Chinese Army Unit Is Seen as Tied to Hacking Against U.S.

Tracking Cyberattacks(…..) What most worries American investigators is that the latest set of attacks believed coming from Unit 61398 focus not just on stealing the information, but obtaining ability to manipulate American critical infrastructure: the power grids and other utilities. Staff at Digital Bond, a small security firm that specializes in those industrial-control computers, said that last June Comment Crew unsuccessfully attacked it. A part-time employee at Digital Bond received an e-mail that appeared to come from his boss, Dale Peterson. The e-mail, in quite a perfect English, discussed security weaknesses in critical infrastructure systems, and asked the employee to click a link to a document for more information. Mr. Peterson caught the e-mail and shared it with other researchers, who found the link contained a remote-access tool would have given the attackers control over employee’s computer and potentially given them a front-row seat to confidential information about Digital Bond’s clients, which include a major water project, a power plant, a mining company. Jaime Blasco, security researcher at AlienVault, analyzed computer servers used in the attack, which led him to other victims, including Chertoff Group. That firm, headed by the former secretary of Department of Homeland Security, Michael Chertoff, has run simulations of an extensive digital attack on the United States. Other attacks were made on a contractor for the National Geospatial-Intelligence Agency, and National Electrical Manufacturers Association, lobbying group represents companies that make components for power grids. Those organizations confirmed they were attacked but have said they prevented attackers from gaining access to their network. Mr. Blasco said that, based on the forensics, all the victims had been hit by Comment Crew. But the most troubling attack to date, security experts say, was a successful invasion of the Canadian arm of Telvent. The company, now owned by Schneider Electric, designs software gives oil and gas pipeline companies and power grid operators remote access to valves, switches, security systems. Telvent keeps detailed blueprints on more than half of all oil and gas pipelines in North and South America, and has access to their systems. In September, Telvent Canada told customers attackers had broken into its systems + taken project files. That access was immediately cut, so intruders could not take command of the systems. Martin Hanna, Schneider Electric spokesman, did not return requests for comment, security researchers who studied the malware used in the attack, including Stewart at Dell SecureWorks and Blasco at AlienVault, confirmed that the perpetrators were the Comment Crew. “This is terrifying because (forget about the country) if someone hired me and told me they wanted to have the offensive capability to take out as many critical systems as possible, I would be going after the vendors and do things like what happened to Telvent,“ Mr. Peterson of Digital Bond said. “It’s the holy grail.” Obama alluded to this concern in the State of the Union speech, without mentioning China or any other nation. “We know foreign countries and companies swipe our corporate secrets”. “Now our enemies are seeking ability to sabotage our power grid, financial institutions, air-traffic control systems. We cannot look back years from now, wonder why we did nothing”. Obama faces a vexing choice: In a sprawling, vital relationship with China, is it worth a major confrontation between world’s largest and second largest economy over a computer hacking? A few years ago, administration officials say, theft of intellectual property was an annoyance, resulting in loss of billions of dollars of revenue. But clearly something has changed. The mounting evidence of state sponsorship, increasing boldness of Unit 61398, and the growing threat to American infrastructure are leading officials to conclude a far stronger response. “Right now there is no incentive for the Chinese to stop doing this,” said Mr. Rogers, House intelligence chairman. “If we don’t create a high price, it’s only going to keep accelerating.”


Acerca de ignaciocovelo
Consultor Internacional

7 Responses to Chinese Army Unit Is Seen as Tied to Hacking Against U.S.

  1. Professor Uziel Nogueira says: I am puzzled by the so called cyber warfare. Foreign originated cyber attacks against US facilities are becoming frequent in the news media. The public expect the US to possess the most advanced cyber warfare defensive-offensive capability system in the world. Cyber sabotage against Iran’s nuclear facilities became public some time ago. One expect US counter measures to foil foreign cyber attacks to be state of art. The intriguing question is why governments (except in the case of Iran) or foreign companies are not reporting cyber attacks originating in the US. There are two possibilities: First, foreign governments are better equipped to neutralize cyber attacks coming from the US. Thus, no reason to alarm the population with such news; Second, cyber attacks are invention of the US intelligence services in order to divert attention from their own offensive capabilities taking places against foreign foes. China is the first case study to test the two hypothesis above. Since the Chinese government is not reporting attacks coming from the US, one should infer that China is wining the game of cyber espionage.

