China's cyberattackers may have army link

Feb. 19, 2013 at 2:05 AM
share with facebook
share with twitter

WASHINGTON, Feb. 19 (UPI) -- China's growing digital hacking groups seem to be operating out of a building outside Shanghai that is home to an army unit, sources told The New York Times.

In an investigative piece, the Times said the 12-story building in an area that also features restaurants and massage parlors is the headquarters of Unit 61398 of China's People's Liberation Army and likely the base of China's corps of cyberwarriors.

The report said a growing body of digital forensic evidence, confirmed by U.S. intelligence officials watching the unit, showed much of the attacks on U.S. corporations, organizations and government agencies appeared to originate in and around the building.

The report said a 60-page study by the U.S. computer security firm Mandiant even tracked individual members of the highly sophisticated of the Chinese hacking groups "Comment Crew" or "Shanghai Group" to the PLA unit's headquarters.

While Mandiant couldn't place the hackers inside the 12-story building, its study said there was no other explanation why so many attacks come from that area.

"Either they are coming from inside Unit 61398, or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood," Mandiant founder and Chief Executive Officer Kevin Mandia told The Times.

The report said other security firms, studying "Comment Crew," also said they believe the group is state-sponsored.

Separately, officials told The Times a recent classified report prepared for all 16 U.S. intelligence agencies showed the hackers are either run by Chinese army officers or work as contractors for the PLA unit.

Earlier, The Times had hired Mandiant to look into Chinese-origin attacks on its own news operations and found some other group, and not Comment Crew, was responsible.

The Times said Comment Crew is now focusing on companies involved in critical U.S. infrastructure, such as electrical power grid, gas lines and waterworks.

Officials at the Chinese Embassy in Washington repeated previous assertions that their government does not engage in computer hacking as such activity is illegal, adding their own country is a victim of computer hacking and that there were many hacking groups inside the United States, the report said.

However, experts say Chinese cyber attacks have grown significantly in recent years.

U.S. Rep. Mike Rogers, the Republican chairman of the House Intelligence Committee, told The Times the Mandiant report was "completely consistent with the type of activity the Intelligence Committee has been seeing for some time."

Tommy Vietor, spokesman for the National Security Council, said, "We have repeatedly raised our concerns at the highest levels about cybertheft with senior Chinese officials, including in the military, and we will continue to do so."

The Times said the U.S. government starting this week plans to begin a more aggressive defense against Chinese hacking groups and Obama administration officials plan to inform China's new leaders such attacks have become so intense to threaten bilateral relations.

Related UPI Stories
Trending Stories