China fires back at hacking claims

[SajeevJino]

China fires back at hacking claims: '144,000 hacks a month, mostly from US' ​

In a fresh round of cyberwarfare accusations, the Chinese Defense Ministry said two of the country's major military sites endured about 144,000 hacking attacks a month last year, two-thirds of which originated in the United States.

"The Defense Ministry and China Military Online websites have faced a serious threat from hacking attacks since they were established, and the number of hacks has risen steadily in recent years," ministry spokesperson Geng Yansheng said Thursday.

"According to the IP addresses, the Defense Ministry and China Military Online websites were, in 2012, hacked on average from overseas 144,000 times a month, of which attacks from the US accounted for 62.9 percent," he added.

The Chinese official also said that the US has been unhelpful in efforts at international cooperation against hacking: "We hope that the US side can explain and clarify this."

Earlier this month, US security firm Mandiant said that the Chinese military were likely behind a large number of hacking attacks against US targets. Mandiant claimed that the Shanghai-based Unit 61398 of the People's Liberation Army was the driving force behind the hacking; China has denied the allegations.

The war of words comes as the US ramps up its cybersecurity and cyber-attack capabilities. Earlier, numerous US officials claimed that Chinese hackers were a major threat to both national security and US commercial interests.

Some experts believe the US is exploiting the rhetoric of China as a cyber-threat as part of its mounting rivalry with the ascendant Asian nation.

"I think what we're looking at is part of this Obama pivot to focus on China and to paint China as a new military threat to the world," geopolitical analyst William Engdahl told RT. "It's a demonization of China."

So far, the only public case of cyber-weapons being used for geopolitical ends is the alleged attack by American and Israeli hackers on an Iranian uranium enrichment facility. While neither nation has officially acknowledged using the Stuxnet virus to damage centrifuges at the Natanz plant, the so-called 'Olympic Games' operation was widely reported by international media, citing anonymous government sources.


China fires back at hacking claims: '144,000 hacks a month, mostly from US' — RT News

 

[SajeevJino]

Here comes the Uncle with his latest game-pad..watch your deck China

 

[asianobserve]

If the targets are only Chinese Ministry of Defense website then I seriously doubt it's Unkel behind these attacks. I think those are only amateur hackers based in the US. The American military will not lunch cyber attacks on China soon, except if Chinese military hackers seriously up the ante by crippling key American infrastructures.

 

[amoy]

If the targets are only Chinese Ministry of Defense website then I seriously doubt it's Unkel behind these attacks. I think those are only amateur hackers based in the US. The American military will not lunch cyber attacks on China soon, except if Chinese military hackers seriously up the ante by crippling key American infrastructures.

The same applicable in response to Mandiant's accusation - Amateurs doing the dirty jobs against American targets

 

[asianobserve]

The same applicable in response to Mandiant's accusation - Amateurs doing the dirty jobs against American targets

You're conveniently leaving out the fact that Mandiant has pinpointed the specific PLA unit and area in China where the attacks are coming from...

 

[amoy]

You're conveniently leaving out the fact that Mandiant has pinpointed the exact area in China where the attacks are coming from... I'm sure the PLA has already sanitised the place and maybe will invite foreign reporters to see it?

So easily located and identified? Then still unsophisticated amateurs

 

[asianobserve]

Here's a recent article from MIT Review on the Chinese hacking group:

Unmasked, but Unfazed—Chinese Hacking Group Is Still Active
By Tom Simonite on March 1, 2013


The computer hacking group accused last week of being part of a specific unit of the Chinese military is apparently unfazed by the public attention triggered by a detailed report on its activities published by the security firm Mandiant. Another researcher tracking the group says that most of the infrastructure it had in place to carry out attacks remains in place.

"They shut down some of the infrastructure, but not much," says Jaime Blasco, director of labs at security company AlienVault, who had been tracking the same group for several years. Blasco says that many of the group's command-and-control servers—computers that act as relays between an attacker and the software placed inside a victim company—are still in place, and apparently active. "The group will not change much, because it works—they have been using the same infrastructure for years," he says.

A spokesperson for Mandiant turned down a request to speak about the company's latest information on the activity of the group (which is known as Advanced Persistent Threat 1, or APT1), saying only that some command-and-control servers had been seen to go offline.

