This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.guardian.co.uk/technology/2013/feb/19/china-hacker-attacks-west
The article has changed 5 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| China 'aiding hacker attacks on west' | China 'aiding hacker attacks on west' |
| (35 minutes later) | |
| The Chinese government is directly aiding thousands of computer attacks against western companies and defence groups by top-level hackers based in Shanghai, according to a new study which warns that they have stolen vast amounts of data from their targets. | The Chinese government is directly aiding thousands of computer attacks against western companies and defence groups by top-level hackers based in Shanghai, according to a new study which warns that they have stolen vast amounts of data from their targets. |
| Mandiant, a security company which has been investigating attacks against western organisations for more than six years, says in a report (PDF) that the attacks come from a 12-storey building belonging to the People's Liberation Army (PLA) General Staff's Department, also known as Unit 61398, in Shanghai. | Mandiant, a security company which has been investigating attacks against western organisations for more than six years, says in a report (PDF) that the attacks come from a 12-storey building belonging to the People's Liberation Army (PLA) General Staff's Department, also known as Unit 61398, in Shanghai. |
| The discovery will further raise the temperature in the intergovernmental cyberwars, which have heated up in recent years as the US, Israel, Iran, China and UK have all used computer subterfuge to undermine rival state or terrorist organisations. One security expert warned that companies in high-profile fields should assume that they will be targeted and hacked – and build systems that will fence sensitive data off from each other. "We need to concentrate less on building castles and assuming they'll be impervious, and more on building better dungeons so that when people get in they can't get anything else," said Rik Ferguson, global vice-president of security research at rival company Trend Micro. | The discovery will further raise the temperature in the intergovernmental cyberwars, which have heated up in recent years as the US, Israel, Iran, China and UK have all used computer subterfuge to undermine rival state or terrorist organisations. One security expert warned that companies in high-profile fields should assume that they will be targeted and hacked – and build systems that will fence sensitive data off from each other. "We need to concentrate less on building castles and assuming they'll be impervious, and more on building better dungeons so that when people get in they can't get anything else," said Rik Ferguson, global vice-president of security research at rival company Trend Micro. |
| Mandiant says that Unit 61398 could house "hundreds or thousands" of people and has military-grade high-speed fibre-optic connections from China Mobile, the world's largest telecoms carrier. "The nature of Unit 61398's work is considered by China to be a state secret; however, we believe it engages in harmful computer network operations," Mandiant said in the report. It said it has been operating since 2006, and is one of the most prolific hacking groups "in terms of quantity of information stolen" – which it put at hundreds of terabytes, enough for thousands of 3D designs and blueprints. | Mandiant says that Unit 61398 could house "hundreds or thousands" of people and has military-grade high-speed fibre-optic connections from China Mobile, the world's largest telecoms carrier. "The nature of Unit 61398's work is considered by China to be a state secret; however, we believe it engages in harmful computer network operations," Mandiant said in the report. It said it has been operating since 2006, and is one of the most prolific hacking groups "in terms of quantity of information stolen" – which it put at hundreds of terabytes, enough for thousands of 3D designs and blueprints. |
| "APT1", as Mandiant calls it, is only one of 20 groups that Mandiant says has carried out scores of hacking attacks against businesses and organisations in the west to surreptitiously steal copious amounts of data without the owners' knowledge. The industries affected all work in industries viewed as "strategic" by the Chinese government. | "APT1", as Mandiant calls it, is only one of 20 groups that Mandiant says has carried out scores of hacking attacks against businesses and organisations in the west to surreptitiously steal copious amounts of data without the owners' knowledge. The industries affected all work in industries viewed as "strategic" by the Chinese government. |
| A typical attack would leave software that hid its presence from the user or administrator and silently siphoned data to a remote server elsewhere on the internet at the instruction of a separate "command and control" (C&C) computer. By analysing the hidden software, the pattern of connections and links from the C&C server the team at Mandiant said it was confident of the source of the threat. | A typical attack would leave software that hid its presence from the user or administrator and silently siphoned data to a remote server elsewhere on the internet at the instruction of a separate "command and control" (C&C) computer. By analysing the hidden software, the pattern of connections and links from the C&C server the team at Mandiant said it was confident of the source of the threat. |
| Mandiant said: "It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively." | Mandiant said: "It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively." |
| A Chinese foreign ministry spokesman denied the government was behind the attacks, saying on Tuesday: "Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don't know how the evidence in this so-called report can be tenable. Arbitrary criticism based on rudimentary data is irresponsible, unprofessional and not helpful in resolving the issue." | A Chinese foreign ministry spokesman denied the government was behind the attacks, saying on Tuesday: "Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don't know how the evidence in this so-called report can be tenable. Arbitrary criticism based on rudimentary data is irresponsible, unprofessional and not helpful in resolving the issue." |
| But Ferguson told the Guardian: "This is a pretty compelling report, with evidence collected over a prolonged period of time. It points very strongly to marked Chinese involvement." Mandiant, based in Alexandria, Virginia in the US, investigated the New York Times break-in and suggested it had come from Chinese sources. | But Ferguson told the Guardian: "This is a pretty compelling report, with evidence collected over a prolonged period of time. It points very strongly to marked Chinese involvement." Mandiant, based in Alexandria, Virginia in the US, investigated the New York Times break-in and suggested it had come from Chinese sources. |
