China Weaponizes Cyberspace

A damning, 60-page report released by American computer security firm Mandiant reveals that a 12-story building on the outskirts of Shanghai is most likely the epicenter of ongoing cyber attacks perpetrated against a number of American corporations and government agencies, as well as entities such as power grids, gas lines and water works. The building, located in a run-down section of the city, is the headquarters of the People’s Liberation Army (PLA) Unit 61398. A 2010 report by Mandiant questioned whether the Chinese government was directly involved in such hacking. No longer. “The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them,” the report states.

The report further notes that “Mandiant continues to track dozens of APT (Advanced Persistent Threat) groups around the world; however, this report is focused on the most prolific of these groups. We refer to this group as ‘APT1′ and it is one of more than 20 APT groups with origins in China. APT1 is a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2006. From our observations, it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen.”

The units involved in the hacking from APT1 are known as the “Comment Crew” or “Shanghai Group” by those they have victimized in the U.S. And while Mandiant cannot determine with absolute certainty that the attacks are coming from the building itself, they insist that the high volume of hacking attacks originating from such a small area offers no other plausible explanation. “Either they are coming from inside Unit 61398,” said Kevin Mandia, CEO and founder of Mandiant, in a recent interview, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”

The base, well-known to those who live in the area, is guarded by men in PLA uniforms. Although there is no sign identifying the building, orders printed in English and Chinese have been posted outside: “Restricted military area. No photographing or filming.” According to Mandiant, the army of cyberwarriors operating out of the Shanghai headquarters has “systematically stolen hundreds of terabytes of data from at least 141 organizations and has demonstrated the capability and intent to steal from dozens of organizations simultaneously.” Such thefts include “broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations’ leadership.”

The increase in thefts has apparently forced President Obama’s hand. Yesterday, the Associated Press reported that the White House is considering fines and/or other trade penalties as a means of blunting the ongoing cyber espionage, according to officials who spoke on condition of anonymity because they were not authorized to speak publicly about the issue.

U.S. officials also refused to comment directly on Mandiant’s report. But they did reveal that cyber-defenses are being strengthened, and that such strengthening is underscored by an executive order aimed at improving them. Also as a result of that order, signed by the president last week, the government will begin sharing with U.S. Internet providers information regarding the unique “digital signatures” of the largest APT groups, including Comment Crew and others, emanating from the vicinity where PLA Unit 61398 is based. Yet due to diplomatic sensitivities, the attacks will not be specifically linked to the Chinese army. Whether the attackers themselves will be publicly named–and accused of stealing–is currently under debate. However, administration officials have revealed China will be notified that the ongoing volume and sophistication of the attacks threatens the “fundamental relationship” between the two nations.

State Department spokeswoman Victoria Nuland and White House Press Secretary Jay Carney confirmed on Monday that a dialogue with the “highest levels” of the Chinese government, including with “officials in the military,” has been initiated. “It is a major challenge for us in the national security arena,” Carney added.

On Tuesday, White House spokeswoman Caitlin Hayden, who noted that the administration was aware of Mandiant’s report, echoed those concerns. The United States “has substantial and growing concerns about the threats to U.S. economic and national security posed by cyber intrusions, including the theft of commercial information,” she said.

The potential consequences of such attacks cannot be underestimated. For example, Mandiant revealed that one of the targets of these attacks, initiated by Comment Crew, was the Canadian arm of Televent, a company that maintains access to over 60 percent of the oil and gas pipelines in North America. Project files were stolen, but access was cut off before the intruders could gain system control. Another target was RSA, a computer security firm whose protective codes are used by corporate and government databases. Furthermore, most of the attacks by APT1 are sustained for considerable periods of time. The report reveals that “APT1 maintained access to victim networks for an average of 356 days,” and that access to one victim was maintained for “1764 days, or four years and ten months.”

None of this cyber warfare is new. In 2008, a Congressional panel comprised of six Democrats and six Republicans issued a report in which they unanimously agreed that China was regularly targeting databases used by the United States government and American defense contractors. “China is aggressively pursuing cyber warfare capabilities that may provide it with an asymmetric advantage against the United States,” the commission warned. What is new is that the release of the Mandiant report has brought additional pressure to bear, and administration officials now believe more forceful action is necessary.

“If the Chinese government flew planes into our airspace, our planes would escort them away,” said Shawn Henry, former assistant director of the FBI. “If it happened two, three or four times, the president would be on the phone and there would be threats of retaliation. This is happening thousands of times a day. There needs to be some definition of where the red line is and what the repercussions would be.” James Lewis, a cyber-security expert at the Center for Strategic and International Studies, believes the White House is serious about dealing with the issue, but it won’t be easy. “This will be the year they will put more pressure on, even while realizing it will be hard for the Chinese to change. There’s not an on-off switch,” Lewis warned.

