China's PLA controls hackers: US IT security firm

Feb 19, 2013 by Veronika Oleksyn
China's army controls some of the most prolific hackers in the world, according to a new report Tuesday by an Internet security firm that traced a host of cyberattacks to an anonymous building in Shanghai.

China's army controls hundreds if not thousands of virulent and cutting-edge hackers, according to a report Tuesday by a US Internet security firm that traced a host of cyberattacks to an anonymous building in Shanghai.

Mandiant said its hundreds of investigations showed that groups hacking into US newspapers, government agencies, and companies "are based primarily in China and that the Chinese government is aware of them".

The 74-page report focused on one group, which it called "APT1" from the initials "Advanced Persistent Threat". The New York Times, citing experts, said the group was targeting crucial infrastructure such as the US energy grid.

"We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support," Mandiant said.

The group, it said, was believed to be a branch of the People's Liberation Army called Unit 61398, and digital signatures from its cyberattacks were traced back to the direct vicinity of a nondescript, 12-story building on the outskirts of Shanghai.

"We believe the totality of the evidence we provide in this document bolsters the claim that APT1 is Unit 61398," it said, estimating it is "staffed by hundreds, and perhaps thousands of people".

China's defence ministry said its army had never supported any kind of hacking activity.

"Not only are reports that China's army has been involved in hacking unprofessional, they do not fit with the facts," the ministry said in a statement to AFP.

"Hacking attacks are a global problem. Like other countries, China also faces the threat of hacking attacks, and is one of the main countries falling victim to hacking attacks."

The country's foreign ministry rejected "groundless accusations" of Chinese involvement in hacking and said China was itself a major victim, with most overseas cyberattacks against it originating in the US.

A series of brazen IT attacks on America's most high-profile media outlets, reported by The New York Times and the Wall Street Journal, as well as on Twitter and others, have revived concerns over Chinese hackers.

The Times said hackers stole corporate passwords and accessed the personal computers of 53 employees after the newspaper published a report on the family fortune of China's Premier Wen Jiabao.

Clients including The Times have hired Mandiant to clean up their systems after cyberattacks.

In its report, Mandiant alleged that APT1—known also as "Comment Crew" for its practice of planting viruses on the comment sections of websites—has stolen hundreds of terabytes of data from at least 141 organisations spanning 20 industries.

The Times, which was given early access to the report, said the researchers had found that the Comment Crew was increasingly focused on companies involved in US infrastructure, including in its electrical power grid, gas lines and water works.

One target, the newspaper reported, was a company with remote access to more than 60 percent of oil and gas pipelines in North America.

In his recent State of the Union address, US President Barack Obama said the potential ability of outsiders to manipulate critical US infrastructure was a major concern.

"We know foreign countries and companies swipe our corporate secrets," Obama said.

"Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."

The building pinpointed as the hacking HQ sits in Shanghai's northern suburb of Gaoqiao, near a petrochemical complex and surrounded by small shops.

There is no name plate outside, but framed posters showing soldiers are displayed on a high wall surrounding the complex, while the Chinese PLA's symbol of a red star is mounted over the main door of the building.

One soldier in camouflage uniform stood at the main gate Tuesday, an AFP correspondent saw. Another wearing a PLA overcoat was stationed in the guard house, close to a sign reading "No photography" in both English and Chinese.

Explore further: Twitpic to stay alive with new owner

add to favorites email to friend print save as pdf

Related Stories

China Communist paper rejects hacking allegations

Feb 04, 2013

The official mouthpiece of China's ruling Communist Party on Monday roundly rejected claims of hacking attacks from China by American media outlets, hinting instead at ulterior motives by the US.

Claims of hacking New York Times 'groundless': China

Jan 31, 2013

China on Thursday dismissed accusations that it had hacked into the system of the New York Times, in a cyberattack the paper linked to its expose of the wealth amassed by the family of Premier Wen Jiabao. ...

NY Times says Chinese hacked paper's computers (Update)

Jan 31, 2013

Chinese hackers repeatedly penetrated The New York Times' computer systems over the past four months, stealing reporters' passwords and hunting for files on an investigation into the wealth amassed by the family of a top ...

Hacking incidents ignite fears over China

Feb 02, 2013

A series of brazen cyberattacks on America's most high-profile media outlets has revived concerns over Chinese hackers, who analysts say are likely linked to the secretive Beijing government.

Recommended for you

Facebook dressed down over 'real names' policy

Sep 17, 2014

Facebook says it temporarily restored hundreds of deleted profiles of self-described drag queens and others, but declined to change a policy requiring account holders to use their real names rather than drag names such as ...

Yelp to pay US fine for child privacy violation

Sep 17, 2014

Online ratings operator Yelp agreed to pay $450,000 to settle US charges that it illegally collected data on children, in violation of privacy laws, officials said Wednesday.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

alfie_null
not rated yet Feb 19, 2013
No link to the report.
From TFA, how reliable are Mandiant's assessments? If I had the resources of a fairly wealthy government, I'd take a few more steps to be covert. Maybe Mandiant is really good. Or maybe the Chinese government doesn't care. Or something else? Occam's razor.
gwrede
5 / 5 (1) Feb 19, 2013
China's army controls hundreds if not thousands of virulent and cutting-edge hackers
What's a Virulent Hacker?

But more seriously, if even American news media know the exact building, then we can only imagine what CIA, NSA and others know. It appears this is just another inscrutable tangle of politics and espionage, where hardly anybody can know what's fact and what's fiction. Not to mention the parts we're never told.

A tongue in cheek calculation on what would be "fair" is below:

Based on the article itself, it seems reasonable to assume that more electronic hacking and spying of China by the Americans is happening than of the US by the Chinese. Now, what would be a "fair" ratio? Even numbers? Or should it be by population? China has four times more people, so one could say that "fair" is four times more espionage by them.