In recent years, a number of intrusions into major US firms and IT companies have led many to worry that a full-fledged cyberwar is gearing up between China and the US. After the most recent intrusions into such companies as Microsoft, Twitter, Facebook, the New York Times and Bloomberg, it seems abundantly clear that those responsible were committed, qualified, and knew what they were doing.
Unfortunately, a recent report filed by Mandiant, the web security firm that began investigating the hacking that took place into the New York Times database, has only made things worse still. After months of going over the digital fingerprints left by the hackers, they have determined that a single party was responsible for it and all the other major intrusions. In their official report, Mandiant named Unit 61398, a hacking force within the PLA, have been stealing terabytes from data from the US since 2006.
Located on the outskirts of Shanghai, Unit 61398 occupied a 12-storey building in a financial and banking area known as the Pudong district. From the outside, the building looks fairly normal, sitting in the middle of a residential area and without any visible signs of extra security aside from a big red star and a sign saying that the area is a restricted military zone.What lies inside, however, is the subject of much speculation and rumor.
Apparently, the unit is composed of thousands of people that are knowledgeable in the areas of networking and programming, but who are also adept at speaking English. The teams, the report claims, are put together by targeting students who excel at speaking English, and sending them into training programs. This results in hackers who can mimic colloquial English language, passing off as nothing out of the ordinary, then launching attacks on a system’s security.
Naturally, China’s Defense Ministry denied the reports of a government-backed hacking unit and said Mandiant’s accusations were unprofessional. Similarly, a spokesperson for the Chinese Foreign Ministry, Hong Lei, said that China has similar reports suggesting that the United States is responsible for the same crime of hacking and information theft in China.
So if I understand this correctly, we have two countries accusing each other of using cyber-attack squads. Could we be looking at a full-blown game of cloak and dagger, played out online, here?
However, the Chinese government aren’t the only ones decrying Mandiant’s report. Taia Global, another computer security firm, claimed that the Mandiant report suffered from “critical analytic flaws.” Though China could be the source of the breaches, they claimed, other origins have not yet been explored enough, such as the possibility that other hacker groups are responsible and have been using China as a cover.
The company also stated that Mandiant never actually pinned down that specific 12-story building that Unit 61398 resides in, but rather traced IP addresses to the Pudong District of Shanghai in which said building is located.
And on top of all that, there are those who’ve expressed doubts about the wisdom of releasing this report. By letting the public know who was behind the attack, are they not ensuring that said party will alter their tactics from here on in? Perhaps in response, Mandiant was also sure to express their objective in releasing the report, claiming it was done in an effort to “arm and prepare” security experts in the face of the supposed threat.
If they are correct, we should be seeing less activity out of Unit 61398 in the near future. If they are not, and someone truly was using a location in Pudong to cover their intrusions, we can expect that too to taper off. In the end, all we know for sure is that this round in the war appears to be over. And after all those engaged catch their breath, we can expect another to begin.Source: CBC News – “Unit 61398: Chinese cyberspies” Source: Extreme Tech – “Single Chinese hacking unit responsible for stealing terabytes of data from hundreds of organizations, says US security firm”
- Security group suspects Chinese military behind hacking attacks… (reuters.com)
- Chinese Army Hackers Are Trying to Bring Down U.S. Infrastructure, After All (theatlanticwire.com)
- IT giants admit to being hacked by China (chinadailymail.com)