Report Says Chinese Military Involved in U.S. Hacking

Feb. 19, 2013 - By CALUM MacLEOD – Defense News (USA Today)

BEIJING — Hackers at a secretive unit of the Chinese military have stolen huge amounts of data from 115 companies and organizations in the U.S. since at least 2006, a U.S. computer security firm said in a research report released online Tuesday.

The details made public by Mandiant Corp. add weight to arguments that Chinese authorities are increasingly targeting foreign firms, institutions and government agencies. Beijing denies such charges and says China too is a victim of cyber attacks.

Based in a 12-story office tower in Shanghai’s Pudong district, Unit 61398 of China’s People’s Liberation Army “is likely government-sponsored and one of the most persistent of China’s cyber threat actors,” said Mandiant.

Unit 61398 “has systematically stolen hundreds of terabytes of data from at least 141 organizations” in diverse industries and mostly in the U.S., said the report, without naming any firms. “It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,” it said.

China is the “most threatening actor in cyberspace,” concluded a draft report of the U.S.-China Economic and Security Review Commission last November, reported Bloomberg, as China’s intelligence agencies and hackers try to access U.S. military computers and defense contractors.

Last Tuesday, U.S. President Barack Obama signed an executive order to improve protection of the country’s critical infrastructure from cyber attacks. “We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems,” he said in his State of the Union address the same day.

The Mandiant report, titled “Exposing one of China’s cyber espionage units,” said data stolen included blueprints, pricing documents, details on mergers and acquisitions, emails and contact lists. The hacking group included hundreds and possibly thousands of English speakers with advanced computer skills, said Mandiant.

In a new book, Eric Schmidt, the executive chairman of Google, criticizes China as the world’s “most sophisticated and prolific hacker,” according to quotes published in the Wall Street Journal. Google has tussled with Chinese authorities over the nation’s strict censorship of the Internet.

In common with earlier denials, Chinese Foreign Ministry spokesman Hong Lei dismissed the Mandiant allegations as “groundless” Tuesday. After the New York Times and the Wall Street Journal complained earlier this month about extensive Chinese hacking, a commentary in the People’s Daily, the mouthpiece of the ruling Communist Party, said the U.S. was seeking excuses to expand its “Internet army.”

Given the lack of Chinese media coverage on this sensitive issue, there was little discussion Tuesday on the nation’s censored but booming micro-blog sites. Unlike Unit 61398, some Chinese hackers, leaning heavily on their patriotic duties for protection, don’t bother to hide. On the Hongke (“red guest”) website, its name a play on the Chinese for hacker — Heike, or Black Guest/Dark Visitor — some recent posts insulted the U.S. for complaining about the high cost of Chinese cyber espionage.