Their lips say no no no, but apparently their IPs say yes. A five-year investigation by Mendiant concluded that the Chinese military has conducted an active cyberwar on American firms and on our government’s computer systems, perhaps the most massive espionage effort in history. They even found the location of the group conducting the cyberwar from Shanghai:
A shadowy unit of China’s vast army, tucked away in a nondescript office building in the thriving business hub of Shanghai, is behind a huge proportion of the hacking attacks on U.S. websites, according to an American cybersecurity firm.
Mandiant released a detailed 60-page report (PDF) Tuesday claiming its “research and observations indicate that the Communist Party of China is tasking the Chinese People’s Liberation Army to commit systematic cyber espionage and data theft against organizations around the world.”
The report says Mandiant tracked thousands of computer attacks on U.S. companies and organizations, starting in 2006 and rapidly increasing right into this year, from one specific neighborhood in Shanghai. Mandiant found that a vast majority of the attacks were coming from one group of hackers, dubbed by the company “Advanced Persistent Threat 1”, or APT1.
“We ran into APT1 again and again and again, so we started observing and orienting toward APT1 just because of the volume of attacks they were doing,” Mandiant founder and chief executive Kevin Mandia told The New York Times. “After responding to APT1 for years, at over 100 different organizations, you start to pick up patterns… over 98 percent of the time, when they were doing their intrusions in the U.S. companies, they were also using computer addresses from Shanghai. So I called 98 percent not an anomaly.”
Researching the attacks led Mandiant to a tall building on the outskirts of Shanghai, with satellite dishes on the top and a secure perimeter, which houses Unit 61398 of the People’s Liberation Army.
China denies this allegation, not surprisingly:
The Chinese military has repeatedly denounced such accusations.
China’s Ministry of Foreign Affairs spokesman Hong Lei on Tuesday challenged the report’s findings and countered that, “In fact, China is one of the main victims in cyber attack.
“Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult,” he said. “We don’t know how the evidence in this so-called report can be tenable.”
Mandiant scoffs at this explanation, and says it is long past time to hold China accountable for its actions in cyberspace:
“It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,” the report said. “Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns.”
CNN interviewed Mandiant VP Grady Summers, who says the company expects “reprisals” from China:
How smart would that be, though? Think of this as the difference between symmetrical and asymmetrical warfare. Hackers have less risk attacking softer targets whose sophistication levels far fall below their own. Attacking Mandiant would turn this into symmetrical warfare, and would expose their own tactics and allow Mandiant to develop effective countermeasures. It seems more likely that China might harass Mandiant with time-wasting but relatively low-risk attacks, but concentrate even more on the soft targets in the US before Mandiant can harden them sufficiently.