To Steal Corporate Secrets Read

W.G.Ewald

Defence Professionals/ DFI member of 2
Professional
Joined
Sep 28, 2011
Messages
14,139
Likes
8,594
China Has Found A Brutally Simple Way To Steal Corporate Secrets

Mandiant Report Chinese Hacking - Business Insider

Report by Mandiant is linked to article.

Beijing has long been suspected of espionage costing global corporations billions of dollars — such as when a hacking incident at Lockheed Martin was followed by the appearance of suspiciously familiar Chinese jets — though it was hard to find evidence.
 
Last edited:

s002wjh

Senior Member
Joined
Jul 9, 2009
Messages
1,271
Likes
153
Country flag
Re: China Has Found A Brutally Simple Way To Steal Corporate Secrets

well i can goto google type f35, and get bunch pictures, build something look similar, but don't have the capabilities of f35. but its entirelly different matter to steal entire design of F35, espeically those design are in a close network server ;)
 

W.G.Ewald

Defence Professionals/ DFI member of 2
Professional
Joined
Sep 28, 2011
Messages
14,139
Likes
8,594
Re: China Has Found A Brutally Simple Way To Steal Corporate Secrets

well i can goto google type f35, and get bunch pictures, build something look similar, but don't have the capabilities of f35. but its entirelly different matter to steal entire design of F35, espeically those design are in a close network server ;)
That may be, but what is important is what is in the Mandiant Report.

Mandiant APT1 Report

I recommend you read it. I will try to link to PDF or post as text in a subsequent post.
 

W.G.Ewald

Defence Professionals/ DFI member of 2
Professional
Joined
Sep 28, 2011
Messages
14,139
Likes
8,594
Re: China Has Found A Brutally Simple Way To Steal Corporate Secrets

Unfortunately, to download Mandiant APT 1 Report requires FaceBook login. :-(
 

W.G.Ewald

Defence Professionals/ DFI member of 2
Professional
Joined
Sep 28, 2011
Messages
14,139
Likes
8,594
Re: China Has Found A Brutally Simple Way To Steal Corporate Secrets

The Chinese army appears to be conducting cyberhacking and espionage against large U.S. corporations, according to an extensive report from computer security firm Mandiant.

The report even identifies the unit and the building behind the cyberwar.

Beijing has long been suspected of espionage costing global corporations billions of dollars — such as when a hacking incident at Lockheed Martin was followed by the appearance of suspiciously familiar Chinese jets — though it was hard to find evidence.

Indeed, it makes sense that China, in its breakneck push to become a world power, would use all available technology to catch the west.

Following Mandiant's 75-page report, however, the cyberwar is all but official.

We have distilled the alarming report and posted it below.

According to Mandiant, what China's hacking program coordinators do is seek students with outstanding English skills who are handpicked for "Advanced Persistent Threat" training (APT). The APT teams are broken down into groups and divided among locations in and around Shanghai, universities, commercial corridors, and largely innocuous places.

Wherever they go, each team is assigned a Military Unit Cover Designator (MUCD). The MUCD is a five-digit number by which the unit, its people, its location, and its work is referred to. The designation makes the teams more difficult to isolate and track.

MUCDs report all the way up to the Chinese equivalent to the Joint Chiefs of Staff, according to Mandiant. That implies this practice is part of China's overt military policy against foreign nations.

Mandiant offers an example of the type of expertise required:

Covert communications
English linguistics
Operating system internals
Digital signal processing
Network security

The needs are then broken down further into Profession Codes — such as 080902 for Circuits & Systems — Required Proficiencies — such as 101 for political, 201 for English, etc.

With hundreds or thousands of these teams lined up, the Chinese start phishing for passwords, according to Mandiant. The teams have refined and perfected dialogue, slang, and responses that appear nearly seamless to the colleagues they're trying to impersonate. In the beginning it all looks just like this:

Date: Wed, 18 Apr 2012 06:31:41 -0700
From: Kevin Mandia <[email protected]>
Subject: Internal Discussion on the Press Release


Hello;

Shall we schedule a time to meet next week

We need to finalize the press release.

Details click here.



Kevin Mandia

Victims who click that link will download a malicious ZIP file named Internal_Discussion_Press_Release_In_Next_Week8.zip, which contains a custom APT1 backdoor called WEBC2-TABLE.

Happening on such a large scale, these attacks presumably have government support. Mandiant writes: "The sheer scale and duration of these sustained attacks leave little doubt about the enterprise scale of the organization behind this campaign."

Not surprisingly, China is denying the report.

Chinese Foreign Ministry spokesman Hong Lei told reporters on Tuesday:

"To make groundless accusations based on some rough material is neither responsible nor professional."

Mandiant says it felt compelled to expose this hack despite possibly compromising its ability to collect information. Here's why:

"The decision to publish a significant part of our intelligence about Unit 61398 was a painstaking one. What started as a "what if" discussion about our traditional non-disclosure policy quickly turned into the realization that the positive impact resulting from our decision to expose APT1 outweighed the risk to our ability to collect intelligence on this particular APT group.

It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively. The issue of attribution has always been a missing link in publicly understanding the landscape of APT cyber espionage. Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns.

We hope that this report will lead to increased understanding and coordinated action in countering APT network breaches. At the same time, there are downsides to publishing all of this information publicly. Many of the techniques and, technologies described in this report are vastly more effective when attackers are not aware of them.

Additionally, publishing certain kinds of indicators dramatically shortens their lifespan. When Unit 61398 changes their techniques after reading this report, they will undoubtedly force us to work harder to continue tracking them with such accuracy. It is our sincere hope, however, that this report can temporarily increase the costs of Unit 61398's operations and impede their progress in a meaningful way. We are acutely aware of the risk this report poses for us. We expect reprisals from China as well as an onslaught of criticism."

Below this Mandiant APT1 Report are a couple of photos and a list of the hardest hit English-speaking industries.
Read more: Mandiant Report Chinese Hacking - Business Insider

Personally I have disbelieved the accusations on DFI about Chinese copying of technology. Now they are more believable to me.
 

Latest Replies

Global Defence

Articles

Top