Suivre ce blog Administration + Créer mon blog
1 avril 2015 3 01 /04 /avril /2015 16:35
Unit-61398 Chinese Army Cyberwarfare

Unit-61398 Chinese Army Cyberwarfare


March 31, 2015: Strategy Page


After years of denying any involvement in Cyber War or having organized units for that sort of thing, China suddenly admitted that it was all true. This was all laid out in the latest (March 2015) issue of a Chinese military publication (The Science of Military Strategy). This unclassified journal comes out about once a year and makes it possible for all Chinese military and political leaders to freely discuss new military strategies. The March edition went into a lot of detail about Chinese Cyber War operations. Most of these details were already known for those who could read Western media. Many details of Chinese Cyber War activities are published in the West, if only to warn as many organizations as possible of the nature and seriousness of the threat. Apparently the Chinese leadership decided that the secrecy about their Cyber War activities was being stripped away by foreigners anyway so why bother continuing to deny. Publish and take a victory lap.


Since the 1990s China has continued to expand its enormous Internet Army (as it is called in China). Not all these programs are successful. For example since 2011 there has been an effort to force companies to organize their Internet savvy employees into a cyber-militia and inspire these geeks to find ways to protect the firm's networks. But by 2013 it was clear this project was not turning out exactly as expected, as many of the volunteers had become successful, but unpopular, censors. It’s now widely accepted that one of the most annoying things for the new Chinese middle class is the censorship (especially on the Internet). The most annoying censorship is the online version that is carried out by paid and volunteer censors at your company or in your neighborhood. This use of “local activists” to control discussions and inform on possible troublemakers (or worse, like spies or criminals) is an old Chinese custom and one that was highly refined by the 20th century communists (first the Russians, who passed it on to their Chinese comrades). The old-school informer network suffered a lot of desertions and other damage during three decades of economic freedom. But the government has been diligent about rebuilding the informer and censor network online, where it’s easier for the busybodies to remain anonymous and safe from retribution. The on-line informers are also useful for keeping an eye on foreign businesses.


Internal and external espionage is one of the main reasons the Chinese government took an interest in the Internet back in the 1990s. This resulted in nearly two decades of effort to mobilize the Chinese people as an Internet army. It was in the late 1990s that the Chinese Defense Ministry established the "NET Force." This was initially a research organization, which was to measure China's vulnerability to attacks via the Internet. Soon this led to examining the vulnerability of other countries, especially the United States, Japan, and South Korea (all nations that were heavy Internet users). NET Force has continued to grow, aided by plenty of volunteers.


In 1999, NET Force organized an irregular civilian militia, the "Red Hackers Union" (RHU). These are several hundred thousand patriotic Chinese programmers and Internet engineers who wished to assist the motherland and put the hurt, via the Internet, on those who threaten or insult China. The RHU began spontaneously (in response to American bombs accidentally hitting the Chinese embassy in Serbia), but the government gradually assumed some control, without turning the voluntary organization into another bureaucracy. Various ministries have liaison officers who basically keep in touch with what the RHU is up to (mostly the usual geek chatter) and intervene only to "suggest" that certain key RHU members back off from certain subjects or activities. Such "suggestions" carry great weight in China, where people who misbehave on the web are very publicly prosecuted and sent to jail. For those RHU opinion-leaders and ace hackers that cooperate, there are all manner of benefits for their careers, not to mention some leniency if they get into some trouble with the authorities. Many government officials fear the RHU, believing that it could easily turn into a "counter-revolutionary force." So far, the Defense Ministry and NET Force officials have convinced the senior politicians that they have the RHU under control. Meanwhile, the hackers (or “honkers” after the Chinese word for “visitor”) became folk heroes and the opportunity to join your company’s contingent of the “Online Red Army” appealed to many as a chance to be like the honkers.


NET Force was never meant to be just volunteers. Starting in the late 1990s, China assembled the first of what eventually grew to 40,000 Ministry of Public Security employees manning the Golden Shield Project (nicknamed as The Great Firewall of China). This was an effort to monitor and censor Internet use throughout the country and punish those who got out of line. In the last decade, over a billion dollars has been spent on this effort. While the Great Firewall cannot stop someone who is expert at how the Internet works but it does greatly restrict the other 99 percent of Internet users. And it provides a lot of information about what is going on inside all that Internet traffic. Foreign intelligence agencies are beginning to find the Great Firewall of China is going from nuisance to obstacle. This has put government intelligence organizations in a difficult position. In the U.S. the feds feel compelled to seek assistance from, and work with, hackers who are developing new ways to tunnel through the Golden Shield. There are several non-governmental outfits that are involved with this effort, and most are hostile to intelligence agencies. Nevertheless, some relationships have been formed, to deal with mutual problems.


