Security firm accuses China’s army of hacking the US

posted at 12:01 pm on February 19, 2013 by Ed Morrissey

Their lips say no no no, but apparently their IPs say yes. A five-year investigation by Mendiant concluded that the Chinese military has conducted an active cyberwar on American firms and on our government’s computer systems, perhaps the most massive espionage effort in history.  They even found the location of the group conducting the cyberwar from Shanghai:

A shadowy unit of China’s vast army, tucked away in a nondescript office building in the thriving business hub of Shanghai, is behind a huge proportion of the hacking attacks on U.S. websites, according to an American cybersecurity firm.

Mandiant released a detailed 60-page report (PDF) Tuesday claiming its “research and observations indicate that the Communist Party of China is tasking the Chinese People’s Liberation Army to commit systematic cyber espionage and data theft against organizations around the world.”

The report says Mandiant tracked thousands of computer attacks on U.S. companies and organizations, starting in 2006 and rapidly increasing right into this year, from one specific neighborhood in Shanghai. Mandiant found that a vast majority of the attacks were coming from one group of hackers, dubbed by the company “Advanced Persistent Threat 1″, or APT1.

“We ran into APT1 again and again and again, so we started observing and orienting toward APT1 just because of the volume of attacks they were doing,” Mandiant founder and chief executive Kevin Mandia told The New York Times. “After responding to APT1 for years, at over 100 different organizations, you start to pick up patterns… over 98 percent of the time, when they were doing their intrusions in the U.S. companies, they were also using computer addresses from Shanghai. So I called 98 percent not an anomaly.”

Researching the attacks led Mandiant to a tall building on the outskirts of Shanghai, with satellite dishes on the top and a secure perimeter, which houses Unit 61398 of the People’s Liberation Army.

China denies this allegation, not surprisingly:

The Chinese military has repeatedly denounced such accusations.

China’s Ministry of Foreign Affairs spokesman Hong Lei on Tuesday challenged the report’s findings and countered that, “In fact, China is one of the main victims in cyber attack.

“Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult,” he said. “We don’t know how the evidence in this so-called report can be tenable.”

Mandiant scoffs at this explanation, and says it is long past time to hold China accountable for its actions in cyberspace:

“It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,” the report said. “Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns.”

CNN interviewed Mandiant VP Grady Summers, who says the company expects “reprisals” from China:

How smart would that be, though? Think of this as the difference between symmetrical and asymmetrical warfare. Hackers have less risk attacking softer targets whose sophistication levels far fall below their own. Attacking Mandiant would turn this into symmetrical warfare, and would expose their own tactics and allow Mandiant to develop effective countermeasures. It seems more likely that China might harass Mandiant with time-wasting but relatively low-risk attacks, but concentrate even more on the soft targets in the US before Mandiant can harden them sufficiently.


Related Posts:

Breaking on Hot Air

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

Trackbacks/Pings

Trackback URL

Comments

the Chinese military has conducted an active cyberwar on American firms and on our government’s computer systems, perhaps the most massive espionage effort in history.

In other news, a twenty-year government grant just announced the shocking conclusion that rain is wet.

Happy Nomad on February 19, 2013 at 12:08 PM

Charge the damages, actual and potential, including loss of profit, damage to reputation, and copyright infringement penalties, against our bond debt to China. That’s a rare move in which EVERYBODY wins – Obama, Republicans, Democrats, even the public – except the Chi-Com, but they made their own bed.

Archivarix on February 19, 2013 at 12:12 PM

We hack them too.

In fact, I’ve even heard reports that we DO IT BETTER than they do!

Welcome to modern warfare.

HondaV65 on February 19, 2013 at 12:16 PM

Charge the damages, actual and potential, including loss of profit, damage to reputation, and copyright infringement penalties, against our bond debt to China. That’s a rare move in which EVERYBODY wins – Obama, Republicans, Democrats, even the public – except the Chi-Com, but they made their own bed.

Archivarix on February 19, 2013 at 12:12 PM

China would retaliate by refusing to loan us any more money. Which is fine by me actually.

HondaV65 on February 19, 2013 at 12:17 PM

The hacking part is included in the 25% APR on the American debt that the Chinese are carrying.

The United States government should read the fine print.

OhEssYouCowboys on February 19, 2013 at 12:19 PM

We hack them too.

In fact, I’ve even heard reports that we DO IT BETTER than they do!

