Chinese army likely behind cyber attacks, U.S. security firm says
Computer-hackers tied to the Chinese military have stolen massive quantities of data from at least 140 organizations in 20 major industries since 2006, a U.S. computer security firm said in an extensive report released Tuesday.
The 74-page report, prepared by Mandiant, comes as the United States has toughened its stand against computer hacking by China and is expected to seek to do more to protect both commercial and national security information. Just last week, President Obama signed an executive order to improve protection of the American computer assets.
The Mandiant report also comes after a growing concern in many U.S. businesses, including media companies, that China has stepped up its computer invasion. The Chinese government has repeatedly denied such charges and has insisted it has been the target of computer hacking. China repeated those charges on Tuesday.
But the Mandiant report lays the blame for the increase computer hacking squarely at the official door of China, and says that a secretive military group, based in the outskirts of Shanghai, is the likely culprit for official computer activities.
“Since 2004, Mandiant has investigated computer security breaches at hundreds of organizations around the world,” the report reads. In earlier reports, the security group noted, “The Chinese government may authorize this activity, but there’s no way to determine the extent of its involvement.
“Now, three years later, we have the evidence required to change our assessment,” the security group concluded. “The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them.”
The hacking activity was likely part of the mandate of the Unit 61398 of China’s People’s Liberation Army, identified in the report as “one of the most persistent of China’s cyber threat actors.” The unit is based in the Pudong New Area, outside of Shanghai from where the computer attacks originate.
Unit 61398 “has systematically stolen hundreds of terabytes of data from at least 141 organizations,” in diverse industries and mostly in the United States, said the report. “It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively.”
According to the report, hundreds of terabytes of data, including emails, memos and blueprints have been stolen by the military group, which focused on a broad range of industries in English-speaking countries.
In more than 97% of the 1,905 times intruders were observed, they used computer addresses registered in Shanghai, the report found. The hackers likely have a large organization with at least dozens, but potentially hundreds, of operators, the report said.
China’s role in the hacking industry has been a growing concern amid reports that groups including the New York Times and the U.S. Chamber of Commerce have reported that they have been hacked from within China.
In addition to signing an executive order, President Obama noted the issue in his State of the Union speech last week. “We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems,” he said.
In an October speech, Defense Secretary Leon Panetta warned of China’s growing computer capabilities.
“In my visit to Beijing, I underscored the need to increase communication and transparency with each other so that we could avoid a misunderstanding or miscalculation in cyberspace,” Panetta said. He called for greater sharing about cyber security between private enterprise and the U.S. government.
Speaking at a daily news briefing on Tuesday, Chinese Foreign Ministry spokesman Hong Lei denied the latest accusations.
“Cyber attacks are anonymous and transnational, and it is hard to trace the origin of attacks, so I don’t know how the findings of the report are credible,” Hong said.
He added that China has been a frequent victim of cyber attacks coming from the United States. He stopped short, however, of blaming the U.S. government.
Must-read stories from the L.A. Times
Get all the day's most vital news with our Today's Headlines newsletter, sent every weekday morning.
You may occasionally receive promotional content from the Los Angeles Times.