Home
More News
Get news delivered to you
BYTE Categories
News

China Denies U.S. Hacking Accusations: 6 Facts

Comments | Mathew J. Schwartz, InformationWeek | February 21, 2013 11:40 AM


Security firm Mandiant this week published evidence that it said ties the Chinese government to a six-year campaign of hack attacks that have compromised 141 businesses across 20 industries. Washington-based Mandiant's 74-page report covers only one of the dozens of cyber-espionage groups around the world, including more than 20 in China, that the company said use advanced persistent threats (APTs) -- including spear-phishing attacks -- to compromise their targets. Mandiant refers to the group in its report as "APT1."

"From our observations, it is one of the most prolific cyber-espionage groups in terms of the sheer quantity of information stolen," according to Mandiant's report. "The scale and impact of APT1's operations compelled us to write this."

More Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

[ Want more on U.S. cybersecurity defense? Read White House Cybersecurity Executive Order: What It Means. ]

Based on Mandiant's research, as well as reaction from security experts and the Chinese government, here's what's known -- and what remains in question -- about the activities of the APT1 hacking group:

1. Mandiant Traces APT1 Attacks To Shanghai

Mandiant's report wasn't notable for the fact that it accused the Chinese government of supporting APT attacks at U.S. businesses, but rather for the volume of evidence -- albeit circumstantial -- that it presented. Furthermore, Mandiant accused APT1 of not just being supported by the Chinese government, but actually part of the People's Liberation Army (PLA) Unit 61398, which is an elite military hacking unit.

Mandiant's conclusions come in part from tracing IP addresses used in attacks to a specific, 12-story, beige building in the Pudong district of Shanghai, where Mandiant found that China Telecom had "provided a special fiber optic communications infrastructure." Mandiant also cited documents from China Telecom noting that the facility had been built together with Unit 61398, which the documents also referred to as "GSD 3rd Department, 2nd Bureau," which refers to the PLA General Staff Department's 3rd Department, which is -- again -- also known as PLA Unit 61398.

Adding to the intrigue, a BBC correspondent reported that he'd been briefly detained Tuesday after attempting to visit the building.

2. Symantec Says Attacks Began In 2006

Security software vendor Symantec said that the activities of the APT1 group, which it calls the Comment Crew -- because the group has hidden attack commands inside HTML comments -- began more than six years ago. "The report cites the earliest known public reference about APT1 infrastructure as originating from Symantec," according to a blog post from Symantec Security Response. "We have detected this threat as Backdoor.Wualess since 2006 and have been actively tracking the group behind these attacks."

According to Symantec, APT1's attacks often involve spear-phishing emails with such subject lines as "U.S. Stocks Reverse Loss as Consumer Staples, Energy Gain.zip" and "New contact sheet of the AN-UYQ-100 contractors.pdf." The attacks have targeted businesses in numerous industries, "including finance, information technology, aerospace, energy, telecommunications, manufacturing, transportation, media and public services," it said.

The Mandiant report, however, didn't break any new ground in the Comment Crew discussion. "There really wasn't much new that came out of that Mandiant report, except for them identifying a specific building and putting all these details on that in there," said former Gartner Group analyst John Pescatore, who last month became the director of emerging security trends at the SANS Institute, speaking by phone.

3. Chinese Government: Allegations Are "Baseless"

The Chinese government has dismissed Mandiant's allegations. In particular, the Xinhua News Agency -- which is the Chinese government's official press agency -- published a "commentary" Wednesday that dismissed the Mandiant report as "amateurish," saying its conclusions were "baseless and revealing," including its tying of Shanghai IP addresses to a specific Chinese government military unit, although it offered no evidence to refute the allegations.

"One does not need to be a cybersecurity expert to know that professional hackers usually exploit what is called the botnet in other parts of the world as proxies for attacks, not their own computers," according to the commentary. "Thus, it is highly unlikely that both the origins of the hackers and the attacks they have launched can be located."



Related Reading

News

Commentary

Most Popular

On the Web



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

BYTE encourages readers to engage in spirited, healthy debate, including taking us to task. However, BYTE moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. BYTE further reserves the right to disable the profile of any commenter participating in said activities.

COMMENTS
Tune In to BYTE
Facebook Twitter LinkedIn Newsletter RSS
Whitepapers
whitepaper
CIO Strategies for Consumerization: The Future of Enterprise Mobile Computing
In this paper you will learn the five trends shaping the future of enterprise mobility. Learn how the rise of social media as a business application, the lurring between work and home, the emergence of new mobile devices, the demand for tech savvy employees and changing expectations of corporate IT will fundamentally change the workplace.
whitepaper
Media Tablets in the Enterprise
In a survey of more than 1,700 information workers (iWorkers) in North America, notebooks, desktops, and smartphones were found to be “must-have” devices, while tablets, slates, and netbooks were relegated to “nice-to-have” status, according to a commissioned study conducted by Forrester Consulting on behalf of Dell and Intel.
Sponsored by: Dell
Upcoming Events
  • Smarter Mobile Security: Securing BYOD
  • Smarter Mobile Security: Minding the Gaps
  • Next-Gen Firewall Management – Take advantage of advanced threat protection with IPS
  • A Tipping Point in the Battle Against Cyber Attacks
  • Cyber Attacks: Are You Really Safe?


    • More Webcasts>>