HondaV65

Your faith in the power of Obama is nothing if not unwavering.

chimney sweep on February 19, 2013 at 12:19 PM

Security firm accuses China’s army of hacking the US

Every century has it’s own special “Well Duh, who didn’t know that” moment”. this may well be the 21st Centuries defining “Well Duh, who didn’t know that” moment”.

It started on September 11th 2008 at 11am.

Another September 11!

By Parwaiz Khan
Electronic Run on the Banks on September 11, 2008

Paul Kanjorski (D-Pa.), chairman of the House Capitol Markets subcommittee stated on C-SPAN that on September 11 around at 11 AM , the Fed noticed the tremendous drawdown in the money market accounts from big banks. Just in two hours – that is, from 9:00 AM to 11:00 AM – the amount withdrawn had reached $550 Billion.

The Fed, understanding the implications sunk $105 Billion of Treasury money into the banks, but it didn’t stem the outflow. After one hour they shut the whole operation down, meaning – No more money could be withdrawn.

The estimates were that had it been allowed to continue, by 2PM $5.5 Trillion could have been withdrawn.This would have collapsed the whole U.S. economy, and within 24 hours the economy of the whole World.

It has continued unabated since.

SWalker on February 19, 2013 at 12:20 PM

This 12-story building on the outskirts of Shanghai is the headquarters of Unit 61398 of the People’s Liberation Army. China’s defense ministry has denied that it is responsible for initiating digital attacks.
================

Liars!!

Oh,maybe a Cruise-Missile could accidently be programmed,say in a training mission,um,kinda like the accidental taking
out of the Chinese Embassey in Serbia,by Clinton!!
(sarc)

canopfor on February 19, 2013 at 12:21 PM

I would say it isn’t only “hacking” over the Internet. If you are doing software development in China, particularly for software that is imbedded in hardware, that’s probably being “hacked”, too. The Chinese Army is probably writing your software.

crosspatch on February 19, 2013 at 12:22 PM

抵抗是徒勞的。

petefrt on February 19, 2013 at 12:26 PM

It seems more likely that China might harass Mandiant with time-wasting but relatively low-risk attacks, but concentrate even more on the soft targets in the US before Mandiant can harden them sufficiently.

Like the United States government.

OhEssYouCowboys on February 19, 2013 at 12:27 PM

抵抗是徒勞的。

petefrt on February 19, 2013 at 12:26 PM

All your bases are belong to us????

SWalker on February 19, 2013 at 12:27 PM

China would retaliate by refusing to loan us any more money. Which is fine by me actually.

HondaV65 on February 19, 2013 at 12:17 PM

Once a precedent is created, Europe will grab for a similar excuse not to pay like a high-society whore for a cocaine bag. With nobody to buy their plastic crap. Hundreds of thousands of factories will close within a month. And after another month, the Chi-Coms will have a mass revolt on their hands.

Archivarix on February 19, 2013 at 12:28 PM

抵抗是徒勞的。

petefrt on February 19, 2013 at 12:26 PM

That made me LOL – literally.

I’m assuming that it translates:

We hack imperialist, but lesser Commie countries – like America – too.

OhEssYouCowboys on February 19, 2013 at 12:29 PM

What difference does it make?!?
-HC

RedManBlueState on February 19, 2013 at 12:30 PM

Again, it’s just a coincidence that the suspect facility is in my neighborhood.

DarkCurrent on February 19, 2013 at 12:35 PM

SWalker on February 19, 2013 at 12:27 PM

Good guess. It’s close.

petefrt on February 19, 2013 at 12:36 PM

Does this mean that China will be voted to head the United Nation’s new International Computer Security Organization? -

SPECTRE

OhEssYouCowboys on February 19, 2013 at 12:36 PM

抵抗是徒勞的。

petefrt on February 19, 2013 at 12:26 PM

It most certainly could be!

来自各地的了!

Scrumpy on February 19, 2013 at 12:38 PM

Don’t ya just luv Google translate! (The only good thing of theirs I like)…

Scrumpy on February 19, 2013 at 12:39 PM

Scrumpy on February 19, 2013 at 12:38 PM

Shhh, but I responded to your comment over at my place…

SWalker on February 19, 2013 at 12:40 PM

Cyber espionage, criminal I say!! Lol.

Scrumpy on February 19, 2013 at 12:41 PM

SWalker on February 19, 2013 at 12:40 PM

Okie dokie :-)

Scrumpy on February 19, 2013 at 12:41 PM

抵抗是徒勞的。

petefrt on February 19, 2013 at 12:26 PM

It most certainly could be!

来自各地的了!

