Hacker Attacks Linked To Chinese Military

[Ryan Ruck]

Chinese Hack Into US Chamber of Commerce, Authorities Say

December 21, 2011

For more than a year, hackers with ties to the Chinese military have been eavesdropping on U.S. Chamber of Commerce officials involved in Asia affairs, authorities say.

The hackers had access to everything in Chamber computers, including, potentially, the entire U.S. trade policy playbook.

"The Chinese have attacked every major U.S. company, every government agency, and NGO's. Their attacking the Chamber of Commerce is part of a pattern of their attacking everything in the US. If you're working on U.S.-China relations with an NGO, government agency, you can be sure the Chinese are reading your emails and on your computer," Richard Clarke, former White House counter-terrorism adviser, told ABC News.

At one point, the penetration into the Chamber of Commerce was so complete that a Chamber thermostat was communicating with a computer in China. Another time, chamber employees were surprised to see one of their printers printing in Chinese.

"I don't think the Chamber of Commerce has anything worth stealing, but it's part of a pattern of the Chinese stealing of everything they can, and that's worrying," Clarke said.

Sources tell ABC News that at any given moment that there are hundreds of cyber attacks targeting U.S. companies and government agencies.

In late 2009, sources say China-based hackers broke into Google's computers and looked at the email accounts of human rights activists. In the same operation, 29 other companies were hit, including Dow Chemical, Yahoo and Morgan Stanley.

The same year, a Chinese spy at Ford Motor Company downloaded thousands of files on hybrid engine design and gave them to the Chinese government, and a cyber attack traced to China allegedly stole design secrets to a U.S. stealth fighter jet.

Congressional leaders say China is engaged in economic espionage on a scale never seen before.

"You stack all of that up and I think there's a case to be made that this may be the greatest transfer of wealth through theft and piracy in the history of the world and we are on the losing end of it," said Sen. Sheldon Whitehouse of Rhode Island.

Overall, the U.S. is hemorrhaging economic espionage to the tune of $250 billion.

"This is a national, long-term strategic threat to the United States of America. This is an issue where a failure is not an option," said Robert Bryant at the National Counterintelligence Executive.

The Chinese, of course, have denied it all.

[Ryan Ruck]

China Testing Cyber-Attack Capabilities, Report Says

March 8, 2012

For a decade or more, Chinese military officials have talked about conducting warfare in cyberspace, but in recent years they have progressed to testing attack capabilities during exercises, according to a congressional report to be released Thursday.

The People’s Liberation Army (PLA) probably would target transportation and logistics networks before an actual conflict to try to delay or disrupt the United States’ ability to fight, according to the report prepared by Northrop Grumman for the U.S.-China Economic and Security Review Commission.

The Chinese military conducted an exercise in October involving “joint information offensive and defensive operations” and another in 2010 featuring attacks on communications command-and-control systems, according to the commission, which was set up by Congress.

Such exercises, combined with evidence that China is streamlining its forces to integrate cyber and electronic warfare and is financing research in the two areas, show that “Chinese capabilities in computer network operations have advanced sufficiently to pose genuine risk to U.S. military operations in the event of a conflict,” the report asserted.

Although the report provides no evidence that China can launch destructive attacks on U.S. targets, it serves as yet another warning to policymakers and the public that the United States has adversaries intent on catching up to, or surpassing, it in cyber capabilities. The report comes as Congress considers major cybersecurity legislation.

“The United States suffers from continual cyber operations sanctioned or tolerated by the Chinese government,” Dennis Shea, the commission chairman, said in a news release.

“Our nation’s national and economic security are threatened, and as the Chinese government funds research to improve its advanced cyber capabilities these threats will continue to grow,” he added.

The exercises are an indication that the Chinese “are beginning to practice a capability that some senior U.S. officials say makes them near-peers,” said James A. Lewis, a cyber-policy expert with the Center for Strategic and International Studies.

What that suggests, he said, is that because the United States’ war-fighting capability depends heavily on information technology, “if we get into any kind of a conflict with the PLA, cyber will be their opening move.”

The report was researched in the United States and drew largely on published materials.

American officials have stated that the Chinese have penetrated the U.S. electric grid and that they have gained access to U.S. government and corporate networks.

Leveraging such access, “the PLA may target a combination of networks” in the Pacific Command area, including those focused on logistics and, potentially, transportation, the report asserted.

