China sets up special base for ‘cyber warriors’

[Zarvan]

Washington: On the outskirts of Shanghai, in a run-down neighbourhood, a People’s Liberation Army base has been built for China’s growing corps of cyber warriors.

According to the New York Times, a number of digital forensic evidence has been confirmed by American intelligence officials, who said that they have tapped into the activity of the army unit for years.



A detailed 60-page study, released by Mandiant, an American computer security firm, for the first time has tracked individual members of the most sophisticated of the Chinese hacking groups, known to many of its victims in the United States as ‘Comment Crew’ or ‘Shanghai Group’, to the doorstep of the military unit’s headquarters.

The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.

According to the report, some security firms that have tracked “Comment Crew” said that they also believe the group is state-sponsored.

A recent classified National Intelligence Estimate, issued as a consensus document for all 16 of the United States intelligence agencies, makes a strong case that many of these hacking groups are either run by army officers or are contractors working for commands like Unit 61398, according to officials with knowledge of its classified content, the report said.

While Comment Crew has hacked terabytes of data from companies like Coca-Cola, its focus is increasingly on companies involved in the critical infrastructure of the United States, which includes electrical power grid, gas lines and waterworks.

According to the security researchers, one target was a company with remote access to more than 60 percent of oil and gas pipelines in North America.

The unit was also among those that attacked the computer security firm RSA, whose computer codes protect confidential corporate and government databases.

Contacted on Monday, Chinese officials at its embassy in Washington again insisted that its government does not engage in computer hacking, and that such activity is illegal.

They describe China itself as being a victim of computer hacking, and point out, accurately, that there are many hacking groups inside the United States.

But in recent years the Chinese attacks have grown significantly, security researchers said.

Mandiant has detected more than 140 Comment Crew intrusions since 2006.

American intelligence agencies and private security firms that track many of the 20 or so other Chinese groups every day said that those groups appeared to be contractors with links to the unit.

According to the report, the White House said it was “aware” of the Mandiant report. The United States government is planning to begin a more aggressive defense against Chinese hacking groups, starting on Tuesday.

Under a directive signed by President Barack Obama last week, the government plans to share with American Internet providers information it has gathered about the unique digital signatures of the largest of the groups, including Comment Crew and others emanating from near where Unit 61398 is based.

But the government warnings will not explicitly link those groups, or the giant computer servers they use, to the Chinese army.

The question of whether to publicly name the unit and accuse it of widespread theft is the subject of ongoing debate, it added.

(ANI)
China sets up special base for

 

[GR!FF!N]

Beijing/San Francisco: A Chinese military unit is believed to be behind a series of hacking attacks, a US computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of US hacking.
The company, Mandiant, identified the People’s Liberation Army’s Shanghai-based Unit 61398 as the most likely driving force behind the hacking. Mandiant said it believed the secretive unit had carried out “sustained” attacks on a wide range of industries.
“The nature of Unit 61398’s work is considered by China to be a state secret; however, we believe it engages in harmful ‘Computer Network Operations’,” Mandiant said in a report released on Monday. It has stolen “hundreds of terabytes of data from at least 141 organizations across a diverse set of industries beginning as early as 2006, it added.
The Chinese foreign ministry said the government firmly opposed hacking, and that it doubted the evidence in the report. “Arbitrary criticism based on rudimentary data is irresponsible, unprofessional and not helpful in resolving the issue,” spokesperson Hong Lei said. He cited a Chinese study which pointed to the US as being behind hacking in China. REUTERS


Article Window

 

[Chinese-Dragon]

Governments and militaries use hackers?

I can't believe it. Who could ever imagine something like that happening!

 

[chinapakistan]

another 蓝翔技术学校? American is cute.

 

[cirr]

The Americans use their usual tactics and resort to black propaganda again。

As a matter of fact，the Americans are the biggest hackers in this world。Funnilly you never hear of Americans hacking other countries。It is ALWAYS the other way round。

 

[shuttler]

China says U.S. hacking accusations lack technical proof

 

[JanjaWeed]

Governments and militaries use hackers?

I can't believe it. Who could ever imagine something like that happening!

