Chinese military is behind hacking attacks

[W.G.Ewald]

i doubt china cyber-warfare is capable as the US. US afterall invent internet, and is still the top techonlogical/information country in the world.

It does not follow that US has greater cyberwarfare capability than China, even if Al Gore invented the internet.

 

[W.G.Ewald]

Mandiant Report on Chinese Hackers is Not News But Its Approach Is - Forbes

News? No. It was simply another layer of evidence that cyber activists/hackers/criminals/agents/whatever have been stealthily conducting cyber reconnaissance missions, infecting computers with malware, exfiltrating data, and in general, being bad guys. In 2011, Dmitri Alperovitch, then vice president of Threat Research for McAfee, authored a report about Shady RAT (Remote Access Tool), the malware that had been used by Chinese cybercriminals to exfiltrate data from a broad cross-section of organizations over a 2-5 year period — undetected. Alperovitch broke new ground when he included a table of more than 70 companies, organizations, and government agencies from around the globe that had been compromised. It included the U.N., the International Olympic Committee, and numerous U.S. entities. Now, that was news.

 

[cinoti]

Mandiant Report on Chinese Hackers is Not News But Its Approach Is - Forbes

A Cliche way to ask for money, Obama cut a lot, now China is at your service, and Hollywood style story is maladroit and naively laughable. Any decent country will put a hacker center in a building? US is the only country with a headquarter of network safety, isn't it?

Believe what you believe, I still believe Santa by the way.

 

[W.G.Ewald]

Mandiant Fends Off Hackers Along With Haters -- Daily Intelligencer

Before last month, only the biggest geeks working in corporate IT departments and law-enforcement agencies had ever heard of Mandiant, an Alexandria, Virginia–based cybersecurity firm that helps companies identify and respond to security breaches on their computer networks.

That all changed when the New York Times began a series on Chinese computer hackers, first detailing attacks on its own servers and naming Mandiant as the firm it hired to repel them, and then publishing details of Mandiant's report that linked a wave of U.S. corporate hacks to a People's Liberation Army cyberespionage division called Unit 61398.

 

[W.G.Ewald]

Chinese Army Unit Is Seen as Tied to Hacking Against U.S

The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.

 

[W.G.Ewald]

A look at Mandiant, allegations on China hacking

[Video]

A private technology security firm described in extraordinary detail efforts it blamed on a Chinese military unit to hack into 141 businesses, mostly inside the U.S., and steal commercial secrets. China denies the claim. (Feb. 20)

[/Video]

 

[W.G.Ewald]

Mandiant's cybersecurity reputation grows - SFGate

Security firm Mandiant yesterday released a report, "APT1: Exposing One of China's Cyber Espionage Units" [PDF file], which details extensive research linking a group of hackers to a department within China's military.

"The group, known as the Comment Crew and APT1, operates out of a 12-story office tower in the Pudong New Area of Shanghai, and is said to be part of Unit 61398, a unit of the People's Liberation Army that has a staff of hundreds and perhaps thousands of hackers who have systematically stolen valuable data from U.S. firms since at least 2006 using the resources of state-owned enterprises, such as China Telecom, to conduct the attacks, according to Mandiant," writes Wired's Kim Zetter.

"In this three-year investigation, Mandiant documented Unit 61398 hacking into 141 companies (including 115 in the U.S.) across 20 industries, and stealing many terabytes of compressed data in sustained attacks averaging 356 days," write The Daily Beast's John Avlon and Sam Schlinkert. "The longest persistent attack documented by Mandiant lasted 4 years and 10 months. The largest recorded theft was 6.5 terabytes from a single company over 10 months."

"Other security firms that have tracked Comment Crew say they also believe the group is state-sponsored, and a recent classified National Intelligence Estimate, issued as a consensus document for all 16 of the United States intelligence agencies, makes a strong case that many of these hacking groups are either run by army officers or are contractors working for commands like Unit 61398, according to officials with knowledge of its classified content," write The New York Times' David E. Sanger, David Barboza and Nicole Perlroth.

