China spends massively on cyberspying, US Congress told

Mar 20, 2013 by Rob Lever
A man walks past a building alleged, in a report on February 19, 2013 by the Internet security firm Mandiant, to be the base of a Chinese military-led hacking group in Shanghai. China is pouring massive amounts of money and resources into cyberattacks aimed at stealing business secrets, security researchers have told a congressional panel.

China is pouring massive amounts of money and resources into cyberattacks aimed at stealing business secrets, security researchers told a congressional panel.

Cyberattacks purported to come from China, a topic which has drawn the attention of US President and other top officials, are part of "an extensive effort to pilfer intellectual property," said Kevin Mandia, head of the Mandiant.

"It's been supported monetarily," said Mandia, whose firm released a report earlier this year linking the People's Liberation Army to a long-running cyber campaign.

"It would take thousands of people, thousands of systems... the mere infrastructure alone, and the time, and duration and scope of this effort to steal our secrets has gone on for so long that there's a large amount of investment in it."

Mandia told a hearing of the Senate Armed Services Committee that "based on that investment, it's hard to conclude anything other than that there's an advantage being gained from that investment."

Richard Bejtlich, Mandiant's chief security officer, said the army unit identified in the report is "just one element of a large campaign."

Graphic showing reported attacks by an alleged Chinese government-backed cyber espionage group dubbed APT1, according to a report by US security firm Mandiant.

"There are other teams working in other cities in other parts of the country that, in some cases, target other areas of the economy," he added.

Based on the firm's investigation, "We can say with confidence that they're Chinese units... I would say they're at least government sanctioned. We can't say for sure these other units, whether they are uniform-wearing military or if they're contractors or if they're outsourced third parties."

Mandia said the methods of the attacks suggest clear economic goals.

"These attacks are against companies," he said. "They're not against individuals at the highest levels. It's to steal corporate secrets; it's not individual secrets, necessarily."

He added that most of the attacks are carried out by luring people to open infected emails which allow outsiders access to networks.

"But they are not targeting an individual at home. And it's very clear to us after responding to Chinese intrusions for nearly 15 years now in my career, the attacks do follow a rule of engagement," he said.

"I've never witnessed Chinese intruders—other than breach the confidentiality of your documents, I've never seen them change things."

Obama earlier this month pledged "some pretty tough talk" with China and added that "we've made it very clear to China and some other state actors that, you know, we expect them to follow international norms and abide by international rules."

China has consistently denied the charges, and also claimed that it was a victim of such attacks.

In its report, alleged that APT1—known also as "Comment Crew" for its practice of planting viruses on the comment sections of websites—has stolen hundreds of terabytes of data from at least 141 organizations spanning 20 industries.

Explore further: Fitbit to Schumer: We don't sell personal data

add to favorites email to friend print save as pdf

Related Stories

US, China trade charges on cyberattacks

Feb 19, 2013

The United States and China on Tuesday traded charges over cyberattacks after a security firm alleged that Beijing controled hackers who have penetrated the US government, companies and media.

China's PLA controls hackers: US IT security firm

Feb 19, 2013

China's army controls hundreds if not thousands of virulent and cutting-edge hackers, according to a report Tuesday by a US Internet security firm that traced a host of cyberattacks to an anonymous building ...

Recommended for you

Fitbit to Schumer: We don't sell personal data

8 hours ago

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

12 hours ago

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

13 hours ago

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

13 hours ago

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

Google to help boost Greece's tourism industry

Aug 21, 2014

Internet giant Google will offer management courses to 3,000 tourism businesses on the island of Crete as part of an initiative to promote the sector in Greece, industry union Sete said on Thursday.

Music site SoundCloud to start paying artists

Aug 21, 2014

SoundCloud said Thursday that it will start paying artists and record companies whose music is played on the popular streaming site, a move that will bring it in line with competitors such as YouTube and Spotify.

User comments : 0