It's not only the intel agencies who are keen to learn their way around, and through, the Great Firewall. Cyber War organizations see the Great Firewall as a major defensive weapon as well. The Chinese have a much better idea of what is coming into their country via the Internet, and that makes it easier to identify hostile traffic and deal with it. Some American Cyber War officials are broaching the idea of building something like Golden Shield, just for military purposes. But that would be difficult in most Western countries because of privacy issues. But with Golden Shield China could unleash worms and viruses on the Internet and use their Great Firewall to prevent Chinese systems from becoming as badly infected. China needs every advantage it can get because it has the worst protected, and most infected, PCs in the world. This is largely the result of so many computers using pirated software and poorly trained operators.  Meanwhile, the thousands of people running the Golden Shield are gaining valuable experience and becoming some of the most skillful Internet engineers on the planet.


The Chinese military also has a growing number of formal Cyber War units, as well as military sponsored college level Cyber War courses. Western Internet security companies, in the course of protecting their customers, have identified a growing number of Chinese hacking organizations. Some work directly for the military, secret police or other government agencies. These Cyber War units, plus the volunteer organizations and Golden Shield bureaucrats apparently work closely with each other and have provided China with a formidable Cyber War capability. NET Force, with only a few thousand personnel, appears to be the controlling organization for all this. With the help of RHU and Golden Shield, they can mobilize formidable attacks, as well as great defensive potential. No other nation has anything like it and now the Chinese are bragging about it.

Partager cet article
20 novembre 2013 3 20 /11 /novembre /2013 13:35
Information Warfare: Chinese Cyber Warriors Ignore The Limelight



November 20, 2013: Strategy Page


Earlier this year it was revealed by Western Internet security researchers that a specific Chinese military organization, “Unit 61398” has been responsible for over a thousand attacks on government organizations and commercial firms since 2006. China denied this, and some Unit 61398 attacks ceased and others changed their methods for a month or so. But since then Unit 61398 has apparently returned to business as usual. The Chinese found that, as usual, even when one of their Cyber War organizations was identified by name and described in detail there was little anyone would or could do about it. There was obviously a Chinese reaction when the initial news became headlines, but after a month or so it was realized that it didn’t make any difference and the Chinese hackers went back to making war on the rest of the world. Unit 61398 is believed to consist of several thousand full time military and civilian personnel as well as part-time civilians (often contractors brought in for a specific project).


China's Cyber War hackers have become easier to identify because they have been getting cocky and careless. Internet security researchers have found identical bits of code (the human readable text that programmers create and then turn into smaller binary code for computers to use) and techniques for using it in hacking software used against Tibetan independence groups and commercial software sold by some firms in China and known to work for the Chinese military. Similar patterns have been found in hacker code left behind during attacks on American military and corporate networks. The best hackers hide their tracks better than this. The Chinese hackers have found that it doesn’t matter. Their government will protect them.


It's been noted that Chinese behavior is distinctly different from that encountered among East European hacking operations. The East European hackers are more disciplined and go in like commandos and get out quickly once they have what they were looking for. The Chinese go after more targets with less skillful attacks and stick around longer than they should. That's how so many hackers are tracked back to China, often to specific servers known to be owned by the Chinese military or government research institutes.


The East Europeans have been at this longer and most of the hackers work for criminal gangs, who enforce discipline, select targets, and protect their hackers from local and foreign police. The East European hacker groups are harder to detect (when they are breaking in) and much more difficult to track down. Thus the East Europeans go after more difficult (and lucrative) targets. The Chinese hackers are a more diverse group. Some work for the government, many more are contractors, and even more are independents who often slip over to the dark side and scam Chinese. This is forbidden by the government and these hackers are sometimes caught and punished, or simply disappear. The Chinese hackers are, compared the East Europeans, less skilled and disciplined. There are some very, very good Chinese hackers but they often lack adult supervision (or some Ukrainian gangster ready to put a bullet in their head if they don't follow orders exactly).


For Chinese hackers that behave (don't do cybercrimes against Chinese targets) the rewards are great. Large bounties are paid for sensitive military and government data taken from the West. This encourages some unqualified hackers to take on targets they can't handle. This was noted when a group of hackers were caught trying to get into a high-security network in the White House (the one dealing with emergency communications with the military and nuclear forces). These amateurs are often caught and prosecuted. But the pros tend to leave nothing behind but hints that can be teased out of heavy use of data mining and pattern analysis.


