A new report puts the blame for a rash of cyber-attacks on critical U.S. infrastructure at the feet of a shadowy unit of China's army
Last week, Defense Secretary Leon Panetta announced a new honor, the Distinguished Warfare Medal, for U.S. cyber-warriors, drone pilots, and other service members who do battle far from the battlefield. The perceived mockery of bestowing accolades on these "armchair warriors" seems a little less cutting after a new New York Times report on the massive amount of hacking directed toward the U.S. government, critical infrastructure, and private corporations from the Shanghai-area headquarters of Unit 61398, a shadowy branch of China's People's Liberation Army.
The Times story draws heavily on a report being released Tuesday by U.S. internet security firm Mandiant, but the newspaper verified the information with U.S. security officials and rival internet security groups. One group of sophisticated hackers, Mandiant says, is responsible for an overwhelming majority of attacks on U.S. government agencies and private companies: "Comment Crew," sometimes called the "Shanghai Group." (Watch Comment Crew hackers in action, curated by Mandiant.) How does the group know these hackers work for the Chinese army? They actually aren't 100 percent sure, but they traced the IP addresses and other digital bread crumbs at least to the door of the 12-story building that houses Unit 61398.
"Either they are coming from inside Unit 61398," Mandiant founder and CEO Kevin Mandia tells the Times, "or the people who run the most-controlled, most-monitored internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood." The firm's 60-page report makes the same point, with a bit more sass: If Comment Crew isn't part of the PLA, the only other viable explanation is that "a secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multiyear enterprise-scale computer espionage campaign right outside of Unit 61398's gates."
China, which reportedly guards Unit 61398 and its actions as state secrets, vigorously denies the allegations that its military is hacking U.S. agencies and corporations. "To make groundless accusations based on some rough material is neither responsible nor professional," says Foreign Ministry spokesman Hong Lei. But it's not just the digital fingerprints that leads Mandiant to point at China. The new report notes that Comment Crew spends more than a year digging into some sensitive networks, speculating that the group is able to "wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support."
Whoever's responsible, the hacking has gone from simply being an expensive nuisance — hackers digging for Coca-Cola's negotiating strategy, and maybe its secret formula — to entering frightening territory. The victims of the 141 attacks Mandiant has traced to Comment Crew include giant defense contractor Lockheed Martin, chemical plants, satellite and telecom companies, water utilities, and the Canadian company Telvent, which can control more than half the oil and gas pipelines in the U.S. "Nervous yet?" asks Adam Martin at New York. You should be.
"This is terrifying because — forget about the country — if someone hired me and told me they wanted to have the offensive capability to take out as many critical systems as possible, I would be going after the vendors and do things like what happened to Telvent," Dale Peterson, chief executive of Digital Bond, tells the Times. "It's the holy grail." President Obama alluded to the same threat last week in his State of the Union address, without mentioning China:
We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing.
"There are huge diplomatic sensitivities here," one frustrated U.S. intelligence official tells the Times. China "ain't playing around," says Casey Chan at Gizmodo. But the U.S. is trying to step up its defenses, with Obama issuing an executive order to share more information about cyber-threats with private companies and the Pentagon expanding its cyber-security forces. The Obama administration also plans to put China's new leaders on notice that the ramped up cyber-attacks threaten the fundamental relationship between the U.S. and China. In other words, buckle up: "Two heavyweights are going to butt heads because of hacking."
Other stories from this topic:
- Instant Guide: China tightens internet restrictions: What does it mean for web users?
- First Reactions: Kim Jong Un wins 'Sexiest Man Alive': How The Onion tricked a Chinese newspaper
- Fact Sheet: Everything you need to know about China's new leaders