The report states that the United States lacks a policy to determine appropriate responses to a large-scale cyberattack on U.S. military or civilian networks in the event that the attacker’s identity cannot be conclusively determined.

“Beijing, understanding this, may seek to exploit this gray area in U.S. policymaking and legal frameworks to create delays in U.S. command decision-making,” the report said.

[Ryan Ruck]

NSA's Top Spook Blames China For RSA Hack

March 29, 2012

The director of the US National Security Agency has named China as the country behind last year's high profile hack against RSA that resulted in the extraction of data related to SecurID tokens.

The information extracted in the March 2011 hack was later used in an unsuccessful attack against Lockheed Martin. Other US defence contractors, including L-3 Communications, were also rumoured to have been targeted but this remains unconfirmed.

RSA offered replacement tokens in the wake of the attack, which relied on a combination of spear phishing and malware that exploited a zero-day Adobe Flash exploit. Art Coviello, RSA's executive chairman, went as far as blaming the attack on two organisations for the same country last October without naming the prime suspects in the high-profile assault.

However National Security Agency director General Keith Alexander went further on Tuesday during testimony before Senate Armed Services Committee and named China as the prime suspect behind the RSA hack. He went on to say China is stealing a "great deal" of military-related intellectual property from the US, Information Week reports.

China has long been the prime suspect in the RSA hack but has never been named as such until this week. General Alexander's statement is another clear sign that US authorities are going beyond diplomatic channels in an attempt to shame China into cutting back on its widely reported cyber-espionage program.

China, for its part, routinely claims that it is more spied against than spying. Beijing can be expected to take a similar line over the latest accusations.

[Ryan Ruck]

Chinese Spies Use Fake Facebook Pages to Gain Intel

March 12, 2012

We’re always hearing about high-end cyber epionage but sometimes, enemy spies can steal military secrets without investing a ton of time or money breaking into Pentagon networks. In fact, Chinese spies just used a fake Fasebook account to get personal information from a ton of NATO officials. Yup, Chinese spies set up a face Facebook page for Adm. James Stavridis, chief of U.S. European Command and fooled a bunch of high-ranking military officials into friending the fake admiral and sharing info with them.

This is a pretty common move, just a couple of weeks ago I had a conversation with a senior military officer who said that he and his staff had found a fake Facebook profile for him.

From ZDNet:

Late last year, senior British military officers, Defense Ministry officials, and other government officials were tricked into becoming Facebook friends with someone masquerading as United States Navy admiral James Stavridis. By doing so, they exposed their own personal information (such as private e-mail addresses, phone numbers, pictures, the names of family members, and possibly even the details of their movements), to unknown spies.

If you feel like the name is familiar, it should be. Stavridis happens to be the current Commander, U.S. European Command (USEUCOM), and NATO’s Supreme Allied Commander Europe (SACEUR). It’s really no coincidence he was chosen as the one to fake a Facebook profile of.

Stavridis uses Facebook quite a bit. For example, in October 2011 he used his Facebook account to tell the world of his intent to end the organization’s mission in Libya.

NATO officials are reluctant to publicly state who was behind the attack, but The Telegraph says China is to blame. The publication quotes classified briefings in which military officers and diplomats were told the evidence pointed to “state-sponsored individuals in China.” The Guardian agrees, quoting a security source who says “the belief is that China is behind this.”

[American Patriot]

Good grief. lol

[vector7]

Companion Thread:

• President Bill Clinton and Jimmy Carter Lost Nuclear Codes While in Office
• Cyber Attack on U.S. Nuclear Arms Lab Linked to China
  

White House Hack Attack

Chinese hackers break in to White House military office network in charge of the president’s nuclear football

AP

BY: Bill Gertz
September 30, 2012 8:33 pm

Hackers linked to China’s government broke into one of the U.S. government’s most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.

One official said the cyber breach was one of Beijing’s most brazen cyber attacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyber attacks.

Disclosure of the cyber attack also comes amid heightened tensions in Asia, as the Pentagon moved two U.S. aircraft carrier strike groups and Marine amphibious units near waters by Japan’s Senkaku islands.

China and Japan—the United States’ closest ally in Asia and a defense treaty partner—are locked in a heated maritime dispute over the Senkakus, which China claims as its territory.