Mandiant's 60-page report was the most detailed public allegation yet that the Chinese military infiltrates companies in the U.S. and elsewhere. Other companies have made similar claims, but Mandiant, based in Washington, D.C., identified a specific army unit and even a specific office building in Shanghai's suburbs as the origins of numerous attacks. Senator Dianne Feinstein, chair of the Senate Intelligence Committee, told MSNBC that the report was "essentially correct."

Chinese officials have denied any link to what Mandiant and others have uncovered about the group, and all previous accusations of similar activity, such as those made by Google after it was breached by attackers looking for the e-mail accounts of Chinese dissidents (see "Google Reveals China Espionage Efforts").

Aviv Raff, chief technology officer of Israeli security company Seculert, says that it wouldn't be surprising for the group Mandiant calls APT1 to continue as usual despite the headlines about them. Some of their attacks and techniques had already been described publicly, he says. "I think this specific group doesn't really care; we heard about these attacks for a long time," says Raff.

A brazen response by attackers to the public discovery and detection of their technology and tactics is not unheard of. An attack known as Mahdi, discovered by researchers at Seculert and elsewhere last August (see "Bungling Cyber Spy Stalks Iran"), remains active, says Raff.

However, more sophisticated—if less prolific—groups believed to be backed by nation-states have been seen to change tactics after being exposed. "Red October went down quickly after it became public knowledge," says Raff, referring to a large and apparently long-running campaign uncovered by Russian security firm Kaspersky in January and tracked by Seculert.

Sykipot, a campaign even more sophisticated than APT1 that targeted the U.S. defense sector and is also believed to originate in China, has since gone quiet, says Blasco, who tracked it closely. "It has been out for three to four years, and they have been adding new features and command and control infrastructure," he says. "I lost the trail six months ago, and most of the command-and-control servers we knew are down."


Chinese Hacking and Cyber Spying Group APT1 Exposed by Mandiant Likely Still Active Despite Report on Its Stealing Secrets from U.S. Companies | MIT Technology Review

 

[asianobserve]

And it is not only US that's complaining...

Companies like defense giant EADS or steelmaker ThyssenKrupp have become the targets of hacker attacks from China. The digitial espionage is creating a problem for relations between Berlin and Beijing, but Chancellor Angela Merkel has shied away from taking firm action.

Digital Spying Burdens German Relations with Beijing - SPIEGEL ONLINE

 

[Ray]

Hack, hack and now Smack?

 

[asianobserve]

So easily located and identified? Then still unsophisticated amateurs

Maybe because these amateur American hackers are unorganised and scattered around America... unlike Unit 61398.

 

[asianobserve]

More on the Der Spiegel article:

Seventy Percent of German Companies Under Threat

"Seventy percent of all major German companies are threatened or affected" by cyber attacks, Stefan Kaller, the head of the department in charge of cyber security at the German Interior Ministry, said at the European Police Congress last week. The attacks have become so intense that the otherwise reserved German government is now openly discussing the culprits. "The overwhelming number of attacks on government agencies that are detected in Germany stem from Chinese sources," Kaller said at the meeting. But the Germans still lack definitive proof of who is behind the cyber attacks.

The hackers' tracks lead to three major Chinese cities: Beijing, Shanghai and Guangzhou. And from Germany's perspective, they point to a Unit 61398, which was identified in a report by the US cyber security company Mandiant last week.

Interesting that German intelligence has traced the hackings to the same PLA unit identified by Mandiant...

 

[SajeevJino]

US Hackers 'Regularly Attack' China Websites​

China says two of its military websites have been hacked almost 5,000 times a day - mainly from the United States.Hackers based mainly in the United States attacked two Chinese military websites an average of 144,000 times a month last year, Beijing claims.

The report steps up a war of words between the two countries, after a US security company said that a Chinese military unit was behind a series of hacking attacks on US firms.

Now China's ministry spokesman Geng Yansheng said the sites for the Defence Ministry and China Military Online, a People's Liberation Army news webpage, have been hacked relentlessly.

He said about 62% of the attacks came from the US, adding that the number of hacking assaults on military websites "has risen steadily in recent years".

"The Defence Ministry and China Military Online websites were hacked from overseas on average 144,000 times a month in 2012," he said on the ministry's website.