"China's Foreign Ministry said on Tuesday the nation is firmly opposed to hacking, and has supported regulation to prevent cyberattacks. ... The country has also been the victim of hacking, with the number one origins for those attacks coming from the U.S., said ministry spokesman Hong Lei during a press conference," writes PCWorld's John Ribeiro. "'Cyber attacks are transnational and anonymous. It's very hard to trace the origins of the attacks. I don't know how this evidence in the relevant report is tenable,' he added."

 

[W.G.Ewald]

Mandiant China Report Questioned - Business Insider

What specific problems have you found with the Mandiant report?

The biggest problem, as I wrote in my blog, is that Mandiant's conclusions do not exclude other threat actors besides China. Nor do they eliminate the possibility that other foreign intelligence services are using China as a false flag to disguise their own cyber espionage operations. All they need to do is set up a business in Shanghai.

Were earlier reports from the New York Times and Bloomberg any more convincing?

Yes, the Bloomberg report clearly identified a person who works for the PLA however that doesn't mean that he was acting on behalf of the Chinese gov't. We have some individuals here in the U.S. with military and/or intelligence agency employment or past employment that have engaged in hacking attacks on their own. The U.S. gov't had nothing to do with it.

In the case of the New York Times hack, China should certainly be considered a suspect but the evidence doesn't rule out other less likely suspects. My argument in that case is that estimative language should be used rather than claiming beyond a doubt that it was China - unless of course you have hard evidence that you can take to the international criminal court which proves your case.

Here's my article on the NY Times hack and the problems that I had with it.

Mandiant say they have tracked the hacking to a PLA building in Shanghai, which sounds pretty incriminating for the Chinese military. Are you not convinced by this?

No, because they didn't do that. They traced IP addresses to a section of Shanghai which is the center of China's economic and financial growth and which has over 5 million people. They never traced it to that building.

Is there a bias towards blaming the Chinese government/military in hacking cases?

Absolutely - especially with Mandiant. They've written often that when the use the term APT (Advanced Persistent Threat) they are talking about China. See p. 2 of their most recent report as an example.

If so, what would you attribute this to?

It's become a self-fulfilling prophecy over the years. We look for China to be the villan through government-funded work such as the U.S.-China Security and Economic Review Commission and China makes matters worse by engaging in lots of intellectual property theft. There's no question that China is guilty of lots of cyber espionage, however so do many other countries. The latest NIE (National Intelligence Estimate) on cyber espionage blamed China along with Russia, Israel, and France according to the Washington Post. And I'm sure that the list is longer than that.

What other actors (state or non-state) would you suspect of beingb ehind attacks like those described in the Mandiant report?

Russia does a lot of cyber espionage. So does France, Israel, Germany, Taiwan, and other nations. So do U.S. companies for that matter.

How would you rate the likelihood that the Chinese government/military was involved in the attacks detailed by Mandiant?

To the APT1 group that Mandiant reported on? I would say little likelihood the the PLA was involved.

 

[W.G.Ewald]

Read the Mandiant APT1 Report. Now. - Forbes

If you are responsible for the IT security of your organization drop everything you are doing and read Mandiant's just published report APT1: Exposing One of China's Cyber Espionage Units. You will find the implications astounding and chilling.

 

[W.G.Ewald]

Mandiant Security Report: The Chinese are coming, The Chinese are coming

Yesterday's report by Mandiant outlining the activities of a group behind literally hundreds of APT attacks and tracking them back to a specific unit of the Chinese People's Liberation Army (PLA) was chilling. For me, they connected the dots so well that I don't doubt the conclusions of the report. Of course, China has denied these conclusions and any involvement in hacking activities. You should read the report and draw your own conclusions.

 

[W.G.Ewald]

Meet Mandiant, the company pulling the covers off alleged Chinese hackers - Network World

This week's exposing of a cybersecurity threat group linked to China's People's Liberation Army has thrust Mandiant, the source of a self-described "unprecedented report" and a video about the cyber-espionage campaign, into the security spotlight.