U.S. officials familiar with reports of the White House hacking incident said it took place earlier this month and involved unidentified hackers, believed to have used computer servers in China, who accessed the computer network used by the White House Military Office (WHMO), the president’s military office in charge of some of the government’s most sensitive communications, including strategic nuclear commands. The office also arranges presidential communications and travel, and inter-government teleconferences involving senior policy and intelligence officials.

An Obama administration national security official said: “This was a spear phishing attack against an unclassified network.”

Spear phishing is a cyber attack that uses disguised emails that seek to convince recipients of a specific organization to provide confidential information. Spear phishing in the past has been linked to China and other states with sophisticated cyber warfare capabilities.

The official described the type of attack as “not infrequent” and said there were unspecified “mitigation measures in place.”

“In this instance the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place,” the official said.

The official said there was no impact or attempted breach of a classified system within the office.

“This is the most sensitive office in the U.S. government,” said a former senior U.S. intelligence official familiar with the work of the office. “A compromise there would cause grave strategic damage to the United States.”

Security officials are investigating the breach and have not yet determined the damage that may have been caused by the hacking incident, the officials said.

Despite the administration national security official’s assertion, one defense official said there is fairly solid intelligence linking the penetration of the WHMO network to China, and there are concerns that the attackers were able to breach the classified network.

Details of the cyber attack and the potential damage it may have caused remain closely held within the U.S. government.

However, because the military office handles strategic nuclear and presidential communications, officials said the attack was likely the work of Chinese military cyber warfare specialists under the direction of a unit called the 4th Department of General Staff of the People’s Liberation Army, or 4PLA.

It is not clear how such a high-security network could be penetrated. Such classified computer systems are protected by multiple levels of security and are among the most “hardened” systems against digital attack.

However, classified computer systems were compromised in the past using several methods. They include the insertion of malicious code through a contaminated compact flash drive; a breach by a trusted insider, as in the case of the thousands of classified documents leaked to the anti-secrecy web site Wikileaks; and through compromised security encryption used for remote access to secured networks, as occurred with the recent compromise involving the security firm RSA and several major defense contractors.

According to the former official, the secrets held within the WHMO include data on the so-called “nuclear football,” the nuclear command and control suitcase used by the president to be in constant communication with strategic nuclear forces commanders for launching nuclear missiles or bombers.

The office also is in charge of sensitive continuity-of-government operations in wartime or crises.

The former official said if China were to obtain details of this sensitive information, it could use it during a future conflict to intercept presidential communications, locate the president for targeting purposes, or disrupt strategic command and control by the president to U.S. forces in both the United States and abroad.

White House spokesmen had no immediate comment on the cyber attack, or on whether President Obama was notified of the incident.

Former McAffee cyber threat researcher Dmitri Alperovitch said he was unaware of the incident, but noted: “I can tell you that the Chinese have an aggressive goal to infiltrate all levels of U.S. government and private sector networks.”

“The White House network would be the crown jewel of that campaign so it is hardly surprising that they would try their hardest to compromise it,” said Alperovictch, now with the firm Crowdstrike.

Last week the senior intelligence officer for the U.S. Cyber Command said Chinese cyber attacks and cyber-espionage against Pentagon computers are a constant security problem.

“Their level of effort against the Department of Defense is constant” and efforts to steal economic secrets are increasing, Rear Adm. Samuel Cox, Cyber Command director of intelligence, told Reuters after a security conference.

“It’s continuing apace,” Cox said of Chinese cyber-espionage. “In fact, I’d say it’s still accelerating.”

Asked if classified networks were penetrated by the Chinese cyber warriors, Cox told the news agency: “I can’t really get into that.”

The WHMO arranges the president’s travel and also provides medical support and emergency medical services, according to the White House’s website.

“The office oversees policy related to WHMO functions and Department of Defense assets and ensures that White House requirements are met with the highest standards of quality,” the website states. “The WHMO director oversees all military operations aboard Air Force One on presidential missions worldwide. The deputy director of the White House Military Office focuses primarily on the day-to-day support of the WHMO.”

The office is also in charge of the White House Communications Agency, which handles all presidential telephone, radio, and digital communications, as well as airlift operations through both fixed-wing and helicopter aircraft.

It also operates the presidential retreat at Camp David and the White House Transportation Agency.