Over the last decade Internet security firms (especially Kaspersky Labs, Mandiant and Symantec) have been increasingly successful at identifying the hacker organizations responsible for some of the large-scale hacker attacks on business and government networks. This has led to the identification of dozens of major hacking operations and which campaigns they were responsible for. The security firms also identify and describe major malware (software created by hackers for penetrating and stealing from target systems). For example, earlier this year Kaspersky Labs discovered a stealthy espionage program called NetTraveler. This bit of malware had been secretly planted in PCs used by diplomats and government officials in over 40 countries. Also hit were oil companies and political activists opposed to China. No samples of the NetTraveler from Israel were available for this analysis, but the program apparently did appear in Israel (but may have been prevented from stealing anything). Dissection of NetTraveler indicated it was created by about fifty different people, most of them Chinese speakers who knew how to program in English.


Kaspersky also discovered a similar bit of malware called Red October, because it appeared to have been created by Russian speaking programmers. Red October was a very elaborate and versatile malware system. Hundreds of different modules have been discovered and Red October had been customized for a larger number of specific targets. Red October was found to be in the PCs and smart phones of key military personnel in Eastern Europe, Central Asia, and dozens of other nations (U.S., Australia, Ireland, Switzerland, Belgium, Brazil, Spain, South Africa, Japan, and the UAE). The Red October Internet campaign has been going on for at least five years and has been seeking military and diplomatic secrets. As a result of this discovery Internet operators worldwide shut down the addresses Red October depended on.


Red October does not appear to be the product of some government intelligence agency and may be from one of several shadowy private hacker groups that specialize in seeking out military secrets and then selling them to the highest bidder. The buyers of this stuff prefer to remain quiet about obtaining secrets this way. In response to this publicity, the operators of Red October have apparently shut down the network. The Russian government ordered the security services to find out if Russians were involved with Red October and, if so, to arrest and prosecute them. Russia has long been a sanctuary for Internet criminals, largely because of poor policing and corruption. It may well turn out that the Red October crew is in Russia and has paid off a lot of Russian cops in order to avoid detection and prosecution. To date, the operators of Red October have not been found. All nations, except China, have become more willing to assist in finding, arresting and prosecuting criminal hackers. While more are going to jail, it is still a very small proportion of those involved.


What most of these large scale attacks have in common is the exploitation of human error. Case in point is the continued success of attacks via Internet against specific civilian, military, and government individuals using psychology, rather than just technology. This sort of thing is often carried out in the form of official looking email, with a file attached, sent to people at a specific military or government organization. It is usually an email they weren't expecting but from someone they recognize. This is known in the trade as "spear fishing" (or "phishing"), which is a Cyber War technique that sends official looking email to specific individuals with an attachment which, if opened, secretly installs a program that sends files and information from the email recipient's PC to the spear fisher's computer. In the last few years an increasing number of military, government, and contractor personnel have received these official-looking emails with a PDF document attached and asking for prompt attention. As more defenses for these types of attacks appear, new attack methods will be developed. Governments and the public are becoming more aware of the extent of the hacker spies. What is not yet known is the impact of all this on the concept of state secrets and military capability.

Partager cet article
30 mai 2013 4 30 /05 /mai /2013 11:35
Ces manoeuvres d'un nouveau type auront lieu en Mongolie intérieure, dans le nord du pays.

Ces manoeuvres d'un nouveau type auront lieu en Mongolie intérieure, dans le nord du pays.

29/05/2013 Par Arnaud de La Grange – LeFigaro.fr


Alors que le cyberespionnage complique la relation Washington-Pékin, l'armée chinoise va tester le mois prochain de «nouveaux types d'unités de combat utilisant de la technologie digitale». Vraisemblablement pour simuler la perturbation de réseaux de communication, de commandement et de contrôle.


Ces exercices militaires seront bien réels, mais le terrain sera en grande partie virtuel. L'armée chinoise va lancer le mois prochain ses premières manœuvres impliquant des «unités numériques», a rapporté mercredi la presse officielle. Les soldats chinois vont «tirer à blanc» sur les réseaux Internet, alors que la tension est vive entre Washington et Pékin sur les questions de cyberespionnage.


Ces manœuvres d'un nouveau type auront pour cadre la Mongolie-Intérieure, dans le nord du pays. Vont à cette occasion être «testés de nouveaux types d'unités de combat, utilisant de la technologie digitale pour s'adapter à la guerre moderne et informatique». Pour la «première fois» dans l'histoire de l'Armée populaire de libération (APL), ces moyens modernes seront combinés à des forces spéciales, de l'aviation et des unités de contre-mesure électronique. Vraisemblablement pour simuler la perturbation de réseaux de communication, de commandement et de contrôle.