On Monday, Chinese of Foreign Affairs spokesman Hong Lei insisted there was no government involvement in these attacks. ‘‘China resolutely opposes hacking actions and has established relevant  laws and regulations and taken strict law enforcement measures to defend against online hacking activities,’’ he said.

Yesterday, the Chinese Defense Ministry doubled down, claiming Mandiant’s analyses are scientifically flawed, making them unreliable. “The report, in only relying on linking IP address (sic) to reach a conclusion the hacking attacks originated from China, lacks technical proof,” the ministry said in a statement on its website. “Everyone knows that the use of usurped IP addresses to carry out hacking attacks happens on an almost daily basis. Second, there is still no internationally clear, unified definition of what consists of a ‘hacking attack.’ There is no legal evidence behind the report subjectively inducing that the everyday gathering of online (information) is online spying,” it added.

Mandiant concludes otherwise:

In a State that rigorously monitors Internet use, it is highly unlikely that the Chinese Government is unaware of an attack group that operates from the Pudong New Area of Shanghai. The detection and awareness of APT1 is made even more probable by the sheer scale and sustainment of attacks that we have observed and documented in this report. Therefore the most probable conclusion is that APT1 is able to wage such a long-running and extensive cyber espionage campaign because it is acting with the full knowledge and cooperation of the government. Given the mission, resourcing, and location of PLA Unit 61398, we conclude that PLA Unit 61398 is APT1.

China claims that it too is a victim of cyber attacks citing figures that reveal a “considerable number of attacks against them have originated in America. But we don’t use this as a reason to criticize the United States,” the ministry said.

The Mandiant report renders such diplomatic niceties obsolete, and so far, the president has talked the right talk. “Our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems,” he said during his State of the Union speech. “We cannot look back years from now and wonder why we did nothing.” As the detailed report so chillingly emphasizes, doing nothing is no longer an option.

Freedom Center pamphlets now available on Kindle: Click here.

  • http://www.adinakutnicki.com AdinaK

    A radical leftist, socialist, Marxist and communist sympathizing POTUS is the wrong Commander-in-Chief at any time, most of all when China is ascendant and bent on knocking the US to the ground.
    Moreover, how many realize the untold amount of Chinese students, who are foreign exchange students in US universities, many of them at two of the most cutting edge, elite technological powerhouses in the world – MIT & Caltech? This is not supposition? I know this for a fact. My sons graduated from both these campuses (referenced in the "About" tab at my blog), and as white (and Jewish) they were the minorities on campus! The amount of Chinese, spoken by the students, as well as the relatives who visited, was staggering. But never mind….

    In any case, America has radical thugs at the helm and they will do nothing – other than bloviate – about the core threat – http://adinakutnicki.com/2012/10/07/when-authenti

    Adina Kutnicki, Israel http://adinakutnicki.com/about/

    • Jim_C

      Hey Adina, congrats on being the very first to post your "insights" and promote your blog once again!

      Yes, our radical Muslim communist in Chief is really something with this China thing, huh? Why don't we just blame him for the trade deficit and call it a day?

      Jim C, USA, http://adinasyousocrazy.com/2013

      • Ziggy Zoggy

        Hey Germ-C, congrats on being the very first troll to attack a jew and promote your stupidity on this thread!

        Yes our radical Erkel in Chief is really something with his impotent posturing on this China thing, eh? Why increase the taxes on Chinese imports when you can whine about the trade deficit instead? Why not asign responsibility to our government's CEO and call it a day?

      • Mary Sue

        *facepalm*

      • Marc

        And while we are at it lets blame him for the weather too. Look i am not an Obama lover but some people in here have selective memories.

        • Ziggy Zoggy

          Mook,

          nobody blamed your obamessiah for anything but feckless incompetence. He has done absolutely nothing but mouth hot air about China and its Imperialism since day one and has appeased its autocrats at every turn.

          And why not blame President Erkel for the weather? He wants to spend trillions of our tax dollars on global warming even though it is cold as f—- and has been for decades.Bush got blamed for hurricane Katrina hitting an area mismanaged by Dems, but the Anointed One was praised for his incompetent reaction to Hurricane Sandy and the Gulf oil spill.

          The Chicoms probably read more of his files than he does.

  • Billyb9

    Where's a good drone when you need one?

    • objectivefactsmatter

      "Where's a good drone when you need one?"

      Hopefully entering mass production along with weapons systems to fully arm the expanded fleets.

      Peace through strength is the only peace that actually exists.

    • Raymond in DC

      I wouldn't be surprised to learn that China has already pilfered US drone technology. Some of it from cyber espionage, some from close examination of the US drone captured by Iran in 2011.

      • Mary Sue

        and don't forget the Loral Space thing from the Clinton Era!

  • cxt

    Staggering…..something needs to be done about this.

    If nothing is done it will encourgae more such cyber attacks. Perhaps we should consider it an "economic attack" and fine China a billion dollars or so–in the form of refusing to pay on that much of out debt to them.