| President Obama is already beefing up US cybersecurity, introducing an executive order in his state of the union speech earlier in February which would let the government work with the private sector to tend off hacking. But that will take until February 2014 to have a final version ready for implementation. | President Obama is already beefing up US cybersecurity, introducing an executive order in his state of the union speech earlier in February which would let the government work with the private sector to tend off hacking. But that will take until February 2014 to have a final version ready for implementation. |
| The revelation comes just days after the New York Times, Wall Street Journal and Washington Post, as well as the social networks Facebook and Twitter, said that they had been subjected to "highly sophisticated" hacks which in some cases were focussd on correspondents writing about China and its government. | The revelation comes just days after the New York Times, Wall Street Journal and Washington Post, as well as the social networks Facebook and Twitter, said that they had been subjected to "highly sophisticated" hacks which in some cases were focussd on correspondents writing about China and its government. |
| Separate investigations by the computer company Dell working with news company Bloomberg tracked down another alleged hacker, Zhang Changhe, who had written a number of papers on PC hacking – and who works at the PLA's "Information Engineering University" in Zhengzhou, in Henan province in north-central China. | Separate investigations by the computer company Dell working with news company Bloomberg tracked down another alleged hacker, Zhang Changhe, who had written a number of papers on PC hacking – and who works at the PLA's "Information Engineering University" in Zhengzhou, in Henan province in north-central China. |
| The allegations will raise the temperature in an ongoing "cyberwar" between the west and China, which has been steadily rising since the Pentagon and MI6 uncovered "Titan Rain", a scheme that tried to siphon data from the Pentagon and the House of Commons in 2006 – which one security expert said at the time dated back at least to 2004. | The allegations will raise the temperature in an ongoing "cyberwar" between the west and China, which has been steadily rising since the Pentagon and MI6 uncovered "Titan Rain", a scheme that tried to siphon data from the Pentagon and the House of Commons in 2006 – which one security expert said at the time dated back at least to 2004. |
| Ferguson suggested that western governments are also carrying out attacks against Chinese targets – "but that's not a culture which would open up about being hit. I would be surprised and disappointed if most western nations don't have a cybersecurity force." | Ferguson suggested that western governments are also carrying out attacks against Chinese targets – "but that's not a culture which would open up about being hit. I would be surprised and disappointed if most western nations don't have a cybersecurity force." |
| The Stuxnet virus which hit Iran's uranium reprocessing plant in 2010 is believed to have been written jointly by the US and Israel, while Iranian sources are believed to have hacked companies which issue email security certificates so that they could crack secure connections used by Iranian dissidents on Google's Gmail system. China's is also reckoned to have been behind the hacking of Google's email servers in that country in late 2009 – which files from Wikileaks suggested was government-inspired. | The Stuxnet virus which hit Iran's uranium reprocessing plant in 2010 is believed to have been written jointly by the US and Israel, while Iranian sources are believed to have hacked companies which issue email security certificates so that they could crack secure connections used by Iranian dissidents on Google's Gmail system. China's is also reckoned to have been behind the hacking of Google's email servers in that country in late 2009 – which files from Wikileaks suggested was government-inspired. |
| A timeline of government-sponsored hacking attacks | |
| 2004 suspected: Chinese group in Shanghai begins probing US companies and military targets. | |
| 2005: "Titan Rain" pulls data from the Pentagon's systems, and a specialist says of a December 2005 attack on the House of Commons computer system that "The degree of sophistication was extremely high. They were very clever programmers." | |
| 2007: Estonia's government and other internet services are knocked offline by a coordinated attack from more than a million computers around the world – reckoned to have been run from a group acting at the urging of the Russian government. Nobody is ever arrested over the attack. | |
| 2008: Russia's government is suspected of carrying out a cyberattack to knock out government and other websites inside Georgia, with which it is fighting a border skirmish over the territory of Ossetia. | |
| December 2009: Google's email systems in China are hacked by a group which tries to identify and take over the accounts of Chinese dissidents. Google withdraws its search engine from the Chinese mainland in protest at the actions. Wikileaks cables suggest that the Chinese government was aware of the hacking. | |
| 2010: The Flame virus begins silently infecting computers in Iran. It incorporates cutting-edge cryptography breakthroughs which would require world-class experts to write. That is then used to infect Windows PCs via the Windows Update mechanism which normally creates a cryptographically secure link to Microsoft. Instead, Flame puts software that watches every keystroke and frame on the PC. Analysts say that only a "wealthy" nation state could have written the virus, which breaks new ground in encryption. | |
| The Stuxnet worm is discovered to have been affecting systems inside Iran's uranium reprocessing establishment, passing from Windows PCs to the industrial systems which control centrifuges that separate out heavier uranium. The worm makes the centrifuges spin out of control, while suggesting on their control panel that they are operating normally – and so break them. Iran denies that the attack has affected its project. The US and Israel are later fingered as being behind the code. | |
| September 2011: a new virus that silently captures data from transactions in Middle Eastern online banking is unleashed. The principal targets use Lebanese banks. It is not identified until August 2012, when Russian security company Kaspersky discovers the name "Gauss" embedded inside it. The company says the malware it is "nation state-sponsored" – probably by a western state seeking to trace transactions by specific targets. | |
| 2012: About 30,000 Windows PCs at Saudi Aramco, the world's most valuable company, are rendered unusable after a virus called "Shamoon" wipes and corrupts data and the part of the hard drive needed to "bootstrap" the machine when it is turned on. In the US, Secretary of Defense Leon Panetta described Shamoon as "one of the most destructive viruses ever" and suggested it could be used to launch an attack as destructive as the 9/11 attacks of 2001. |