Scrumpy on February 19, 2013 at 12:38 PM

You two know that it’s rude to speak the lingo amidst those who no habla Chino.

;O)

OhEssYouCowboys on February 19, 2013 at 12:43 PM

Don’t ya just luv Google translate! (The only good thing of theirs I like)…

Scrumpy on February 19, 2013 at 12:39 PM

Ahhhhhhhhhhhhhhhhh, K.

OhEssYouCowboys on February 19, 2013 at 12:45 PM

What the hell is wrong with the CIA? With the help of their consultants and the NSA, they should go after the Chinese with all guns blazing. This is clearly not happening! No “proof” is necessary. The CIA was established to replace the OSS, not the Boy Scouts. What a bunch of worthless, bureaucratic slugs!

John Adams on February 19, 2013 at 12:45 PM

抵抗是徒勞的。

petefrt on February 19, 2013 at 12:26 PM

It most certainly could be!

来自各地的了!

Scrumpy on February 19, 2013 at 12:38 PM

You two know that it’s rude to speak the lingo amidst those who no habla Chino.

;O)

OhEssYouCowboys on February 19, 2013 at 12:43 PM

01010100 01101000 01100101 01110010 01100101 00100000 01100001 01110010 01100101 00100000 00110001 00110000 00100000 01101011 01101001 01101110 01100100 01110011 00100000 01101111 01100110 00100000 01110000 01100101 01101111 01110000 01101100 01100101 00100000 01101001 01101110 00100000 01110100 01101000 01100101 00100000 01110111 01101111 01110010 01101100 01100100 00101100 00100000 01110100 01101000 01101111 01110011 01100101 00100000 01110111 01101000 01101111 00100000 01110101 01101110 01100100 01100101 01110010 01110011 01110100 01100001 01101110 01100100 00100000 01100010 01101001 01101110 01100001 01110010 01111001 00100000 01100001 01101110 01100100 00100000 01110100 01101000 01101111 01110011 01100101 00100000 01110111 01101000 01101111 00100000 01100100 01101111 01101110 00100111 01110100 00101110

SWalker on February 19, 2013 at 12:47 PM

Scrumpy on February 19, 2013 at 12:38 PM

愛國者不應該浪費時間與批評,而不是讚揚我們光榮的領導者。

petefrt on February 19, 2013 at 12:48 PM

我的一個歡迎我們的新中國的霸主。

I for one welcome our new Chinese overlords.

Happy Nomad on February 19, 2013 at 12:51 PM

SWalker on February 19, 2013 at 12:47 PM

01000011 01101111 01101111 01101100 00100000 00100001

petefrt on February 19, 2013 at 12:51 PM

01010100 01101000 01100101 01110010 01100101 00100000 01100001 01110010 01100101 00100000 00110001 00110000 00100000 01101011 01101001 01101110 01100100 01110011 00100000 01101111 01100110 00100000 01110000 01100101 01101111 01110000 01101100 01100101 00100000 01101001 01101110 00100000 01110100 01101000 01100101 00100000 01110111 01101111 01110010 01101100 01100100 00101100 00100000 01110100 01101000 01101111 01110011 01100101 00100000 01110111 01101000 01101111 00100000 01110101 01101110 01100100 01100101 01110010 01110011 01110100 01100001 01101110 01100100 00100000 01100010 01101001 01101110 01100001 01110010 01111001 00100000 01100001 01101110 01100100 00100000 01110100 01101000 01101111 01110011 01100101 00100000 01110111 01101000 01101111 00100000 01100100 01101111 01101110 00100111 01110100 00101110

SWalker on February 19, 2013 at 12:47 PM

LOL

:O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\
:O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\
:O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\
:O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\
:O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\
:O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\
:O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\ :O/ :O\

OhEssYouCowboys on February 19, 2013 at 12:52 PM

Really!!!!!!

Reuters Politics ‏@ReutersPolitics

White House says has repeatedly raised concerns about Chinese cyber hacking with senior Chinese officials

canopfor on February 19, 2013 at 12:52 PM

petefrt on February 19, 2013 at 12:48 PM

是調用我們的領袖鼠耳難怪認為批評嗎?

Happy Nomad on February 19, 2013 at 12:54 PM

Read Clancy’s new book “Threat Vector”
It’s all in there. Really !

Jabberwock on February 19, 2013 at 12:54 PM

What the hell is wrong with the CIA? With the help of their consultants and the NSA, they should go after the Chinese with all guns blazing. This is clearly not happening! No “proof” is necessary. The CIA was established to replace the OSS, not the Boy Scouts. What a bunch of worthless, bureaucratic slugs!