    Financial debts to foes are often not honered in time of war–as long as the Chinese are "attacking" us then we should consider not paying on the debt they own.

    Problem is that whom will by our debt–few but the chincese can afford it. Another problem with the having the run-away debt we do.

    • Ziggy Zoggy

      cxt,

      who cares who buys our government's debt? It is debt. If America defaults, what can anybody or anything do about it besides wail impotently or start a battle of some kind they cant possibly win?

  • Bishant

    US made China what it is today. Big multinational corporations like Apple have invested heavily in the country, there has been a huge transfer of technology and what’s more US has also become the main market for Chinese goods. Yet you guys moan about a few measly jobs, the jobs that no one wants to do in US anyways, transferred to India. And now you moan about China getting all powerful?

    • JoJoJams

      Really?? All the tech jobs in programming and support sent to India that "no one wants to do in the U.S.". You can't be serious, Bishant. Usually the "no one wants to do it" line is used in defending illegal aliens and the manual labor of picking crops and mowing lawns, not high-tech (or mid-tech) jobs. Wow. Did you write that with a straight face, or did I miss the sarcasm, because you can't be serious on that comment! NOTE: I do agree with the gist of what you are saying, in that we brought this on ourselves with our imbalance in trading with China and not holding them accountable for corporate espionage, which they have been doing for DECADES now – remember the "hard drive incident" that happened under the Clinton administration?

    • Ziggy Zoggy

      Pishant,

      this is not a US government website and hacking into American computer networks doesn't make China all powerful.

    • Fritz

      Actually contrary to popular belief the main market for Chinese goods is not the U.S but Europe, hence why the Chinese economy is slowing down. But it's the very height of stupidity to think that you can maintain trade secrets in a country that has no intellectual property rights.

  • BLJ

    I have never trusted those zipperheads. Red China and Islam are the two greatest enemies the U.S. has. Obama do something? Please.

    A nice bunker buster bomb would be a nice housewarming gift for those commies.They are also heavily invested in nanotechnology. Their overall objective is to take possession of the United States. Their military has said as much.

    • Hawk

      So now it's a race as to who takes over America. Is it the Chinese or the Muslims? We can't just blame Obama. Nixon went to china and that started the trend and then Obama embraced the Muslims. Where will this end?

      • BLJ

        Go educate yourself on what China's real military goals are. When you are done read up on the Muslim Brotherhood. Nixon wasn't a Muslim and never hung out with creeps like Bill Ayers.

        • Hawk

          I never said Nixon was a Muslim. Maybe you need to take a course on learning to understand what you read.

      • Ziggy Zoggy

        Chicken Hawk;

        Nixon did not preside over a trade deficit with China. Obama is the country's CEO and Commander in Chief of its military. We absolutely can blame him.

        Change your screen name to Surrender Monkey like a good little troll.

        • Hawk

          Maybe you should have a screen name related to your brain. "Zig Zag. I never said that Nixon was responsible for the trade deficit. Try blaming all the presidents after him if you can remember their names. So go troll that moron.

          • Jeff Bargholz

            Surrender Monkey,

            you said that Nixon started the trend. If your reading comprehension level is so low that you cant even understand your own writing then you should think twice about insulting somebody else's intelligence.

            Of course, I am being generous when I credit you with the ability to think. Obamatons are all preprogrammed.

  • Alex Kovnat

    China is doing a good job developing nuclear energy while Germany (and other nations) have decided to give up on nuclear power for all time. For that, China should be applauded. But when I see how C. is waging cyber-war against us, I think we should look at the possibility of outlawing imports of various goods from China, for the overall good of our society. No matter how good any of China's cars (or parts thereof) may be, the overriding issue may well be that we are dealing with a nation that is at war with us.

    • Ziggy Zoggy

      Alex,

      "No matter how good any of China's cars (or parts thereof.)"

      As good as their toothpaste, pet food and all the other crap they make. Only a fool would drive a car made in China.

  • mekus milkdud

    we practically give our technology away something we spend trillions to develop and borrow money to research and upkeep then spend more money to upgrade to protect against the $h!t we gave away that is the way of the States but look who is running it, taken over by Muslims when you have more of them then you lose

  • WilliamJamesWard

    Not to worry, Obama will save us……………………William

  • 11bravo

    Who doesn't think the US Gov is NOT completely up the Chi-Coms computer arses? What goes around comes around. We are still waaaay out ahead of these commies.

  • SCREW SOCIALISM

    I know that I would never eat any food from China. Too many stories of contaminated food or drugs from China.

    "Progressive" China executed heads of companies that were the source of tainted food.

    But you don't see "progressives" in the West in outrage mode.

  • Fritz

    This firmly illustrates the stupidity behind trying to establish a "Smart" electrical grid, wireless or otherwise. If the Chicoms haven't figured it out by now they will soon know how to shut down electricity service at will as the "dumb" grid schemes makes the electricity infrastructure less secure then ever. Another green energy scam that will bear bitter fruit.