Une arme «asymétrique»


En 2011, le ministère chinois de la Défense avait annoncé avoir créé une unité d'élite spécialisée dans la cyberguerre. Tout en précisant qu'il s'agissait uniquement de «capacités défensives et non pas d'attaque»… Composée officiellement d'un noyau de 30 membres et appelée «l'équipe cyberbleue», cette force a été placée sous le commandement de la région militaire de Canton (sud), avait précisé le quotidien Global Times. La faiblesse de ces effectifs fait sourire, quand on connaît les efforts de l'APL dans le domaine des cybercapacités. Des milliers, voire des dizaines de milliers d'hommes seraient affectés à ces missions. Au début de l'année, la société de sécurité informatique américaine Mandiant a identifié une formation - l'Unité 61398, basée à Shanghaï - alignant à elle seule plus de 2000 personnes. Elle serait à l'origine d'une vague d'attaques qui a visé des journaux américains, des sociétés et des agences du gouvernement américain.


L'armée chinoise, consciente de ne pouvoir affronter la puissance américaine de manière conventionnelle, n'a pas fait mystère de ses ambitions en matière de cyberguerre. Dès 1999, dans leur fameux essai La Guerre hors limites, deux colonels de l'armée de l'air chinoise ont insisté sur l'importance de cette arme «asymétrique». Un récent rapport du Congrès américain estime que «les experts de l'APL identifient de façon systématique les infrastructures logistiques, les systèmes de commandement et de contrôle et les centres de gravité stratégiques des États-Unis qu'ils attaqueraient en premier en cas de conflit». Et que leurs compétences sont désormais «très avancées».

Partager cet article
26 février 2013 2 26 /02 /février /2013 19:35

cyber warfare


February 25, 2013 by SPIEGEL Staff


Companies like defense giant EADS or steelmaker ThyssenKrupp have become the targets of hacker attacks from China. The digitial espionage is creating a problem for relations between Berlin and Beijing, but Chancellor Angela Merkel has shied away from taking firm action.


Very few companies in Europe are as strategically important as the European Aeronautic Defense and Space Company (EADS). It makes the Eurofighter jet, drones, spy satellites, and even the carrier rockets for French nuclear weapons.


Not surprisingly, the German government reacted with alarm last year when EADS managers reported that their company, which has its German administrative headquarters near Munich, was attacked by hackers. The EADS computer network contains secret design plans, aerodynamic calculations and cost estimates, as well as correspondence with the governments in Paris and Berlin. Gaining access to the documents would be like hitting the jackpot for a competitor or a foreign intelligence agency.


The company's digital firewalls have been exposed to attacks by hackers for years. But now company officials say there was "a more conspicuous" attack a few months ago, one that seemed so important to EADS managers that they chose to report it to the German government. Officially, EADS is only confirming there was a "standard attack," and insists that no harm was done.


The attack isn't just embarrassing for the company, which operates in an industry in which trust is very important. It also affects German foreign policy, because the attackers were apparently from a country that has reported spectacular growth rates for years: China.


During a visit to Guangzhou during February 2012, German Chancellor Angela Merkel praised China's success, saying it is something "that can be described as a classic win-win situation."


But the chancellor could be wrong.


For some time now, the relationship between China and the West seems to have been producing one winner and many losers. China is routinely the winner, while the losers are from Germany, France and the United States. They are global companies that are eviscerated by Chinese hackers and learn the painful lesson of how quickly sensitive information can end up in the Far East.


Berlin 's Dilemma


The relentless digital attack plunges the German government into a political dilemma. No government can stand back while another country unscrupulously tries to steal its national secrets. It has to protect the core of the government and the know-how of the national economy, sometimes with severe methods, if the diplomatic approach proves ineffective. Berlin should threaten Beijing with serious consequences, like the ones the US government announced last week.


On the other hand, the German government doesn't want to mar relations with one of its most important international partners. China has become Germany's third-largest trading partner and, from Merkel's perspective, is now much more than a large market for German goods and supplier of inexpensive products. Berlin now views the leadership in Beijing as its most important non-Western political partner.


That may explain why Merkel is addressing the Chinese problem abstractly rather than directly. During the high-level government meetings last August, she reminded the Chinese of the importance of "abiding by international rules." When she sent a representative to Beijing in November to tell senior government officials that Germany condemned the cyber espionage, it was done informally and off the record. In the end, Merkel will accept the ongoing espionage attempts as a troublesome plague that Germany simply has to put up with.


When SPIEGEL first exposed the scope of the Chinese attacks five-and-a-half years ago, then-Prime Minister Wen Jiabao asserted that his government would "take decisive steps to prevent hacker attacks."


But the problem has only gotten worse since then.