John Adams on February 19, 2013 at 12:45 PM

With all due respect, I want the CIA and NSA to conduct the kind of cyber black ops that don’t leave fingerprints or proof behind.

Happy Nomad on February 19, 2013 at 12:55 PM

@ Petefrt;

批评可以是一个有价值的资产,如果仅亲爱的领袖会听!

One day HA may not allow us this luxury! ;-)

Scrumpy on February 19, 2013 at 12:55 PM

SWalker on February 19, 2013 at 12:47 PM

What did you say? ;-)

Scrumpy on February 19, 2013 at 12:56 PM

Read Clancy’s new book “Threat Vector”
It’s all in there. Really !

Jabberwock on February 19, 2013 at 12:54 PM

Nope, Clancy is just another arrogant liberal hack. I have no intention of enriching him by getting his book.

Happy Nomad on February 19, 2013 at 12:56 PM

Happy Nomad on February 19, 2013 at 12:54 PM

Nice one ;-)

Scrumpy on February 19, 2013 at 12:57 PM

FYI, first sentence… Its Mandiant not Mendiant

Zetterson on February 19, 2013 at 1:00 PM

Nope, Clancy is just another arrogant liberal hack. I have no intention of enriching him by getting his book.

Happy Nomad on February 19, 2013 at 12:56 PM

Fair enough. But the story is similar to today’s news. Spooky.

Jabberwock on February 19, 2013 at 1:01 PM

Happy Nomad on February 19, 2013 at 12:54 PM

阿拉巴馬州有一個可愛的再教育營。另外有一個在愛達荷州。你更喜歡哪一種?

petefrt on February 19, 2013 at 1:04 PM

petefrt on February 19, 2013 at 1:04 PM

Somehow I think dear leader gets to make that choice. ;0

Happy Nomad on February 19, 2013 at 1:09 PM

Hmmm, the font keeps going first to bold, then regular text… The Chinese must be haxoring the Hot Air databases… All your databases are belong to us… ;p

SWalker on February 19, 2013 at 1:14 PM

Happy Nomad on February 19, 2013 at 12:51 PM

Traditional Chinese? You’re expecting an invasion staged from Hong Kong?

DarkCurrent on February 19, 2013 at 1:20 PM

Soon we will be working for them. Think of it as a background check.

Bulletchaser on February 19, 2013 at 1:24 PM

Traditional Chinese? You’re expecting an invasion staged from Hong Kong?

DarkCurrent on February 19, 2013 at 1:20 PM

Well, wouldn’t that be a better way to launch a surprise attack? Sorta like Canada invading the United States by waiting until February and launching the assault from the location where the greatest number of Canadians are located- Florida and the Gulf Coast.

Happy Nomad on February 19, 2013 at 1:26 PM

petefrt on February 19, 2013 at 12:26 PM

可愛

Solaratov on February 19, 2013 at 1:44 PM

是調用我們的領袖鼠耳難怪認為批評嗎?

Happy Nomad on February 19, 2013 at 12:54 PM

Call our leaders mouse ear is no wonder that criticism?

mmmm mmmm mmmm

Solaratov on February 19, 2013 at 1:51 PM

Wasn’t reported above, but explosions have been rocking Pudong for the last 10 days straight. Shock and Awe!

DarkCurrent on February 19, 2013 at 2:11 PM

SWalker on February 19, 2013 at 12:47 PM

01000011 01101111 01101111 01101100 00100000 00100001

petefrt on February 19, 2013 at 12:51 PM

01101100 01110101 01101100 01111010

AesopFan on February 19, 2013 at 7:05 PM

Of course. China has been in a “long war” for over a decade. Geographic, economic, telecom-based, kids toys, toxic products overall, militaristic, diplomatic. It’s all subversive, if you look with an objective eye. Now they mass-import gold. Expand into Africa. Ally with our enemies and frenemies.

They are a facade for those looking, and a snake for those whom are skeptical.

John Kettlewell on February 19, 2013 at 10:48 PM

Read Clancy’s new book “Threat Vector”
It’s all in there. Really !

Jabberwock on February 19, 2013 at 12:54 PM

Just finished this book this past weekend. You are correct, it is this story to a “T”. And totally plausible. DoD getting hacked is one thing, hacking the power grid, Wall Street, and fuel transport/supply operations would throw this country into immediate chaos

Sweaty Deacon on February 20, 2013 at 9:17 AM