U.S. firm blames Chinese army unit for hacking American businesses

 

McClatchy Newspapers

A U.S. cyber-security firm has publicly accused the Chinese military of carrying out a series of Internet-based attacks on American and foreign companies in a one of the most detailed reports to date alleging such activity is officially condoned in China.

Alexandria, Va.-based Mandiant said that it tracked a People’s Liberation Army organization, known as Unit 61398, that since 2006 launched online attacks against at least 141 companies and organizations.

Of those 141 targets, 115 were in the United States, according to Mendiant’s 74-page report. “The activity we have directly observed likely represents only a small fraction of the cyber espionage,” the report said.

“Our research and observations indicate that the Communist Party of China … is tasking the Chinese People’s Liberation Army … to commit systematic cyber espionage and data theft against organizations around the world,” the report said.

The accusations seem certain to further stoke tensions between Washington and Beijing in what has become on one side a mounting body of allegations and evidence that hacking is being condoned, if not directed, by Beijing and, on the other side, continued denials from China.

In a regularly scheduled press briefing on Tuesday, the Chinese Foreign Ministry again denied official Chinese involvement in online hacking activity and pointed out that China is itself regularly subjected to such attacks.

While not citing China specifically, President Barack Obama said in his State of the Union address on Feb. 12 that, “America must also face the rapidly growing threat from cyber-attacks.”

“Our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems,” Obama said in the address. “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”

The Mandiant report identified one of the buildings from which Unit 61398 works in Shanghai and provided Google Earth images of the white, 12-floor structure. Mandiant distributed a copy of what it said was a China Telecom memorandum saying the state-owned company provided Unit 61398 with special fiber optic lines.

It also identified Unit 61398’s place within the Chinese military’s command structure: the second bureau of the general staff’s third department, which has a focus including signals intelligence and cyber surveillance.

Mandiant, which contracts with corporations to help protect their computer systems from hackers, said that it had analyzed the group’s intrusions through painstaking examination of electronic clues left behind in the wake of attacks.

While not naming specific cases, Mandiant said that its investigators sifted for digitial “fingerprints” such as Internet protocol addresses and information gleaned from the e-mail addresses used to launch “spearphishing” notes that carry attachments that, when clicked, allow access to a user’s computer. Those attachments contain dense code that may carry language identifying them as the work of a particular programmer or group.

Mandiant, which cited its “unique vantage point responding to victims,” issued a video showing what it said was screen footage of a member of the group setting up anonymous e-mail accounts that were used for “spearphishing.” The video also recorded a group member allegedly breaking into computer systems online and stealing files.

The industries targeted by Unit 61398, the report said, are consistent with those that China has marked as being strategically important to its growth. Mandiant did not identify the companies affected, but said they were from a broad range of sectors including aerospace, energy, telecommunications and scientific research.

Among the types of information stolen, the report said, were system designs, manufacturing procedures, contract negotiation positions and business plans.

The Mandiant document, which was first reported by The New York Times, said with obvious derision that besides Unit 61398, there was only one other possible culprit: “A secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure engaged in a multi-year, enterprise scale computer espionage campaign right outside of Unit 61398’s gates.”

Email: tlasseter@mcclatchydc.com; Twitter: @tomlasseter

Read more World Wires stories from the Miami Herald

  •  
FILE - In this file photo taken July 22, 2011 a Delta Air Lines jet takes off at the Detroit Metropolitan Airport in Romulus, Mich. Delta Air Lines on Tuesday, July 22, 2014 canceled all flights to Israel until further notice, citing reports that a rocket landed near Tel Aviv's Ben Gurion Airport.

    In international flight, volatile conflicts abound

    In Libya, militias armed with shoulder-launched missiles are battling for control of the country's main airport. In Africa, the entire Sahel region is awash with weapons that include portable air defense systems leftover from the ouster of Moammar Gadhafi.

  • 100 candidates vie for Iraq presidency in sign system is out of control

    Iraq’s parliament will meet Wednesday to elect a new president, a crucial step toward naming a new prime minister and government, but questions are growing about whether anyone can save the country after the collapse of its army and the loss of as much as half its territory to the radical Islamic State.

  • Physician detained for defaming Ecuador president

    Authorities in Ecuador say prominent physician Carlos Figueroa has been detained near Quito and sent to prison to serve a six-month sentence for defaming President Rafael Correa.

Miami Herald

Join the
Discussion

The Miami Herald is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere on the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

The Miami Herald uses Facebook's commenting system. You need to log in with a Facebook account in order to comment. If you have questions about commenting with your Facebook account, click here.

Have a news tip? You can send it anonymously. Click here to send us your tip - or - consider joining the Public Insight Network and become a source for The Miami Herald and el Nuevo Herald.

Hide Comments

This affects comments on all stories.

Cancel OK

  • Marketplace

Today's Circulars

  • Quick Job Search

Enter Keyword(s) Enter City Select a State Select a Category