The company is no stranger to the public stage, weighing in frequently on headline-grabbing security incidents.

 

[Ray]

Rather unfortunate that China is always shown in bad light.

As if they are Lucifer!

Are they really behind all the mischief around the world?

 

[s002wjh]

Rather unfortunate that China is always shown in bad light.

As if they are Lucifer!

Are they really behind all the mischief around the world?

obvious a bias opinion, no doubt. if i only searching bad stuff about india, i could make the same argument.

 

[Ray]

obvious a bias opinion, no doubt. if i only searching bad stuff about india, i could make the same argument.

OK, so you feel China is behind all the mischief around the world!

Fine!

 

[nrupatunga]

US Officials downplay report on China hacking military secrets

U.S. officials on Tuesday attempted to downplay a new government report that found Chinese hackers gained access to some of the country's major weapons systems, saying the compromised information was of "lower sensitivity."

"They aren't building an F-35 in Beijing from what they got," a senior U.S. official told NBC News, declining to give any real specifics.

Designs for the advanced Patriot missile system, the Navy's Aegis ballistic missile defense, the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the F-35 Joint Strike Fighter were among the advanced U.S. weapons listed by the report as having been hacked.

 

[s002wjh]

its a bit easier to hack part of design, but the entire design of f-35, i doubt it. for starter each subsystem for the design is at different location, some are in closed server, its almost impossible to pass all firewall and steal the entire design.

 

[nrupatunga]

Chinese hacked Obama, McCain campaigns, took internal documents, US officials say

The U.S. secretly traced a massive cyberespionage operation against the 2008 presidential campaigns of Barack Obama and John McCain to hacking units backed by the People's Republic of China, prompting high level warnings to Chinese officials to stop such activities.

The disclosure on the eve of a two-day summit between the U.S. and Chinese presidents highlights what has become a persistent source of tension between the two global powers: Beijing's aggressive, orchestrated campaign to pierce America's national security armor at any weak point – in this case the computers and laptops of top campaign aides and advisers who received high-level briefings.

In retrospect, the attack seems simple. It was delivered by a "phishing" email – outlining the "agenda" for an upcoming meeting — that circulated among top staffers and contained a zip file attachment with "malware," a hidden malicious virus.

But it was no ordinary virus, said Alan Brill, the senior managing director of Kroll Solutions. The malware was "as sophisticated as anything we had seen" and was part of what he called "an infection chain" that replicated itself throughout the Obama campaign's computer system. It also was designed to stay buried in the computers for months, if not years, he said.

In one incident that caused concern among U.S. intelligence officials, the Chinese hackers appeared to have gotten access to private correspondence between McCain, then the GOP presidential candidate, and Ma Ying-jeou, the newly elected president of Taiwan. On July 25, 2008, McCain had signed a personal letter — drafted on campaign computers — pledging his support for the U.S. –Taiwanese relationship and Ma's efforts to modernize the country's military.

But before the letter had even been delivered, a top McCain foreign policy adviser got a phone call from a senior Chinese diplomat in Washington complaining about the correspondence. "He was putting me on notice that they knew this was going on," said Randall Schriver, a former State Department official who was serving as a top McCain adviser on Asian policy.

Previous warnings to the Chinese about cyberattacks have been brushed off. The 2008 attacks, for example, prompted U.S. intelligence officials to sternly warn the Chinese that they had "crossed the line," says one former senior U.S. official who was directly involved in the investigation.

"We told them we knew what they were up to – and that this had gone too far," said the former official. Chinese officials listened politely and denied they had anything to do with the attacks on the campaign, the former official said.

 

[TrueSpirit]

chinese-military-behind-hacking-attacks

There is nothing new in this revelation.

The Chinese are masters of industrial espionage, IP theft & unauthorized reverse-engineering. The Chinese do not deny that & take pride in the fact that they are the masters of the game when it comes to "organized theft & IP-stealing" in violation of all global norms.

Kleptomania is an epidemic afflicting all Chinese institutions/individuals alike. No Big Deal there.