Firm traces huge cyberattacks against U.S. to Chinese Army
BEIJING (AP) - Cyberattacks that stole massive amounts of information from military contractors, energy companies and other key industries in the U.S. and elsewhere have been traced to the doorstep of a Chinese military unit, a U.S. security firm alleged Tuesday.
China's Foreign Ministry dismissed the report as "groundless," and the Defense Ministry denied any involvement in hacking attacks.
China has frequently been accused of hacking, but the report by Virginia-based Mandiant Corp. contains some of the most extensive and detailed accusations to date linking its military to a wave of cyberspying against U.S. and other foreign companies and government agencies.
Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a drab, white 12-story office building run by "Unit 61398" of the People's Liberation Army.
The unit "has systematically stolen hundreds of terabytes of data from at least 141 organizations," Mandiant wrote. By comparison, the U.S. Library of Congress 2006-2010 Twitter archive of about 170 billion tweets totals 133.2 terabytes.
"From our observations, it is one of the most prolific cyberespionage groups in terms of the sheer quantity of information stolen," the company said. It added that the unit has been in operation since at least 2006.
Mandiant said it decided that revealing the results of its investigation was worth the risk of the hackers changing their tactics and becoming even more difficult to trace.
"It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively," it said.
In a statement faxed to The Associated Press, the Defense Ministry firmly rejected any involvement in hacking, saying Chinese law forbids all activities harming Internet security.
"The Chinese government has always firmly combated such activities and the Chinese military has never supported any form of hacking activity," the ministry said. "Statements to the effect that the Chinese military takes part in Internet attacks are unprofessional and are not in accordance with the facts."
Chinese Foreign Ministry spokesman Hong Lei did not directly address the claims, but when questioned on the report Tuesday, he said he doubted the evidence would withstand scrutiny.
"To make groundless accusations based on some rough material is neither responsible nor professional," Hong told reporters at a regularly scheduled news conference.
Reiterating a standard China government response on hacking claims, Hong said China itself is a major victim of such crimes, including attacks originating in the United States.
"As of now, the cyberattacks and cybercrimes China has suffered are rising rapidly every year," Hong said.
Mandiant's methodology used in the investigation was sound, said Massimo Cotrozzi, managing director of KCS Group, a London-based international cyber investigation consulting firm that was not involved in Mandiant's research.
"No one as yet has provided the world conclusive evidence of a link between the Chinese military and the attacks. This report is the nearest thing to conclusive evidence that I have seen," Cotrozzi said.
Mandiant said its findings led it to alter the conclusion of a 2010 report it wrote on Chinese hacking, in which it said it was not possible to determine the extent of government knowledge of such activities.
"The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them," the company said in a summary of its latest report.
It said the hacking was traced to the 2nd Bureau of the People's Liberation Army General Staff's 3rd Department, most commonly known as unit 61398, in the Shanghai suburbs.
News of the report spread Tuesday on the Chinese Internet, with many commentators calling it an excuse for the U.S. to impose greater restrictions to contain China's growing technological prowess.
Graham Cluley, a British cybersecurity expert who was not involved in Mandiant's research, said people in the computer industry believe China's government is behind such attacks but have been unable to confirm the source.
"None of us would be very surprised or be uncomfortable saying we strongly suspect the Chinese authorities are involved in spying this way," said Cluley, a senior technology consultant for security firm Sophos in Britain.
"I think we are seeing a steady escalation" of sophistication in hacking, Cluley said. "This is really the new era of cybercrime. We've moved from kids in their bedroom and financially motivated crime to state-sponsored cybercrime, which is interested in stealing secrets and getting military or commercial advantage."
China's Foreign Ministry dismissed the report as "groundless," and the Defense Ministry denied any involvement in hacking attacks.
China has frequently been accused of hacking, but the report by Virginia-based Mandiant Corp. contains some of the most extensive and detailed accusations to date linking its military to a wave of cyberspying against U.S. and other foreign companies and government agencies.
Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a drab, white 12-story office building run by "Unit 61398" of the People's Liberation Army.
The unit "has systematically stolen hundreds of terabytes of data from at least 141 organizations," Mandiant wrote. By comparison, the U.S. Library of Congress 2006-2010 Twitter archive of about 170 billion tweets totals 133.2 terabytes.
"From our observations, it is one of the most prolific cyberespionage groups in terms of the sheer quantity of information stolen," the company said. It added that the unit has been in operation since at least 2006.
Mandiant said it decided that revealing the results of its investigation was worth the risk of the hackers changing their tactics and becoming even more difficult to trace.
"It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively," it said.
In a statement faxed to The Associated Press, the Defense Ministry firmly rejected any involvement in hacking, saying Chinese law forbids all activities harming Internet security.
"The Chinese government has always firmly combated such activities and the Chinese military has never supported any form of hacking activity," the ministry said. "Statements to the effect that the Chinese military takes part in Internet attacks are unprofessional and are not in accordance with the facts."
Chinese Foreign Ministry spokesman Hong Lei did not directly address the claims, but when questioned on the report Tuesday, he said he doubted the evidence would withstand scrutiny.
"To make groundless accusations based on some rough material is neither responsible nor professional," Hong told reporters at a regularly scheduled news conference.
Reiterating a standard China government response on hacking claims, Hong said China itself is a major victim of such crimes, including attacks originating in the United States.
"As of now, the cyberattacks and cybercrimes China has suffered are rising rapidly every year," Hong said.