You are right. Never heard any govt using it's resources to indulge in clandestine activity against any other!

 

[qwerrty]

next they're going to report that the sky is blue

 

[rcrmj]

if all of those alleged hacking things were true which says either U.S information security department $uck$ big time, or we are the real 'IT superpower'``

 

[qwerrty]

with all hyping up of china this and that.. i highly doubt they even equal to a quarter of the NSA's capabilities

 

[Arav_Rana]

if all of those alleged hacking things were true which says either U.S information security department $uck$ big time, or we are the real 'IT superpower'``

No doubt, China is super power in IT field.
In 2010 , world traffic ( specially US ) was diverted to pass through China servers

Internet traffic was routed via Chinese servers - Washington Times.

 

[shuttler]

It is absolutely necessary for our own defense!

 

[qwerrty]

No doubt, China is super power in IT field.
In 2010 , world traffic ( specially US ) was diverted to pass through China servers

Internet traffic was routed via Chinese servers - Washington Times.

that's a load of crap

China Hijacks 15% of Internet Traffic?
by Craig Labovitz

On Wednesday, the US China Economic and Security Review Commission released a wide-ranging report on China trade, capital markets, human rights, WTO compliance, and other topics. If you have time to spare, here is a link to the 324 page report.

Tucked away in the hundreds of pages of China analysis is a section on the Chinese Internet, including the well-documented April 8, 2010 BGP hijack of several thousand routes (starting on page 244).

To review, shortly around 4am GMT on April 8th a Chinese Internet provider announced 40,000 routes belonging to other ISPs / enterprises around the world (though many were for China based companies). During a subsequent roughly 15 minute window, a small percentage of Internet providers around the world redirected traffic for a small percentage of these routes to Chinese address space. RIPE provides a link to a list of some of these prefixes (as well as indicating the impact on European carriers was minimal) and Andree Toonk and his colleagues at BGPmon have a nice synopsis at the BGPMon blog.

Following shortly on the heels of the China hijack of DNS addresses in March, the April BGP incident generated a significant amount of discussion in the Internet engineering community.


panic

Any corruption of DNS or global routing data (whatever the motive) is a cause of significant concern and reiterates the need for routing and DNS security. But in an industry crowded with security marketing and hype, it is important we limit the hyperbole and keep the discussion focused around the legitimate long-term infrastructure security threats and technical realities.

So, it was with a bit of a surprise that I watched an alarmed Wolf Blitzer report on prime time CNN about the China hijack of “15% of the Internet” last night. A bit less diplomatic, a discussion thread on the North American Network Operator Group (NANOG) mailing list called media reports an exaggeration or “complete FUD”. Also on the NANOG mailing list, Bob Poortinga writes “This article … is full of false data. I assert that much less than 15%, probably on the order of 1% to 2% (much less in the US) was actually diverted.”

If you read the USCESRC report, the committee only claims China hijacked “massive volumes” of Internet traffic but never get as specific as an exact percentage. The relevant excerpt from the report below:


The USCESRC cites the BGPMon blog as the source of data on “massive traffic volumes”. But curiously, the BGPMon blog makes no reference to traffic — only the number of routes.

You have to go to a National Defense interview with Dmitri Alperovitch, vice president of threat research at McAfee, to first come up with the 15% number. Several hundred media outlets, including CNN, the Wall Street Journal, Time Magazine and many more picked up this interview and eagerly reported on China’s hijack of “massive Internet traffic volumes of 15% or more”.

Now certainly, diverting 15% of the Internet even for just 15 minutes would be a major event. But as earlier analysis by Internet researchers suggested, this hijack had limited impact on the Internet routing infrastructure — most of the Internet ignored the hijack for various technical reasons.

And indeed, ATLAS data from 80 carriers around the world graphed below shows little statistically significant increase due to the hijack on April 8, 2010. I highlight April 8th in yellow and each bar shows the maximum five minute traffic volume observed each day in April going to the Chinese provider at the center of the route hijack.


china hijack

While traffic may have exhibited a modest increase to the Chinese Internet provider (AS23724), I’d estimate diverted traffic never topped a handful of Gbps. And in an Internet quickly approaching 80-100 Tbps, 1-3 Gbps of traffic is far from 15% (it is much closer to 0.015%).