“To assure proper coordination and integration, the WHMO also includes support elements such as operations; policy, plans, and requirements; administration, information resource management; financial management and comptroller; WHMO counsel; and security,” the website states.

“Together, WHMO entities provide essential service to the president and help maintain the continuity of the presidency.”

Asked for comment on the White House military office cyber attack, a Cyber Command spokesman referred questions to the White House.

Regarding U.S. naval deployments near China, the carrier strike groups led by the USS George Washington and the USS Stennis, along with a Marine Corps air-ground task force, are now operating in the western Pacific near the Senkakus, according to Navy officials.

China recently moved maritime patrol boats into waters near the Senkakus, prompting calls by Japanese coast guard ships for the vessels to leave.

Chinese officials have issued threatening pronouncements to Japan that Tokyo must back down from the recent government purchase of three of the islands from private Japanese owners.

Tokyo officials have said Japan is adamant the islands are Japanese territory.

Officials said the Washington is deployed in the East China Sea and the Stennis is in the South China Sea.

About 2,200 Marines are deployed in the Philippine Sea on the USS Bonhomme Richard and two escorts.

The U.S. Pacific Command said the deployments are for training missions and carriers are not necessarily related to the Senkaku tensions.

“These operations are not tied to any specific event,” said Capt. Darryn James, a spokesman for the U.S. Pacific Command in Honolulu, according to Time magazine.

“As part of the U.S. commitment to regional security, two of the Navy’s 11 global force carrier strike groups are operating in the Western Pacific to help safeguard stability and peace.”

As a measure of the tensions, Defense Secretary Leon Panetta told Chinese military leaders during his recent visit to China that the U.S. military will abide by its defense commitments to Japan despite remaining publicly neutral in the maritime dispute.

“It’s well known that the United States and Japan have a mutual defense treaty,” a defense official said of Panetta’s exchange in Beijing. “Panetta noted the treaty but strongly emphasized that the United States takes no position on this territorial dispute and encouraged the parties to resolve the dispute peacefully. This shouldn’t have to get to the point where people start invoking treaties.”

A report by the defense contractor Northrop Grumman made public by the congressional U.S.-China Economic and Security Review Commission in March stated that China’s military has made targeting of U.S. command and control networks in cyber warfare a priority.

“Chinese capabilities in computer network operations have advanced sufficiently to pose genuine risk to U.S. military operations in the event of a conflict,” the report said.

“PLA analysts consistently identify logistics and C4ISR infrastructure as U.S. strategic centers of gravity suggesting that PLA commanders will almost certainly attempt to target these system with both electronic countermeasures weapons and network attack and exploitation tools, likely in advance of actual combat to delay U.S. entry or degrade capabilities in a conflict,” the report said.

C4ISR is military jargon for command, control, communications, computers, intelligence, surveillance, and reconnaissance.

Little is known within the U.S. intelligence community about Chinese strategic cyber warfare programs.

However, recent military writings have disclosed some aspects of the program, which is believed to be one of Beijing’s most closely guarded military secrets, along with satellite weapons, laser arms, and other high-technology military capabilities, such as the DF-21 ballistic missile modified to attack aircraft carriers at sea.

A Chinese military paper from March stated that China is seeking “cyber dominance” as part of its efforts to build up revolutionary military capabilities.

“In peacetime, the cyber combat elements may remain in a ‘dormant’ state; in wartime, they may be activated to harass and attack the network command, management, communications, and intelligence systems of the other countries’ armed forces,” wrote Liu Wangxin in the official newspaper of the Chinese military on March 6.

“While great importance is attached continuously to wartime actions, it is also necessary to pay special attention to non-wartime actions,” he said. “For example, demonstrate the presence of the cyber military power through cyber reconnaissance, cyber deployment, and cyber protection activities.”

[American Patriot]

Vector, I posted that as it was happening someplace. THink you can find it and link it like you do the rest of the stuff?

[vector7]

Is this it?

Not necessarily an "attack".

Funny.

Today, the White House Military Office was "attacked" by hackers.

Well...

This is a BAD BAD thing. I don't know if you all know what WHMO does.... but, it's pretty damned important to a President as C-in-C.

[American Patriot]

yeah.

[American Patriot]

I had no articles at the time.

[Ryan Ruck]

Is this the doing of China, another state actor, or just happenstance...

