US security firm says that Single Chinese hacking unit responsible for stealing terabytes of data from hundreds of organizations
If you’re worried that China will grow to one day rule all things and become the world’s biggest and most feared superpower, it probably doesn’t help to know that a computer security firm published a report that states hundreds of terabytes of governmental and industrial data have been stolen by a single Chinese hacker unit.
Computer security firm Mandiant claims that a single hacker unit of the People’s Liberation Army, dubbed Unit 61398, is a prolific hacking force with which to be reckoned, accounting for hundreds of terabytes of stolen data tracing all the way back to 2006. Of course, China’s Defense Ministry denied the reports of a government-backed hacking unit, and said Mandiant’s accusations were unprofessional — not that a government would willingly own up to clandestine security missions that could conceivably start a war with another country of significant power. Mandiant claims it released the report in an effort to “arm and prepare” security experts in the face of the supposed threat.
Mandiant said that Unit 61398 is located in a 12-story building in a financial and banking area of Shanghai, the Pudong district, and is (possibly) composed of thousands of people that can not only speak English, but are knowledgeable in the areas of networking and programming as well. The building reportedly looks fairly normal, sitting in the middle of a residential area, without any visible signs of extra security aside from a sign saying that the area is a restricted military zone. The teams, the report claims, are put together by targeting students who excel at speaking English, and sending them into training programs. This results in hackers who can mimic colloquial English language, passing off as nothing out of the ordinary, then launching attacks on a system’s security.
Perhaps amusingly, a spokesperson for the Chinese Foreign Ministry, Hong Lei, said that China has similar reports suggesting that the United States is responsible for the same crime of hacking and information theft in China. (See: Black hat down: What happened to the world’s most famous hackers?)
When you tell someone that you’re onto a strategy of theirs, that’s usually enough for them to change it, just in case you really do know what they’re up to. You might wonder, then, why Mandiant would divulge information that would cause China to change its supposed strategies. The security firm claims that the scale of the attacks was enough justification to reveal it was aware of China’s reported efforts. Though Mandiant’s report is chock-full of info, it’s not entirely conclusive that the report is accurate — or even true.
Jeffrey Carr, CEO of another computer security firm Taia Global, said that Mandiant’s report has “critical analytic flaws.” Carr claims that though China could be the source of the security breaches, other origins have not yet been explored enough, such as other hacker groups being responsible, but using China as a cover. Even if the origin of the hacks could be traced to a specific cubicle in a Chinese office, that doesn’t mean the Chinese government is responsible, as the hacker could be acting on someone else’s behalf. Carr also states that Mandiant never actually pinned down that specific 12-story building, but rather traced IP addresses to a section of China in which said building is located.
Granted, just because Mandiant’s research may not have explored every angle doesn’t mean China is suddenly free of blame. With the ubiquity of computers and the ever-accelerating bleeding edge of high technology, it’d be a wonder if any government wasn’t involved in some kind of cyber espionage, much less one presiding over a country as large as China. Whatever the case may be, the US government should seek more information before launching any attack that amounts to more than investigative counter intelligence.
Comments