Computer security firm blames cyber spying on Chinese military


WASHINGTON — A clandestine Chinese military unit has conducted sophisticated cyber espionage operations against dozens of American and Canadian companies, according to a private report that provides unusual new details about China’s involvement in cyber theft of economic and trade secrets.

The report by computer security firm Mandiant Corp. in Alexandria, Va., breaks new ground by attributing attacks against 141 companies to a specific 12-story office building in the financial center of Shanghai.

According to the report, the building is home to the 2nd Bureau of the People’s Liberation Army’s General Staff Department’s 3rd Department, which is known as Unit 61398.


Mandiant said it traced computer penetrations to Unit 61398 by telltale digital signatures left in malware, the use of Shanghai phone numbers and social networking information posted by some of the hackers. The report profiles three operatives associated with the unit, including one known by the moniker “Ugly Gorilla.”

The report said Unit 61398 has stolen “technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements and emails and contact lists.”

It said it’s impossible to inventory the losses since hackers often copy, rather than remove, digital data and erase all but traces of the theft.

Mandiant, which signs confidentiality agreements with its clients, did not name the companies targeted. The New York Times first disclosed details from the report Tuesday.

Chinese authorities have repeatedly denied any government involvement in the hacking of U.S. companies.

“Cyberattacks are anonymous and transnational, and it is hard to trace the origin of attacks, so I don’t know how the findings of the report are credible,” said Hong Lei, a Foreign Ministry spokesman in Beijing.


“China is also a victim of hacking attacks,” he said, hinting that some attacks on China originated in the U.S. “Chinese laws clearly forbid hacking attacks, and we hope relevant parties takes a responsible attitude on this issue.”

Richard Bejtlich, Mandiant’s security director, said the report “should dismiss all the wiggle room that the Chinese use to deny engaging in this conduct.”

Bejtlich said U.S. officials had indicated that they were “ready to go beyond just sort of watching the fireworks happen and they wouldn’t be particularly upset if we released a report.”

President Obama signed an executive order last week that aims to improve U.S. cyber defenses by sharing more classified government information about digital threats with private companies that operate critical infrastructure, including energy, telecommunications, utilities and dams.

White House spokesman Jay Carney declined to address the report or discuss U.S. intelligence assessments of Chinese cyber spying.

“We have repeatedly raised our concerns at the highest levels about cyber theft with senior Chinese officials, including the military, and we will continue to do so,” Carney told reporters.

U.S. intelligence officials have said for years that Chinese cyber attacks present a growing threat to U.S. security and economic interests, but they have been reluctant to provide details in public.

A highly classified National Intelligence Estimate under preparation asserts that China is a major player in cyber attacks, along with Russia, Iran and several other countries.

U.S. intelligence and military agencies conduct aggressive cyber operations against foreign governments and their agencies. U.S. and Israeli experts, for example, allegedly cooperated on a cyber attack that sabotaged Iran’s efforts to enrich uranium for several years.

But U.S. intelligence officials said they don’t steal foreign trade secrets or technology to benefit U.S. companies.

Bejtlich said no evidence indicates that Unit 61398 tried to destroy American infrastructure via a cyber attack, but he said the unit stole potentially sensitive data from electric utilities and chemical companies.

“By virtue of the access that they have, they could cause some damage,” he said. “They wouldn’t even have to do it on purpose.”

It’s sometimes easier for hackers to disable computer networks than to sneak into them and steal data, said Michael Hayden, former head of the CIA and the National Security Agency, which conducts America’s digital spying abroad.

“In the cyber domain, an actual attack is often easier than conducting the reconnaissance,” Hayden said in an email. “That’s what makes this so unnerving.”

Members of the House and the Senate intelligence committees responded sharply to the 76-page report.

“This is a sobering public report on the lengths to which the Chinese military has gone to infiltrate and hack American companies,” said Sen. Dianne Feinstein (D-Calif.), who chairs the Senate Intelligence Committee.

“The Chinese government’s direct role in cyber theft is rampant and the problems have grown exponentially,” said Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee.

“The Mandiant report provides vital insights into the Chinese government’s economic cyber espionage campaign against American companies,” he said.