At the time of that writing it was alleged that the Chinese military was behind those attacks. Proving such a thing is very complicated and one of the reasons that the US has done so little in the face of mounting Chinese attacks on US companies.
For their part, the Chinese steadfastly deny any state-sponsored hacking.
Unfortunately for Beijing, Mandiant, a computer security firm, has strong evidence “proving” that China’s military has been attacking the US and its companies for years.
Mandiant concluded that the Chinese military Unit 61398, located in Shanghai, was one such military hacking unit. As a matter of fact it was even uncovered that in 2004 that unit was actively recruiting hackers to join Unit 61398. This shows that Beijing has been updating its cyber army for quite some time now.
The Mandiant report (1) also states that:
Mandiant has been tracking security breaches or hacking since 2004. They claim that advanced threat actors “Advanced Persistent Threat” (APT) account for the majority of those breaches. Mandiant initially believed that the Chinese government authorized such groups but had no way to determine the extent of government involvement.
Proof of Government Involvement
Based upon their latest assessment, Mandiant claims to have evidence proving government involvement.
According to Mandiant, APT1 is one of the most prolific of these hacker groups and is operating out of China. APT1 has been in operation since 2006 and has stolen a significant amount of data from US companies. In this six year period, Mandiant has witnessed the attack group break into and compromise nearly 150 different companies in 20 different industries.
APT1 operates out of Shanghai and, according to Mandiant, is likely to be part of the Chinese People’s Liberation Army (PLA) Military Unit 61398. The proof of this claim is that not only are their goals similar but both operate out of the same area in Shanghai.
Key findings of the report are that:
–> APT1 operates under the cloak of secrecy and the nature of its work is considered a state secret
–>Mandiant believes that Unit 61398 engages in harmful computer network ops (i.e. hacking)
–> Unit 61398 is located on Datong Road in Gaoqiaozhen, Pudong, Shanghai in a 130,663 square foot 12 story building
–> Unit 61398 has a staff from hundreds to thousands of people
–> Its personnel has to be proficient in English and focuses its hacking on English speaking countries
–> The Unit steals intellectual property including blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations’ leadership
–> The average length of compromise was one year and the longest over four years
–> Mandiant has witnessed the group steal 6.5 terabytes of data over a ten month period (this is equal to 2.5 billion single-spaced typewritten pages or 500,000 phone books)
–> APT1 steals proprietary information from industries that China has defined as key to their growth and an area of strategic interest
–> APT1 has over 900 Command and Control Servers, most of which operate out of China
If this data is true, then one has to wonder if China has declared an economic cyber war on the US? From the quantity and type of data it would appear so. Is their goal merely to weaken the US economy through theft of technology and therefor eliminating our innovation leadership? And if their goal is to steal our competitive edge through cyber theft, then why have they broken into US networks such as those controlling our nuclear plants and or power grid?
Could China be hacking us into submission and compromising national security to prevent us from striking back? Mandiant alleges that the Chinese government is part of the data theft, but they make no claims as to the Chinese military being responsible for hacking strategic US assets. However, it has been shown that such attacks originated from China.
The question remains, what is China’s end-game?
The ‘Innocent Internet’ Malware, Botnets and All that Jazz
In order to understand Internet vulnerabilities, one first has to understand how the Internet functions.
Think of the Internet as our postal service. It was created to transmit information in the forms of 1′s and 0′s as efficiently as possible. Due to the limited nature of its early use, issues such as network and data security were not of primary importance. As such, the Internet is still naive.
In essence, the Internet is the nicest and most naive postman you ever met. Wrap a virtual nuclear bomb in an email, address it to a strategic US Asset, hit the “send” button and the naive net postman will deliver it in the bat of eye.
Absent security controls on the part of the US Asset, the device will be delivered and potentially opened where it can wreak havoc.
Contrast this to how the same scenario would play out in the real world.
The postman or postal service will ask what is in the package and then scan and possibly open it. The package is also subject to other forms of threat assessment that are not customary online.
In fact, the virtual “package” is not usually subject to as much scrutiny as a person peering into your car. The nature of the Internet is that it is built to efficiently transmit data. Attempts at understanding the data and policing it were not part of the initial plan and still are not mainstream. What this means is that the naive and open nature of the Internet make it an ideal weapon.