Mr Geng did say which entities the alleged attacks originated from.

Last week, a report from US security firm Mandiant said a unit of China's People's Liberation Army had stolen hundreds of terabytes of data from at least 141 organisations, mostly based in the US.


The Shanghai building said to be China's hacking HQ

Mandiant identified an unassuming 12-storey building in a suburb of Shanghai as the possible headquarters of a global hacking operation said to be run by the Chinese military.

But China's defence ministry responded by saying Mandiant's report had "no factual basis".

And a front page article in China's People's Daily, the mouthpiece of the ruling Communist Party, accused the US of "fanning fear of China".

"America keeps labelling China as hackers, simply playing up the rhetoric of the 'China threat' in cyberspace, providing new justification for America's strategy of containing China," the front page article said.

It added: "Even those with little understanding of the internet know that hacking attacks are transnational and concealable.

"IP addresses simply do not constitute sufficient evidence to confirm the origins of hackers."

Mr Geng has also called on US officials to "explain and clarify" what he said were recent US media reports that Washington would carry out "pre-emptive" cyber attacks and expand its online warfare capabilities.

Such efforts are "not conducive to the joint efforts of the international community to enhance network security," he said.

Hacking accusations have strained ties between Washington and Beijing, with US State Department spokeswoman Victoria Nuland saying this month that hacking comes up "in virtually every meeting we have with Chinese officials".

Last month the New York Times and other American media outlets reported they had come under hacking attacks from China, and a US congressional report last year named the country as "the most threatening actor in cyberspace".

China has called the charges groundless and state media have accused Washington of making China a scapegoat to deflect attention from US economic problems.


US Hackers 'Regularly Attack' China Websites

 

[asianobserve]

Australian Central Bank Hacked by China Malware, AFR Says
By Joe Schneider - Mar 11, 2013
Bloomberg

The Reserve Bank of Australia was repeatedly and successfully hacked in a series of cyber-attacks with malicious software developed in China, the Australian Financial Review reported.

Australia's central bank has responded by hiring a private security firm to carry out penetration testing, or authorized hacking of its computer networks, to assess its security, the newspaper said.

Central bank computers were infiltrated by a Chinese- developed software designed to collect information on sensitive G20 negotiations, the newspaper said, citing RBA officials it didn't identify. The RBA declined to comment on today's AFR report.

The RBA said in a December Freedom of Information disclosure that several of its staff, including senior management, were targeted by "malicious" e-mails on Nov. 17, 2011. The malware was an Internet URL link to a zip file containing a trojan -- a hidden program -- which at the time wasn't detectable by the bank's anti-virus scanners, the bank said. Six users had accessed the URL link, the bank documents show.

The malicious e-mail "included a legitimate e-mail signature and plausible subject title and content," the bank said. "As the e-mail had no attachments, it bypassed existing security controls."


Australian Central Bank Hacked by China Malware, AFR Says - Bloomberg

 

[satish007]

US main source of cyberattacks against China|Politics|chinadaily.com.cn
hina was subject to an increasing number of cyberattacks in the first two months of this year, with more than half launched from the United States, China's Internet security watchdog said.

In the past two months, 6,747 overseas servers were found to use Trojans or botnets to control nearly 1.9 million mainframes in China. Among them, 2,194 servers located in the United States had controlled 1.287 million mainframes, making it the largest point of origin of cyberattacks against China, the National Computer Network Emergency Response Coordination Center said on Sunday.

More than 11,000 Chinese websites were hacked by 5,324 mainframe computers from overseas in January and February using the backdoor method, with more than 3,500 websites hacked by 1,959 mainframe computers in the United States. Some 132 mainframe computers located in Japan controlled 473 websites.

Ninety-six percent of phishing sites targeting Chinese e-commerce users were running on foreign servers, with US-based servers hosting 73.1 percent, the Chinese computer emergency response center affiliated to the Ministry of Industry and Information Technology said.

The popular news portals China.com.cn, People.com.cn and Tibet.cn have all been victims of attacks from foreign Internet Protocol addresses in the past two months, the report said.

A total of 85 websites of public institutions and companies were hacked from September 2012 to February, including government agencies, a provincial examination authority, a property insurance company and a virus research facility in Central China, according to the report.

It noted that attacks on 39 of those websites were recorded from IPs within the United States.