1,100 Attacks in 2012


Last year, Germany's domestic intelligence agency, the Federal Office for the Protection of the Constitution, reported close to 1,100 digital attacks on the German government by foreign intelligence agencies. Most were directed against the Chancellery, the Foreign Ministry and the Economics Ministry. In most cases, the attacks consist of emails with attachments containing a Trojan horse. Security officials noticed that the attacks were especially severe in the run-up to the G-20 summit, targeting members of the German delegation and focusing on fiscal and energy policy. The Green Party has also been targeted before.


In mid-2012, hackers attacked ThyssenKrupp with previously unheard of vehemence. The attempts to infiltrate the steel and defense group's corporate network were "massive" and of "a special quality," say company officials. Internally, the subject was treated as a top-secret issue. The hackers had apparently penetrated so deeply into the company's systems that executives felt it was necessary to notify authorities. ThyssenKrupp told SPIEGEL that the attack had occurred "locally in the United States," and that the company did not know whether and what the intruders may have copied. It did know, however, that the attacks were linked to Internet addresses in China.


Hackers have also apparently targeted pharmaceutical giant Bayer and IBM, although IBM isn't commenting on the alleged attacks. In late 2011, a German high-tech company, the global market leader in its industry, received a call from security officials, who said that they had received information from a friendly intelligence service indicating that large volumes of data had been transferred abroad.


The investigations showed that two packets of data were in fact transmitted in quick succession. The first was apparently a trial run, while the second one was a large packet containing a virtually complete set of company data: development and R&D files, as well as information about suppliers and customers. An external technology service provider had copied the data and apparently sold it to Chinese nationals.


Seventy Percent of German Companies Under Threat


"Seventy percent of all major German companies are threatened or affected" by cyber attacks, Stefan Kaller, the head of the department in charge of cyber security at the German Interior Ministry, said at the European Police Congress last week. The attacks have become so intense that the otherwise reserved German government is now openly discussing the culprits. "The overwhelming number of attacks on government agencies that are detected in Germany stem from Chinese sources," Kaller said at the meeting. But the Germans still lack definitive proof of who is behind the cyber attacks.


The hackers' tracks lead to three major Chinese cities: Beijing, Shanghai and Guangzhou. And from Germany's perspective, they point to a Unit 61398, which was identified in a report by the US cyber security company Mandiant last week.


In the dossier, which is apparently based on intelligence information, the Washington-based IT firm describes in detail how a unit of the Chinese People's Liberation Army has hacked into 141 companies worldwide since 2006. The trail, according to Mandiant, leads to an inconspicuous 12-story building in Beijing's Pudong district, home to the army's Unit 61398.


Mandiant claims that the elite unit operates at least 937 servers in 13 countries. One of the key Chinese nationals involved has worked under the code name "UglyGorilla" since 2004, while two other hackers use the names "SuperHard" and "Dota." According to Mandiant, the scope of the evidence leaves little doubt that soldiers with Unit 61398 are behind the hacker attacks. The White House, which was notified in advance, privately confirmed the report's conclusions, while the Chinese denied them. "The Chinese military has never supported any hacking activities," said spokesmen for China's Foreign and Defense Ministries, adding that China is in fact "one of the main victims of cyber attacks."


The dossier publicly emphasizes, for the first time, what has long been claimed in intelligence circles: that the power apparatus of the Chinese government is behind at least some of the attacks. Following the report's publication, European ambassadors in Beijing moved the accusations to the top of their agenda. The diplomats agreed that China has become too large and powerful for a single European Union country to tangle with it.


The US government has now defined the attacks as a key issue, and cyber security is now on the agenda of the Strategic Security Dialogue between Beijing and Washington. China's IT espionage is the biggest "transfer of wealth in history," says General Keith Alexander, head of the US military's Cyber Command. The companies that Mandiant claims were the targets of attacks include one with access to more than 60 percent of the oil and natural gas pipelines in North America. "A hacker in China can acquire source code from a software company in Virginia without leaving his or her desk," says US Attorney General Eric Holder.


Last summer, Holder launched a training program for 400 district attorneys to specifically investigate cyber attacks by foreign countries. And last week, Holder presented the government's plan to prevent the theft of intellectual property. Following the Mandiant report, there have been growing calls in the United States for tougher action, including such steps as entry bans for convicted hackers and laws to enhance the options available to companies to fight data theft under civil law. Referring to Beijing, James Lewis of the Center for Strategic and International Studies told the Wall Street Journal: "You've got to keep pushing on them."


