Saturday, 23 February 2013

Pointing Fingers

The building where PLA Unit 61398 is located in Shanghai
In late January The New York Times reported that it was hacked, with the computer systems infiltrated and got passwords of reporters' emails, particularly those correspondents based in China.

The news outlet was not the only one -- The Washington Post, The Wall Street Journal and Bloomberg were targeted.

The Times hired Mandiant to help find the perpetrator and earlier this week the company released its findings.

In a 60-page study, Mandiant identified the People's Liberation Army's Shanghai-based Unit 61398 as the one most likely behind the cyber attacks and even pin pointed the building at the PLA unit's headquarters off Datong Road just outside Shanghai.

While Mandiant would not say for sure the attacks came from that building, there was no other explanation of why there were so many attacks from that small area.

"Either they are coming from inside Unit 61398, or the people who run the most-controlled, most-monitored internet networks in the world are clueless about thousands of people generating attacks from this one neighbourhood," said Kevin Mandia, founder and chief executive of Mandiant.

This is the first time individuals in this group have been tracked, and they are considered to be the most sophisticated of Chinese hacking groups.

Apparently Mandiant was able to watch attacks in progress, seeing the hackers steal technology blue prints, manufacturing processes, clinical trial results, pricing documents, negotiation strategies and other proprietary information. What's shocking is that they were able to get into companies' operational units, and if they wanted, they could actually control the switches if they wished.

We've known for a long time China has been behind cyber attacks, but victims would not identify exactly where in China, either to give the Middle Kingdom some face, or because they really didn't know where the source was.

And every time the Chinese government would deny it was involved, saying the China did not condone cyber attacks.

However the 60-page report outlines most probably where they located and exactly what they extracted from over 100 companies, mostly in the United States.

And this time what do the Chinese say?

"Chinese military forces have never supported any hacking activities," said Geng Yansheng, spokesman for the Ministry of National Defense. "The claim by the Mandiant company that the Chinese military engages in internet espionage has no foundation in fact." He even added China has been a victim of cyber attacks that have originated from the US, and that Mandiant had mischaracterized China's activities.

Hong Lei, spokesman for China's Ministry of Foreign Affairs echoed Geng, saying cyber attacks were hard to trace because they were "often carried out internationally and are typically done so anonymously."

Excuse me? The report lays out the attacks are coming from China -- from Unit 61398 to be precise. Or is that not factual enough?

And the claim that China is a victim of cyber attacks?

Why not present the evidence to prove this?

The country is known for its weakness in innovation and yet it is sophisticated enough to hack into competitors' computer systems to steal information.

For China though, pride is at stake and will never admit to cyber espionage.

In the meantime we hope this is a serious warning to all companies to step up their security systems and avoid being a victim of Unit 61398.

No comments:

Post a Comment