Malicious Virus Shuttered U.S. Power Plant -DHS

January 16, 2013

A computer virus attacked a turbine control system at a U.S. power company last fall when a technician unknowingly inserted an infected USB computer drive into the network, keeping a plant off line for three weeks, according to a report posted on a U.S. government website.

The Department of Homeland Security report did not identify the plant but said criminal software, which is used to conduct financial crimes such as identity theft, was behind the incident.

It was introduced by an employee of a third-party contractor that does business with the utility, according to the agency.

DHS reported the incident, which occurred in October, along with a second involving a more sophisticated virus, on its website as cyber experts gather at a high-profile security conference in Miami known as S4 to review emerging threats against power plants, water utilities and other parts of the critical infrastructure.

In addition to not identifying the plants, a DHS spokesman declined to say where they are located.

Interest in the area has surged since 2010 when the Stuxnet computer virus was used to attack Iran's nuclear program. Although the United States and Israel were widely believed to be behind Stuxnet, experts believe that hackers may be copying the technology to develop their own viruses.

Justin W. Clarke, a security researcher with a firm known as Cylance that helps protect utilities against cyber attacks, noted that experts believe Stuxnet was delivered to its target in Iran via a USB drive. Attackers use that technique to place malicious software on computer systems that are "air gapped," or cut off from the public Internet.

"This is yet another stark reminder that even if a true 'air gap' is in place on a control network, there are still ways that malicious targeted or unintentional random infection can occur," he said.

AGING SYSTEMS

Many critical infrastructure control systems run on Windows XP and Windows 2000, operating systems that were designed more than a decade ago. They have "auto run" features enabled by default, which makes them an easy target for infection because malicious software loads as soon as a USB is plugged into the system unless operators change that setting, Clarke said.

The Department of Homeland Security's Industrial Control Systems Cyber Emergence Response Team (ICS-CERT), which helps protect critical U.S. infrastructure, described the incident in a quarterly newsletter that was accessed via its website on Wednesday.

The report from ICS-CERT described a second incident in which it said it had recently sent technicians to clean up computers infected by common as well as "sophisticated" viruses on workstations that were critical to the operations of a power generation facility.

The report did not say who the agency believed was behind the sophisticated virus or if it was capable of sabotage. DHS uses the term "sophisticated" to describe a wide variety of malicious software that is designed to do things besides commit routine cyber crimes. They include viruses capable of espionage and sabotage.

A DHS spokesman could not immediately be reached to comment on the report.

The Department of Homeland Security almost never identifies critical infrastructure operators that are hit by viruses, or even their locations, but it does provide statistics.

It said ICS-CERT responded to 198 cyber incidents reported by energy companies, public water districts and other infrastructure facilities in the fiscal year ending Sept. 30, 2012.

Attacks against the energy sector represented 41 percent of the total number of incidents in fiscal 2012. According to the report, ICS-CERT helped 23 oil and natural gas sector organizations after they were hit by a targeted spear-phishing campaign - when emails with malicious content are specifically targeted at their employees.

The water sector had the second highest number of incidents, representing 15 percent.

[American Patriot]

I wonder.....

[Phil Fiord]

Yes, wise one? What are you wondering?

[American Patriot]

Usually, the phrase wise is rarely applied to me, unless it is subsequently followed by the word "ass".....

/chuckles

[Phil Fiord]

Naw, I am saying old POS who thinks he knows it all.

Really though, I am curious what you are wondering here. The above is in jest for certain, btw.

[American Patriot]

I'm mostly wondering if the Chinese have the ability to do that... thats all

[Phil Fiord]

Ah. I am certain they do. Consider the things they have accomplished with electronics that are said to call home or are able to be disabled remotely. Thats old hat now. Also, recall back about 10 years. The massive pinging of Chinese workgroups of our routers. I mapped several and one is on my FB pics.

[vector7]

An Overwhelming Number Of Cyber-Attacks On America Are Coming From This PLA Army Building In China

Joe Weisenthal and Geoffrey Ingersoll | Feb. 18, 2013, 10:29 PM | 10,923 |

David Sanger, David Barboza, and Nicole Perlroth at the New York Times are out with a huge report tonight on Chinese cyber-attacks on US companies.
The Times got their hands on an advanced copy of report by Mandiant, a cybersecurity firm the newspaper had previously hired when it got hacked.
The most scary detail from the report is that Mandiant basically points a finger directly at the Chinese government:

The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them.