Germany Like a Developing Country


Germany is a long way from increasing pressure on the Chinese. In fact, when it comes to cyberspace, Germany sometimes feels like a developing country. When companies like EADS are attacked, it is a question of coincidence as to whether the German government learns of the incidents. The draft of the country's new IT Security Law, which Interior Minister Hans-Peter Friedrich, a member of the conservative Christian Social Union (CSU) unveiled in early February, at least envisions a reporting requirement for companies that are attacked. But there is a strong chance that the ministries involved in the proposed legislation will destroy the draft before the German national election in September.


The government approved a national cyber security strategy two years ago, and Germany's new Cyber Defense Center has been staffed with a dozen officials since then, but it's little more than a government virus scanner. The center lacks authority and clear policies on how the government intends to handle threats originating from the Internet. The federal agencies are "not even capable of appreciably defending themselves against an attack," scoffs a senior executive in the defense industry.


The country's foreign intelligence agency, the BND, has the most experience with cyber attacks. The agency, based near Munich, is also involved in digital espionage and has used Trojans and so-called keyloggers in more than 3,000 cases. BND President Gerhard Schindler wants to combine previously scattered personnel into a single subsection, and the necessary new positions have already been approved. An official from the Chancellery will likely head the new group.


The BND wants its future capabilities to not only include infiltrating an outside computer system. It also intends to develop a sort of digital second-strike capability to shut down the server of a particularly aggressive attacker.


That would be the worst-case scenario.




Translated from the German by Christopher Sultan

Partager cet article
21 février 2013 4 21 /02 /février /2013 13:20

cyber warfare


WASHINGTON, 21 février - RIA Novosti



Washington estime nécessaire de maintenir un dialogue sur la sécurité informatique avec Pékin, mais reste préoccupé par les cybermenaces émanant de la Chine, a déclaré mercredi soir à Washington le porte-parole de la Maison Blanche Jay Carney.


"Les Etats-Unis et la Chine sont parmi les plus principaux acteurs du cyberespace, et il est essentiel que nous continuions un dialogue stable et efficace en vue de définir les limites d'un comportement acceptable dans le cyberespace", a indiqué M.Carney lors d'une conférence de presse.


"Nous continuerons d'évoquer le problème des attaques informatiques dans nos négociations avec de hauts responsables chinois, dont des militaires", a-t-il poursuivi.


Auparavant, les médias occidentaux ont rapporté que le gouvernement US pourrait décréter des sanctions commerciales à l'encontre de la Chine s'il était confirmé que les attaques informatiques visant les entreprises et institutions américaines étaient perpétrées avec le soutien officiel de Pékin.


Ces informations ont été diffusées suite à la publication d'un rapport rédigé par la société américaine Mandiant, selon lequel les cyberattaques visant les Etats-Unis étaient menées par l'unité 61398 de l'armée chinoise déployée dans les faubourgs de Shanghai. Le porte-parole du ministère chinois des Affaires étrangères Hong Lei a ensuite démenti ces accusations.

Partager cet article
20 février 2013 3 20 /02 /février /2013 12:20

cyber warfare


MOSCOU, 20 février - RIA Novosti


Le gouvernement US pourrait décréter des sanctions commerciales à l'encontre de la Chine s'il est confirmé que les attaques informatiques visant les entreprises et institutions américaines sont perpétrées avec le soutien officiel de Pékin, rapportent mercredi les médias occidentaux.


Mardi 19 février, la société américaine Mandiant spécialisée dans la sécurité informatique a présenté un rapport selon lequel les cyberattaques visant les Etats-Unis étaient menées par l'unité 61398 de l'Armée de libération du Peuple.


D'après le document, les signatures de ses attaques ont pu être remontées jusqu'à un immeuble situé dans le quartier de Pudong, dans les faubourgs de Shanghai. L'unité secrète pourrait compter des milliers de membres experts en anglais et en programmation.


Les Etats-Unis ont a plusieurs reprises qualifié la Chine et la Russie de "principales menaces" pour la sécurité informatique dans le monde. D'après le dernier rapport du National Intelligence Estimate (NIE), dont des extraits ont été publiés par le Washington Post, la Chine est le pays "le plus agressif" dans la recherche d'un accès aux informations sensibles lui permettant d'acquérir une avance dans le domaine économique.

Partager cet article
20 février 2013 3 20 /02 /février /2013 09:05

cyber warfare


20/02/2013 Nabil Bourassi – LaTribune.fr


Une société privée de protection informatique accuse, dans un rapport, le gouvernement chinois d'avoir mis sur pied une unité militaire de cyber-espionnage. D'après Mandiant, cette unité aurait dérobé plusieurs centaines de térabytes de données à des secteurs industriels jugés stratégiques. La Chine se défend de ces accusations et estime qu'elle est elle-même la cible de cyber-attaques en provenance des Etats-Unis.