From November to January, the China National Vulnerability Database also recorded 5,792 hacking attempts from US IP addresses, the report said.

US accusations

Last month, the US cybersecurity firm Mandiant released a report alleging that a secret Chinese military unit in Shanghai was behind years of cyberattacks against US companies.

It said Chinese cyberspies infiltrated overseas networks and stole massive amounts of data from US companies and other entities.

The report was followed by criticism from Western media of hacking by China, saying that their computer networks were targeted by cyberattacks originating from China and backed by the government or military.

Foreign Minister Yang Jiechi on Saturday said "cyberspace needs rules and cooperation, not war", adding that China is vulnerable to cyberattacks.

"The international community is closely interconnected on the Internet, therefore cyberspace needs rules and cooperation, not war," Yang said at a news conference held on the sidelines of the national legislature's annual session.

"We oppose turning cyberspace into another battlefield, or to capitalize on virtual reality to interfere in other countries' internal affairs," he said.

China always advocates a peaceful, secure, open and cooperative cyberspace and supports relevant international rules under the framework of the United Nations and proposes concrete initiatives, Yang said.

"We hope irresponsible rebuke or criticism (against China) will end," the foreign minister said.

Defense Ministry has also refuted the accusations from the US.

The US government's "pre-emptive" policy against attacks by expanding its cyberwar force and setting rules on cyberwar, exposed by the American media, will not be constructive in promoting cybersecurity among the international community, Geng Yansheng, ministry spokesman, said on Feb 28.

Chinese military websites were attacked an average 144,000 times a month in 2012 by foreign hackers, with 62.9 percent from the US, he said.

"China has been a major victim of cyberattacks for years, and the Chinese government is strongly against hacking behaviors and will crack down on hacking in -----------------------
mainframe, American veterans like mainframe, all computer guys elder than 50 are in US, poor Chinese, they have no idea about mainframe, hard to defense.

 

[W.G.Ewald]

Maybe because these amateur American hackers are unorganised and scattered around America... unlike Unit 61398.

I have no evidence to support such a statement, but I believe amateur American hackers would as likely attack US corporations as Chinese or other foreign targets.

 

[asianobserve]

I have no evidence to support such a statement, but I believe amateur American hackers would as likely attack US corporations as Chinese or other foreign targets.

Well right now no corporation is bigger than China. So if I'm one of those anti-establishment hackers China would be a natural target for me...

 

[asianobserve]

US main source of cyberattacks against China|Politics|chinadaily.com.cn

Tell me my friend, which Chinese trade or industrial secret was stolen by American hackers? Do you see a pattern of Chinese design copying on new American consumer and military equipments?

This stupid Chinese claim is just what it is, stupid. It does not add up. It has no believable motive - what can American do with the accounts of millions of users of Chinese e-comers websites users? Stole their money? How about in defacing Chinese Government websites or Chinese news companies websites? If you ask me these are indeed true then this are mere acts of vandalism.

 

[ice berg]

Tell me my friend, which Chinese trade or industrial secret was stolen by American hackers? Do you see a pattern of Chinese design copying on new American consumer and military equipments?

This stupid Chinese claim is just what it is, stupid. It does not add up. It has no believable motive - what can American do with the accounts of millions of users of Chinese e-comers websites users? Stole their money? How about in defacing Chinese Government websites or Chinese news companies websites? If you ask me these are indeed true then this are mere acts of vandalism.

No matter what you think, industrial espionage is not invented by the chinese. If you think that only the chinese do that, then you are living in a bubble world.

 

[asianobserve]

No matter what you think, industrial espionage is not invented by the chinese. If you think that only the chinese do that, then you are living in a bubble world.

I think some Chinese has been stealing other Chinese's trade secrets longer than the existence of America, you are after all a 3 millinia civilization... But what's happening now is a stealing on a massive scale of other people's hard work.

 

[satish007]

Tell me my friend, which Chinese trade or industrial secret was stolen by American hackers?.

we have many military secrets, such as our nuke weapons very poor or J20 actually another junk, nobody known. American broke into, and disappointed.
"what's the fxxxk junk they have" and leave.
but that's not mean they did not hack, the just can not find good enough stuff.
anyway, they do not waste time, at least they have left a lot of backdoors so that they can easy break into again.