Our analysis has led us to conclude that APT1 [Advanced Persistent Threat] is likely government-sponsored and one of the most persistent of China’s cyber threat actors.

Though the White House is "aware" of the Mandiant report, they came just short of naming the Chinese government, and one intelligence official told the Times with frustration, "There are huge diplomatic sensitivities here.”

The Times notes:

Obama administration officials say they are planning to tell China’s new leaders in coming weeks that the volume and sophistication of the attacks have become so intense that they threaten the fundamental relationship between Washington and Beijing.

What's amazing is how clearly the location of the attackers can be pinpointed to a building of the People's Liberation Army.

“Either they are coming from inside Unit 61398,” Kevin Mandia, the founder and chief executive of Mandiant, told the Times in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”

The article cites a report from cyber-security firm Mandiant (which can be downloaded here) which cites the existence of a building housing PLA Unit 61398.

From the article:

The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.

From the report, here's a satellite shot of the building.


Mandiant

[American Patriot]

Security group suspects Chinese military is behind hacking attacks















By Ben Blanchard and Joseph Menn
BEIJING/SAN FRANCISCO | Tue Feb 19, 2013 1:10pm EST

(Reuters) - A secretive Chinese military unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking.


The company, Mandiant, identified the People's Liberation Army's Shanghai-based Unit 61398 as the most likely driving force behind the hacking. Mandiant said it believed the unit had carried out "sustained" attacks on a wide range of industries.


"The nature of 'Unit 61398's' work is considered by China to be a state secret; however, we believe it engages in harmful 'Computer Network Operations'," Mandiant said in a report released in the United States on Monday.


"It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively," it said.


China's Defense Ministry issued a flat denial of the accusations and called them "unprofessional". It said hacking attacks are a global problem and that China is one of world's biggest victims of cyber assaults.


"The Chinese army has never supported any hacking activity," the Defense Ministry said in a brief faxed statement to Reuters. "Statements about the Chinese army engaging in cyber attacks are unprofessional and not in line with facts."


Unit 61398 is located in Shanghai's Pudong district, China's financial and banking hub, and is staffed by perhaps thousands of people proficient in English as well as computer programming and network operations, Mandiant said in its report.


The unit had stolen "hundreds of terabytes of data from at least 141 organizations across a diverse set of industries beginning as early as 2006", it said.
Most of the victims were located in the United States, with smaller numbers in Canada and Britain. The information stolen ranged from details on mergers and acquisitions to the emails of senior employees, the company said.


The 12-storey building, which houses the unit, sits in an unassuming residential area and is surrounded by a wall adorned with military propaganda photos and slogans; outside the gate a sign warns members of the public they are in a restricted military area and should not take pictures.
There were no obvious signs of extra security on Tuesday.


The Chinese Foreign Ministry said the government firmly opposed hacking, adding that it doubted the evidence provided in the U.S. security group's report.
"Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don't know how the evidence in this so-called report can be tenable," spokesman Hong Lei told a daily news briefing.


"Arbitrary criticism based on rudimentary data is irresponsible, unprofessional and not helpful in resolving the issue."
Hong cited a Chinese study which pointed to the United States as being behind hacking in China.
"Of the above mentioned Internet hacking attacks, attacks originating from the United States rank first."


"ECONOMIC CYBER ESPIONAGE"
Some experts said they doubted Chinese government denials.


"The PLA plays a key role in China's multi-faceted security strategy, so it makes sense that its resources would be used to facilitate economic cyber espionage that helps the Chinese economy," said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike, one of Mandiant's competitors.


Though privately held and little known to the general public, Mandiant is one of a handful of U.S. cyber-security companies that specialize in attempting to detect, prevent and trace the most advanced hacking attacks, instead of the garden-variety viruses and criminal intrusions that befoul corporate networks on a daily basis.


But Mandiant does not promote its analysis in public and only rarely issues topical papers about changes in techniques or behaviors.


It has never before given the apparent proper names of suspected hackers or directly tied them to a military branch of the Chinese government, giving the new report special resonance.


The company published details of the attack programs and dummy websites used to infiltrate U.S. companies, typically via deceptive emails.


U.S. officials have complained in the past to China about sanctioned trade-secret theft, but have had a limited public record to point to.