La Chine est-elle la cible d'une campagne de dénigrement, ou se livre-t-elle réellement à des activités secrètes de cyber-espionnage ? Depuis plusieurs semaines, l'opinion publique américaine s'interroge après les attaques de plusieurs médias qui auraient révélé des informations compromettantes pour Pékin. Un rapport du National Intelligence Estimate a même identifié le territoire chinois comme le premier abri de cyber-espions au monde.


L'armée chinoise dans le viseur


Cette fois, une société privée américaine, Mandiant, va plus loin et désigne directement le gouvernement chinois comme le principal commanditaire dans un rapport. La société de protection informatique serait remontée jusqu'à lui après avoir démêlé les fils de nombreuses cyber-attaques depuis 2006. Mandiant aurait ainsi identifié une unité de hackers mise sur pied par l'armée chinoise à des fins d'espionnage. Cette unité que Mandiant a baptisé APT1 (advanced persistent threat) serait d'après la société, le second bureau du 3è département de l'état-major de l'armée de libération populaire, ou plus communément appelé par les militaires chinois l'unité 61398.


Pour Mandiant, l'activité d'APT1 est la plus "prolifique" de toutes les unités de hackers qu'il a identifiées à travers le monde. Ses motivations reposent sur l'intelligence économique. Ainsi, le rapport estime que les entreprises visées font parties des quatre secteurs industriels classés prioritaires par le 12è plan quinquennal chinois. Le butin estimé par la société privée américaine se compterait par "centaines de terabytes de données auprès d'au-moins 141 organisations". Autrement dit, le préjudice financier serait potentiellement considérable, pour peu que les informations dévoilées soient classées sensibles, voire stratégiques.


Des attaques confondues par leurs adresses IP


Les investigations menées par Mandiant lui ont permis d'identifier les principales caractéristiques de ce groupe de hackers : de son adresse exacte jusqu'au modus operandi de ses actions. APT1 siègerait en partie à Shanghaï dans un immeuble construit en 2007, dans la zone nouvelle de Pudong. Cet immeuble abriterait des "centaines, peut-être des milliers de personnes". Ensuite, Mandiant a suivi la trace des nombreuses adresses IP identifiées à l'occasion d'une série d'attaques sur deux ans. Elles présentent les mêmes caractéristiques, utilisent les mêmes logiciels Microsoft, et les mêmes types de claviers.


La Chine dément fermement


Le gouvernement chinois, lui, s'insurge contre ces accusations qu'il estime infondées. Un porte-parole du ministère chinois des Affaires Etrangères a ainsi déclaré au Wall Street Journal : "les cyberattaques sont anonymes et transnationales et il est difficile de retracer l'origine des attaques. Je ne sais donc pas comment les conclusions du rapport peuvent être crédibles". Il a d'ailleurs ajouté que la Chine était elle-même victime d'attaques en provenance des Etats-Unis sans toutefois désigner un quelconque responsable. De son côté, le ministre chinois de la Défense a rappelé que "l'armée chinoise n'avait jamais supporté en aucune sorte des activités de hacking".

Partager cet article
20 février 2013 3 20 /02 /février /2013 08:53

China Armed Forces source Brahmand.com


February 19, 2013, zeenews.india.com


Washington: On the outskirts of Shanghai, in a run-down neighbourhood, a People’s Liberation Army base has been built for China’s growing corps of cyber warriors.


According to the New York Times, a number of digital forensic evidence has been confirmed by American intelligence officials, who said that they have tapped into the activity of the army unit for years.


A detailed 60-page study, released by Mandiant, an American computer security firm, for the first time has tracked individual members of the most sophisticated of the Chinese hacking groups, known to many of its victims in the United States as ‘Comment Crew’ or ‘Shanghai Group’, to the doorstep of the military unit’s headquarters.


The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.


According to the report, some security firms that have tracked “Comment Crew” said that they also believe the group is state-sponsored.


A recent classified National Intelligence Estimate, issued as a consensus document for all 16 of the United States intelligence agencies, makes a strong case that many of these hacking groups are either run by army officers or are contractors working for commands like Unit 61398, according to officials with knowledge of its classified content, the report said.


While Comment Crew has hacked terabytes of data from companies like Coca-Cola, its focus is increasingly on companies involved in the critical infrastructure of the United States, which includes electrical power grid, gas lines and waterworks.


According to the security researchers, one target was a company with remote access to more than 60 percent of oil and gas pipelines in North America.


The unit was also among those that attacked the computer security firm RSA, whose computer codes protect confidential corporate and government databases.


