Wednesday, February 20, 2013

How China Hacks America

    1. This is How China Hacks America: Inside the Mandiant Report
      Daily Beast ‎- 19 hours ago
      Cybersecurity firm Mandiant released a massive and scathing report identifying a unit of the Chinese government that has hacked 115 U.S. ...
  1. Report: Chinese Government Hackers Behind Dozens Of Attacks On ...

    www.npr.org › NewsTechnology
    19 hours ago – China's army is behind a prolific group of hackers who've attacked dozens of American companies and government agencies. That's according ...
  2. The Truth About Chinese Hackers - Discovery Channel

    dsc.discovery.com/technology/my-take/computer-hackers-china.html
    These hacker groups seem not to be working for the Chinese government. They don't seem to be coordinated by the Chinese military. They're basically young, ...
  3. Video: Hackers have been 'let off the leash' by Chinese government ...

    www.telegraph.co.uk › ... › North AmericaUSA
    7 hours ago
    Cybersecurity expert Dr James Lewis says China's central leadership have effectively "blessed" the hacking ...


    This is How China Hacks America: Inside the Mandiant Report

    Cybersecurity firm Mandiant released a massive and scathing report identifying a unit of the Chinese government that has hacked 115 U.S. companies. Here are the critical details.




    China hackers
    A person walks past a building in Shanghai's northern suburb of Gaoqiao, alleged to be the home of a Chinese military-led hacking group according to a report by the Internet security firm Mandiant. (Peter Parks/AFP/Getty)

    The Chinese government just got caught with a smoking cyber gun.

    Cybersecurity consultant Mandiant released a much-anticipated report Tuesday morning, offering the most detailed look to date inside the Chinese People Liberation Army’s direct involvement in hacking into American government and corporate websites.

    The PLA Unit 61398 is identified by the report as the most prolific hacking group inside the Chinese government. Dedicated to infiltrating English-language sites, the unit recruits English-language proficient speakers and experts in computer security, but otherwise scrubs any mention of its organization from Chinese-language websites. Operating out of a 12-story, 130,663 square foot facility in the Pudong New Area sector of Shanghai, its building is able to contain as many as 2,000 personnel. Special high capacity fiber-optics were installed by China Telecom when the building was constructed in 2007 and the outfit utilizes over 1,000 servers.

    In this three-year investigation, Mandiant documented Unit 61398 hacking into 141 companies (including 115 in the U.S.) across 20 industries, and stealing many terabytes of compressed data in sustained attacks averaging 356 days. The longest persistent attack documented by Mandiant lasted 4 years and 10 months. The largest recorded theft was 6.5 terabytes from a single company over 10 months.

    The longest persistent attack documented by Mandiant lasted 4 years and 10 months.

    These attacks were just a small number of the total conducted by Unit 61398 and were conducted by individual hackers with online personas such as “Ugly Gorilla”, “DOTA” and “SuperHard.” The report offers tantalizing personal details of some of these hackers, such as what appears to be initial outreach by Ugly Gorilla to a retired Chinese general and DOTA’s love for the Harry Potter novels embedded in his security prompts.

    The number of attacks from PLA Unit 61398 escalated enormously since 2007 and the Mandiant report details the methods used to initially infiltrate organizations, such as spear-phishing emails and the embedding of malware that create a foothold into a company’s computer system.


    This video released by Mandiant shows “DOTA,” a supposed member of Unit 61398 conducting computer network espionage activities.

    Given the recent attacks launched on The New York Times, The Wall Street Journal, Twitter, Facebook, and most recently Apple, it’s a good time to be a company that specializes in Chinese cybersecurity threats. Mandiant, a 9-year-old Virginia-based firm, says it took in more than $100 million in revenue in 2012, up 76% from 2011, and has 30% of the Fortune 100 as clients.

    On Tuesday, the New York Times’ story on the report on Unit 61398 included a disclosure that the Times itself had used the company to investigate a sophisticated attack on the company that originated from China. The company concluded that the Times’ attack was perpetrated by a different group within China.

    While the PLA has long been implicated in cyber-attacks on the U.S. government and corporations, the Mandiant report is the first detailed public analysis of the unit and its methods. The extent to which Unit 61398 focuses its attacks on U.S. government entities is not clear in the report; phone calls and emails to Mandiant to clarify this point were not immediately returned.

    “State-sponsored cyber spies have enough resources and experience to make busting into most U.S. companies about as hard as pushing open a broken porch door,” said Matt Pottinger, CEO of Asia-focused consulting firm China Six LLC. “Americans don't live in a safe neighborhood anymore. In terms of our digital security, we’ve gone from living in Logan, Utah to Logar, Afghanistan in less than a decade." 

    Mandiant anticipates reprisals in return for publicly divulging the information. But the report’s value lies in the difficulty the Chinese government could have in issuing future pro-forma denials, such as the one it released last month:  “It is unprofessional and groundless to accuse the Chinese military of launching cyber-attacks without any conclusive evidence.”  Thanks to Mandiant, the evidence appears to be in.

No comments:

Post a Comment