Mandiant said it knew the PLA would shift tactics and programs in response to its report but concluded that the disclosure was worth it because of the scale of the harm and the ability of China to issue denials in the past and duck accountability.


The company traced Unit 61398's presence on the Internet - including registration data for a question-and-answer session with a Chinese professor and numeric Internet addresses within a block assigned to the PLA unit - and concluded that it was a major contributor to operations against the U.S. companies.
Members of Congress and intelligence authorities in the United States have publicized the same general conclusions: that economic espionage is an official mission of the PLA and other elements of the Chinese government, and that hacking is a primary method.
In November 2011, the U.S. National Counterintelligence Executive publicly decried China in particular as the biggest known thief of U.S. trade secrets.
The Mandiant report comes a week after U.S. President Barack Obama issued a long-awaited executive order aimed at getting the private owners of power plants and other critical infrastructure to share data on attacks with officials and to begin to follow consensus best practices on security.
Both U.S. Democrats and Republicans have said more powerful legislation is needed, citing Chinese penetration not just of the largest companies but of operations essential to a functioning country, including those comprising the electric grid.

[American Patriot]

A look at Mandiant, allegations on China hacking
	Tweet
	ASSOCIATED PRESS WASHINGTON, Feb 20: A private technology security firm described in extraordinary detail efforts it blamed on a Chinese military unit to hack into 141 businesses, mostly inside the U.S., and steal commercial secrets. China denies the claim. A look at the company, Mandiant, and why its report is significant: What is Mandiant? Mandiant was started in 2004 by Kevin Mandia, a retired U.S. Air Force officer who carved out a lucrative niche investigating computer crimes. Mandiant says it can detect and trace even quiet intrusions, such as the theft of employee passwords or trade secrets that a company otherwise might not be aware is happening. Mandiant was most recently noted for its work in helping The New York Times trace an attack on its employees´ computers to China, following a Times investigation into China´s Premier Wen Jiabao. The newspaper publicly acknowledged Mandiant´s role in the case. Are there other companies like Mandiant? Why not just call the FBI? There are other companies that specialize in cybercrime response and forensics, including CrowdStrike, Kroll Advisory Solutions, and Stroz Friedberg in New York. Others specialize in establishing and testing a company´s computer defenses and monitoring traffic to detect hackers or suspicious behavior. Companies can be reluctant to call the FBI. Businesses don´t want to hand over their most sensitive information — including computers and proprietary data — to the government and would rather maintain control of the investigation. Many companies are less concerned about tracing the origin of an attack than resuming business to make money. They also don´t want their vulnerabilities discussed in a courtroom or leaked to news organizations or shareholders, which can happen if the government were involved. Companies like Mandiant have a big financial incentive — and signed confidentiality promises — to keep names of clients secret. What did Mandiant´s report say? Why is it important? Mandiant alleges that it has traced a massive hacking campaign on U.S. businesses to a drab, white 12-story office building outside Shanghai run by "Unit 61398" of the People´s Liberation Army. The report contains some of the most extensive and detailed accusations on China´s cybersnooping publicly available, including a timeline and details of malware used. China´s PLA controls hackers: US IT security firm The U.S. government, including its intelligence agencies, almost certainly has similar and even more detailed information but it´s regarded as highly classified. Being a private company, Mandiant doesn´t have to keep its information secret, although it hasn´t released the names of the companies attacked. Why did Mandiant publish its findings? Mandiant says it was time to call out China for its systematic hacking and that releasing as many details as possible will help security professionals. It acknowledged in a statement that releasing the information was risky because it said the Chinese will change tactics now that some of its techniques are known. Mandiant also said it expects itself to be targeted, beyond what it described as an unsophisticated effort in April to trick some employees into installing malicious software disguised as a draft press release. "We expect reprisals from China as well as an onslaught of criticism," Mandiant wrote. Mandiant has an obvious commercial interest in releasing the information, too. The company said its existing customers were already warned about and protected against the techniques it discovered, and it offered a free software tool to companies and organizations to detect suspicious activity. It puts Mandiant front-and-center at a critical time on a national debate about cybersecurity. Its founder testified earlier this month to the House Intelligence Committee on hacking threats. Last week, President Barack Obama signed an executive order aimed at improving government cooperation with industry, and Congress is weighing various legislative proposals on the matter.