Mandiant's methodology used in the investigation was sound, said Massimo Cotrozzi, managing director of KCS Group, a London-based international cyber investigation consulting firm that was not involved in Mandiant's research.
"No one as yet has provided the world conclusive evidence of a link between the Chinese military and the attacks. This report is the nearest thing to conclusive evidence that I have seen," Cotrozzi said.
Mandiant said its findings led it to alter the conclusion of a 2010 report it wrote on Chinese hacking, in which it said it was not possible to determine the extent of government knowledge of such activities.
"The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them," the company said in a summary of its latest report.
It said the hacking was traced to the 2nd Bureau of the People's Liberation Army General Staff's 3rd Department, most commonly known as unit 61398, in the Shanghai suburbs.
News of the report spread Tuesday on the Chinese Internet, with many commentators calling it an excuse for the U.S. to impose greater restrictions to contain China's growing technological prowess.
Graham Cluley, a British cybersecurity expert who was not involved in Mandiant's research, said people in the computer industry believe China's government is behind such attacks but have been unable to confirm the source.
"None of us would be very surprised or be uncomfortable saying we strongly suspect the Chinese authorities are involved in spying this way," said Cluley, a senior technology consultant for security firm Sophos in Britain.
"I think we are seeing a steady escalation" of sophistication in hacking, Cluley said. "This is really the new era of cybercrime. We've moved from kids in their bedroom and financially motivated crime to state-sponsored cybercrime, which is interested in stealing secrets and getting military or commercial advantage."
We just need more secure operating systems like Linux. Probably all the hacks are done on Windoze machines. Bill Gates is responsible for most of the data loss, I bet  LoLÂ
Somebody said recently that the next war would not be fought with bullets and bombs but with 1s and 0s. Has the war begun?
@Nobody The prospect of a "cyber world-war" of 1's and 0's becomes deadlier as people become increasingly dependent on their electronic devices just to make it through the day.
But if you want to send a nation back to the Dark Ages, without spending the time to program a sophisticated worm, a simple EMP attack should do the trick. All it takes is a high-altitude nuke.
Dang Commies at it again.
sendChina a virus, A nice worm will do nicely, give it some intelligence let the Worm be stutnix Only a tad more personal and a tad more intelligent. have the thing programmed for it to attack street lights hardware making them go all nuts, and then have it shut down Nuke reactors. Mame it.. The Cracken..or "Godzilla". hmm give it some humor too..
@lee986321Â Lee, your spelling is..."magical" to say the least. Stutnix? Is that like Stuxnet in the form of Sputnik?
And Cracken...haha. Sorry, I just derive a lot of humor from your posts.
@lee986321 Yeah, because shutting down "Nuke reactors" went so well in Japan. Give this a try, throw away everything you own that was made in China, let that be your "worm".
This will escalate to nuclear war within 10 days. Mark my words.
And Obama will do nothing I'm sure. This is an outrage, I would be making threats. We have over a trillion dollars of their money and paying it back doesn't seem very appealing at the moment. Our conventional military forces can still plow over theirs, the real concern is their ICBMs.
In a different time in history this would have been considered an act of war.Â
You should all really look at labels and avoid China support. Look for the made in the USA words.Â
@Misanthrope97217 Do you honestly believe people can live with out their PS3's PS4's , X Boxes, and cellphones? do you Know how much of our crap comes from China?
If we aren't careful,  China will have almost as much information about us as our own government does.  I expect foreign powers to spy on us, but not our own government.  Of course obama has to keep an eye on those of us who voted against him.  He is looking at the events that have, and are happening  in the Middle East and is getting a little worried.
Do you take any medication for your paranoia?
@Oregon7812 Doesn't sound like paranoia to me.
HA HA HA... Keep your friends close... why should'nt they have access to anything they want? They OWN US!!!!
Wonder if romneybots offshored china company is benefiting ?
And yet we continue to buy cheap, crappy Chinese merchandise. Just try finding anything for sale in the US that isn't made over there.. The net result is the US being in huge debt to China, even as they continue to steal information and endanger our security more and more every day.
Exactly - it's the consumer that is doing this. Not some government conspiracy. It's the people of the US that want cheap products that have caused this.
Dang, if we had only voted in romneybot we could solve this problem by building battleships !
This comment has been deleted
Playenekes, racist much?
@trololol No he is not. The Chinese are sneaky and cannot be trusted when it comes to the USA. We cannot forget that they are a Communist country. Bottom line, they hate us. The government controls everything that the people do.
They are confiscating all land that their people have their homes on. It is just a matter of time before they confiscate all American factories in China.
They are treacherous and will do any thing they want ans we cannot stop them.
Personally, I would like to see them take over all the industries we have there. That is just what big business deserves.
Oh, and in case you do not believe me take a trip over there for a couple of weeks LIKE I DID.
he used a racial slur, apparently the moderator thought so as well and deleted his post.
@Leinenkugle's "The Chinese are sneaky and cannot be trusted when it comes to the USA."
Now replace "chinese" with "wall street thugs"
@trololol No, he's not, well , as long as the subject is only white people !
This is old news, but remember when our cyber command said things like this would be an act of war? Guess we'll just run with our tail between our legs from this one as well.
If the U.S. and Israel can do Stuxnet, why can't China f*** around as well? It's all fun and games.
@Reflect We're not threatening to destroy Israel. Clue?
@Playanekes So we're isreals pitbull ? Oh and noticed you got hit with the delete key above !
@sargerator @Playanekes and the mods delete powers are great thank you mod. MOD 1 Racial Person 0