  2. Washington has not had much success persuading Beijing to rein in its hackers even though American officials and security experts have long known that China is the main source of cyberattacks on the United States. Two recent developments, however, should raise the political costs for China and may cause it to alter its calculus. Refusal to change its conduct could make its relations with the United States even more difficult than they are. On Tuesday, a new report from Mandiant, an American computer security firm, publicly documented an explicit link between Chinese hackers and the People’s Liberation Army. The report cites a growing body of digital forensic evidence that most of the attacks on American corporations, organizations and government agencies originate in and around a 12-story office tower on the outskirts of Shanghai that is the headquarters of P.L.A. Unit 61398. Mandiant tracked individual members of the most sophisticated of the Chinese hacking groups, known as “Comment Crew” or “Shanghai Group,” to the headquarters of the military unit, which is central to China’s computer espionage operations. It followed “Comment Crew” for six years, monitoring 141 attacks by looking at Web domains, malware, Internet protocol addresses and embedded codes. Reporters for The Times confirmed the evidence contained in the report with American intelligence officials who say they have tapped into the activity of the army unit for years. Chinese officials denounced the report, but their reaction was hardly a denial. “Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don’t know how the evidence in this so-called report can be tenable,” said Hong Lei, a Foreign Ministry spokesman (…..)

  3. Professor Uziel Nogueira says: The Bush-Obama war on terror doctrine gives the President authority to take preventive actions on any foreign threat to national security. Cyber security shows the limitations of the national security doctrine when applied to another superpower such as China. The question is: Is China the aggressor country or is only retaliating against cyber attacks originated in the US?

  4. ernesto: ..and you can add a rapidly-maturing drone technology/implementation to the mix:… here come the chickens, home to the roost…

  5. Professor Uziel Nogueira says: There is another dimension of cyber warfare that comes to mind. That is, the legal aspects of private companies in this new brave cyber world. For example, should US anti-hacking legislation treat Apple as an American company or a US based transnational enterprise? after all, as Apple moves R&D to China, there is not much to be stolen from Apple US.

  6. The White House has said it will step up diplomatic pressure over cybercrime and intellectual property theft from US businesses and security interests, in an announcement that indirectly cast China as one of the biggest perpetrators. The US attorney general, Eric Holder, said the plan included working with like-minded governments to tackle offenders using trade restrictions and criminal prosecutions. There would be a 120-day review to see whether new US legislation is needed. “A hacker in China can acquire source code from a software company in Virginia without leaving his or her desk,” Holder said. The report stops short of blaming the Chinese government itself but a study released this week by a private security firm accused the Chinese military of orchestrating numerous cyber attacks against US businesses, a charge Beijing has denied. The White House report listed 17 cases of trade secret theft by Chinese companies or individuals since 2010, far more than any other country mentioned in the report. The Obama administration has said its strategy aims to counter what Holder called “a significant and steadily increasing threat to America’s economy and national security interests” (…..) US trade representative Ron Kirk said the problem of trade secret theft in China was a factor in the decisions of some US companies to move operations back to the United States. The companies have “had very frank conversations with the Chinese, [saying] ‘You know it’s one thing to accept a certain level of copyright knock-offs but if you’re going to take our core technology then we’re better off being in our home country'”.

  7. Start asking security experts which powerful Washington institutions have been penetrated by Chinese cyberspies, and this is the usual answer: almost all of them. The list of those hacked in recent years includes law firms, think tanks, news organizations, human rights groups, contractors, congressional offices, embassies and federal agencies. The information compromised by such intrusions, security experts say, would be enough to map how power is exercised in Washington to a remarkably nuanced degree. The only question, they say, is whether the Chinese have the analytical resources to sort through the massive troves of data they steal every day. “The dark secret is there is no such thing as a secure unclassified network,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, which has been hacked in the past. “Law firms, think tanks, newspapers — if there’s something of interest, you should assume you’ve been penetrated” (…..)


Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de

Estás comentando usando tu cuenta de Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s

A %d blogueros les gusta esto: