Mandiant, a US securities company specialized in identifying sophisticated cyber attacks on both corporate and government entities, has tracked members of some of the most notorious Chinese hacking groups to the doorsteps of the Chinese military, making it increasingly difficult for the Chinese government to deny it does not engage in hacking theft. The study was first reported by the New York Times.
In one of the most detailed and comprehensive reports ever detailed on cyber crime stemming from China, the 60 page report investigated attacks on more than 140 U.S. and other foreign corporations and entities over seven years that stole hundreds of terabytes of data. The report linked individual members of such sophisticated Chinese hacking groups as “Comment Crew” or “Shanghai Group” to the doorsteps of headquarters of P.L.A. Unit 61398, a Chinese military post on the outskirts of Shanghai. The company could not prove the activities took place inside the 12 story building, but argued that no other plausible reason existed for why such a large number of attacks originated from such a small area. More than 90 percent of the attacks came from the vicinity of that location.
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, told the New York Times, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
To back up the allegations, Mandiant published a video of screenshots detailing the Chinese attacks.
Most of the companies were US based, though some were smaller U.S. local, state and federal government agencies and international governmental organizations overseas. More than stealing corporate secrets, the attacks are increasingly targeting critical infrastructure. Alarmingly, one North American target was a company that provided remote access to more than 60 percent of oil and gas pipelines in North America.
Chinese government officials denied the allegations, contending their country has been the target of a number of cyber-attacks stemming from the US.
‘‘Making unfounded accusations based on preliminary results is both irresponsible and unprofessional, and is not helpful for the resolution of the relevant problem,’’ said Hong Lei, a ministry spokesman. ‘‘China resolutely opposes hacking actions and has established relevant laws and regulations and taken strict law enforcement measures to defend against online hacking activities.’’
Following the report, the White House announced a broad effort using diplomatic approaches to deter cybercrime, though it fell short on specifying fines or other trade actions. The report calls for diplomatic pressure to foreign leaders to discourage theft and enhancing US legal operations to investigate and prosecute hackers.
“Trade secret theft threatens American businesses, undermines national security and places the security of the U.S. economy in jeopardy,” the White House report stated. “These acts also diminish U.S. export prospects around the globe and put American jobs at risk.”