Contacted on Monday, Chinese officials at its embassy in Washington again insisted that its government does not engage in computer hacking, and that such activity is illegal.


They describe China itself as being a victim of computer hacking, and point out, accurately, that there are many hacking groups inside the United States.


But in recent years the Chinese attacks have grown significantly, security researchers said.


Mandiant has detected more than 140 Comment Crew intrusions since 2006.


American intelligence agencies and private security firms that track many of the 20 or so other Chinese groups every day said that those groups appeared to be contractors with links to the unit.


According to the report, the White House said it was “aware” of the Mandiant report. The United States government is planning to begin a more aggressive defense against Chinese hacking groups, starting on Tuesday.


Under a directive signed by President Barack Obama last week, the government plans to share with American Internet providers information it has gathered about the unique digital signatures of the largest of the groups, including Comment Crew and others emanating from near where Unit 61398 is based.


But the government warnings will not explicitly link those groups, or the giant computer servers they use, to the Chinese army.


The question of whether to publicly name the unit and accuse it of widespread theft is the subject of ongoing debate, it added.

Partager cet article
19 février 2013 2 19 /02 /février /2013 17:20

China Armed Forces source Brahmand.com


Feb. 19, 2013 - By CALUM MacLEOD – Defense News (USA Today)


BEIJING — Hackers at a secretive unit of the Chinese military have stolen huge amounts of data from 115 companies and organizations in the U.S. since at least 2006, a U.S. computer security firm said in a research report released online Tuesday.


The details made public by Mandiant Corp. add weight to arguments that Chinese authorities are increasingly targeting foreign firms, institutions and government agencies. Beijing denies such charges and says China too is a victim of cyber attacks.


Based in a 12-story office tower in Shanghai’s Pudong district, Unit 61398 of China’s People’s Liberation Army “is likely government-sponsored and one of the most persistent of China’s cyber threat actors,” said Mandiant.


Unit 61398 “has systematically stolen hundreds of terabytes of data from at least 141 organizations” in diverse industries and mostly in the U.S., said the report, without naming any firms. “It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,” it said.


China is the “most threatening actor in cyberspace,” concluded a draft report of the U.S.-China Economic and Security Review Commission last November, reported Bloomberg, as China’s intelligence agencies and hackers try to access U.S. military computers and defense contractors.


Last Tuesday, U.S. President Barack Obama signed an executive order to improve protection of the country’s critical infrastructure from cyber attacks. “We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems,” he said in his State of the Union address the same day.


The Mandiant report, titled “Exposing one of China’s cyber espionage units,” said data stolen included blueprints, pricing documents, details on mergers and acquisitions, emails and contact lists. The hacking group included hundreds and possibly thousands of English speakers with advanced computer skills, said Mandiant.


In a new book, Eric Schmidt, the executive chairman of Google, criticizes China as the world’s “most sophisticated and prolific hacker,” according to quotes published in the Wall Street Journal. Google has tussled with Chinese authorities over the nation’s strict censorship of the Internet.


In common with earlier denials, Chinese Foreign Ministry spokesman Hong Lei dismissed the Mandiant allegations as “groundless” Tuesday. After the New York Times and the Wall Street Journal complained earlier this month about extensive Chinese hacking, a commentary in the People’s Daily, the mouthpiece of the ruling Communist Party, said the U.S. was seeking excuses to expand its “Internet army.”


Given the lack of Chinese media coverage on this sensitive issue, there was little discussion Tuesday on the nation’s censored but booming micro-blog sites. Unlike Unit 61398, some Chinese hackers, leaning heavily on their patriotic duties for protection, don’t bother to hide. On the Hongke (“red guest”) website, its name a play on the Chinese for hacker — Heike, or Black Guest/Dark Visitor — some recent posts insulted the U.S. for complaining about the high cost of Chinese cyber espionage.

Partager cet article
19 février 2013 2 19 /02 /février /2013 13:35

cyber warfare


19 février 2013 Guysen International News


Une unité secrète de l'armée chinoise est soupçonnée d'être à l'origine de multiples opérations de piratage informatique qui ont notamment visé les Etats-Unis, écrit la société de sécurité informatique américaine Mandiant. Mandiant estime dans un rapport publié lundi aux Etats-Unis que l'unité 61398 de l'Armée populaire de Chine, basée à Shanghai, s'est rendue coupable dès 2006 du vol de "centaines de teraoctets de données auprès d'au moins 141 sociétés dans différents secteurs".

Partager cet article


  • : RP Defense
  • : Web review defence industry - Revue du web industrie de défense - company information - news in France, Europe and elsewhere ...
  • Contact


Articles Récents