HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » Chinese Army Unit Is Seen...
Introducing Discussionist: A new forum by the creators of DU

Mon Feb 18, 2013, 11:17 PM

Chinese Army Unit Is Seen as Tied to Hacking Against U.S.

Source: New York Times

On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.

The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.

An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.

“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”


Read more: http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html

13 replies, 3334 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread

Response to jsr (Original post)

Mon Feb 18, 2013, 11:23 PM

1. I think they've had a line on these guys for awhile... nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to MADem (Reply #1)

Tue Feb 19, 2013, 12:33 AM

3. I'm sure they have bead on our ever so awesome

 

Air Farce cyber warriors.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Arctic Dave (Reply #3)

Tue Feb 19, 2013, 01:08 AM

5. I don't think the Chair Force is on the cutting edge of that stuff...! nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to jsr (Original post)


Response to Fedaykin (Reply #2)

Tue Feb 19, 2013, 01:37 AM

6. Not going to happen and wouldn't stop the attacks. Don't know why you recommend useless violence. nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fedaykin (Reply #2)

Tue Feb 19, 2013, 06:25 AM

7. i see...

good to see where you stand on that.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fedaykin (Reply #2)

Tue Feb 19, 2013, 03:43 PM

11. Good idea. I nominate you to carry out the mission.

If you're advocating something that could very well touch off a shooting war, then surely you'd be willing to stand up for your country and carry out this mission.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to jsr (Original post)

Tue Feb 19, 2013, 01:03 AM

4. Chinese Hackers

BOOOOOOOOOOOOOO!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to jsr (Original post)

Tue Feb 19, 2013, 06:32 AM

8. And I'm sure China has denied it

fucking bastards...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to jsr (Original post)

Tue Feb 19, 2013, 07:19 AM

9. Software that gives oil and gas pipeline companies and power grid operators remote access ...

But the most troubling attack to date, security experts say, was a successful invasion of the Canadian arm of Telvent. The company, now owned by Schneider Electric, designs software that gives oil and gas pipeline companies and power grid operators remote access to valves, switches and security systems.

Telvent keeps detailed blueprints on more than half of all the oil and gas pipelines in North and South America, and has access to their systems. In September, Telvent Canada told customers that attackers had broken into its systems and taken project files. That access was immediately cut, so that the intruders could not take command of the systems.

Martin Hanna, a Schneider Electric spokesman, did not return requests for comment, but security researchers who studied the malware used in the attack, including Mr. Stewart at Dell SecureWorks and Mr. Blasco at AlienVault, confirmed that the perpetrators were the Comment Crew.

“This is terrifying because — forget about the country — if someone hired me and told me they wanted to have the offensive capability to take out as many critical systems as possible, I would be going after the vendors and do things like what happened to Telvent,“ Mr. Peterson of Digital Bond said. “It’s the holy grail.”

Reply to this post

Back to top Alert abuse Link here Permalink


Response to jsr (Original post)

Tue Feb 19, 2013, 02:48 PM

10. Mandiant's complete report is linked *here* from Business Insider

Mandiant says it felt compelled to expose this hack despite possibly compromising its ability to collect information. Here's why:

"The decision to publish a significant part of our intelligence about Unit 61398 was a painstaking one. What started as a “what if” discussion about our traditional non-disclosure policy quickly turned into the realization that the positive impact resulting from our decision to expose APT1 outweighed the risk to our ability to collect intelligence on this particular APT group.
It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively. The issue of attribution has always been a missing link in publicly understanding the landscape of APT cyber espionage. Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns.

...MORE...



http://www.businessinsider.com/mandiant-report-chinese-hacking-explained-how-it-really-works-full-report-downloaded-highlights-2013-2

Reply to this post

Back to top Alert abuse Link here Permalink


Response to jsr (Original post)

Tue Feb 19, 2013, 04:08 PM

12. Hit them back in a way they understand.....

Cut into what effects their wallet. They know that language really well. Raise tarrifs and other financial measures. Maybe they will get a hint not to fuck with us.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to jsr (Original post)

Tue Feb 19, 2013, 09:45 PM

13. Anonymous Helps Researchers Link Hackers To Chinese Army

http://www.huffingtonpost.com/2013/02/19/anonymous-hackers-chinese-army_n_2717352.html

In February 2011, Anonymous gained access to the website rootkit.com -- an online forum where hackers and researchers share information about hacking techniques -- and published personal data of more than 40,000 registered users online. The data included email and IP addresses.

The breach was one of dozens by Anonymous over the past two years and gained relatively little media attention. But now, two years later, security researchers say the data was valuable in helping them find links between hackers and the Chinese military.

"We are fortunate to have access to the accounts disclosed from rootkit.com," the Mandiant report said.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread