Thursday, April 24, 2014
The Associated Press
(Continued from page 1)
The building allegedly housing "Unit 61398" of the People's Liberation Army is seen in the outskirts of Shanghai on Tuesday. Cyberattacks that stole information from 141 targets in the U.S. and other countries have been traced to the Chinese military unit in the building, a U.S. security firm alleged Tuesday.
Cybersecurity experts say U.S. authorities do not conduct similar attacks or steal data from Chinese companies, but acknowledge that intelligence agencies routinely spy on other countries.
China is clearly a target of interest, said Lewis, noting that the U.S. would be interested in Beijing's military policies, such as any plans for action against Taiwan or Japan.
In its report, Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a white 12-story office building run by the PLA's Unit 61398.
Mandiant said there are only two viable conclusions about the involvement of the Chinese military in the cyberattacks: Either Unit 61398 is responsible for the persistent attacks or they are being done by a secret organization of Chinese speakers with direct access to the Shanghai telecommunications infrastructure who are engaged in a multi-year espionage campaign being run right outside the military unit's gates.
"In a state that rigorously monitors Internet use, it is highly unlikely that the Chinese government is unaware of an attack group that operates from the Pudong New Area of Shanghai," the Mandiant report said, concluding that the only way the group could function is with the "full knowledge and cooperation" of the Beijing government.
The unit "has systematically stolen hundreds of terabytes of data from at least 141 organizations," Mandiant wrote. A terabyte is 1,000 gigabytes. The most popular version of the new iPhone 5, for example, has 16 gigabytes of space, while the more expensive iPads have as much as 64 gigabytes of space. The U.S. Library of Congress' 2006-2010 Twitter archive of about 170 billion tweets totals 133.2 terabytes.
"At some point we do have to call the Chinese out on this," said Michael Chertoff, Homeland Security secretary under President George W. Bush and now chairman of the Chertoff Group, a global security firm. "Simply rolling over and averting our eyes, I don't think is a long-term strategy."
Richard Bejtlich, the chief security officer at Mandiant, said the company decided to make its report public in part to help send a message to both the Chinese and U.S. governments.
"At the government level, I see this as a tool that they can use to have discussions with the Chinese, with allies, with others who are concerned about this problem and have an open dialogue without having to worry about sensitivities around disclosing classified information," Bejtlich said. "This problem is overclassified."
He said the release of an unclassified report that provides detailed evidence will allow authorities to have an open discussion about what to do.
Mandiant's report is filled with high-tech details and juicy nuggets that led to its conclusion, including the code names of some of the hackers, like Ugly Gorilla, Dota and SuperHard, and that Dota appears to be a fan of Harry Potter because references to the book and movie character appear as answers to his computer security questions.
The White House would not comment on the report expected Wednesday.
"We have repeatedly raised our concerns at the highest levels about cybertheft with senior Chinese officials, including in the military, and we will continue to do so," said Caitlin Hayden, spokeswoman for the National Security Council. "The United States and China are among the world's largest cyber actors, and it is vital that we continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace."
Sen. Dianne Feinstein, D-Calif., chairman of the Senate Intelligence Committee, said the report reinforces the need for international agreements that prohibit cybercrimes and have a workable enforcement mechanism.