In fairness, I should note that I don’t know how Mr. Alperovitch obtained his 15% number (the article does not say) and a hijack of 40k routes out of a default-free table of ~340K is not far from fifteen percent. But of course, routes are different from traffic. I also add that both China denied the hijack and some Internet researchers suspect the incident was likely accidental.

The global BGP Internet routing system is incredibly insecure. Fifteen years ago, I wrote a PhD thesis (link available here) using experiments in part capitalizing on the lack of routing security. My research injected hundreds of thousands fake routes (harmless!) into the Internet and redirected test traffic over the course of two years. A decade or more later, none of the many BGP security proposals have seen significant adoption due to a lack of market incentives and non-legitimate routes still regularly get announced and propagated by accident or otherwise. Overall, the Internet routing system still relies primarily on trust (or “routing by rumor” if you are more cynical).

We need to fix Internet infrastructure security, but we also need to be precise in our analysis of the problems.

UPDATE: Additional discussion and statistics on the incident are now available in a follow-up blog at *ttp://asert.arbornetworks.com/2010/11/additional-discussion-of-the-april-china-bgp-hijack-incident.

- Craig

 

[GR!FF!N]

BEIJING (Reuters) - Accusations by a U.S. computer security company that a secretive Chinese military unit is likely behind a series of hacking attacks are scientifically flawed and hence unreliable, China's Defence Ministry said on Wednesday.

The statement came after the White House said overnight that the Obama administration has repeatedly taken up its concerns about cyber-theft at the highest levels of the Chinese government, including with Chinese military officials.

The security company, Mandiant, identified the People's Liberation Army's Shanghai-based Unit 61398 as the most likely driving force behind the hacking. Mandiant said it believed the unit had carried out "sustained" attacks on a wide range of industries.

The Chinese Defence Ministry, which has already denied the charges, went further in a new statement, slamming Mandiant for relying on spurious data.

"The report, in only relying on linking IP address to reach a conclusion the hacking attacks originated from China, lacks technical proof," the ministry said in a statement on its website (??????????).

"Everyone knows that the use of usurped IP addresses to carry out hacking attacks happens on an almost daily basis," it added.

"Second, there is still no internationally clear, unified definition of what consists of a 'hacking attack'. There is no legal evidence behind the report subjectively inducing that the everyday gathering of online (information) is online spying."

As hacking is a cross-border, anonymous and deceptive phenomenon, by its very nature it is hard to work out exactly where hacks originated, the statement said.

Chinese Foreign Ministry spokesman Hong Lei, asked about the U.S. taking up its concerns about hacking with Beijing, said: "China and the U.S. have maintained communication over the relevant issue".

Unit 61398 is located in Shanghai's Pudong district, China's financial and banking hub, and is staffed by perhaps thousands of people proficient in English as well as computer programming and network operations, Mandiant said in its report.

The unit had stolen "hundreds of terabytes of data from at least 141 organizations across a diverse set of industries beginning as early as 2006", it said.

Most of the victims were located in the United States, with smaller numbers in Canada and Britain. The information stolen ranged from details on mergers and acquisitions to the emails of senior employees, the company said.

But the Chinese Defence Ministry said China's own figures show that a "considerable" number of hacking attacks it is subjected to come from the United States.

"But we don't use this as a reason to criticize the United States," the ministry said.

However, the Global Times, a widely read tabloid published by Communist Party mouthpiece the People's Daily, said China should be more active in publicly airing its complaints about hacking attacks, especially as the United States does so.

"Some officials have been punished for internally reporting that government websites have been hacked and secrets leaked, but almost no details have come out," it wrote.

"The Americans really know how to talk this (issue) up. All China can do is concede defeat."


China says U.S. hacking accusations lack technical proof - Yahoo! News








Canada hit by hackers believed backed by secretive Chinese government unit





Canada is among the countries that has been targeted by a sophisticated hacking group believed to be backed by a secretive unit of the Chinese government, according to a report released Tuesday by an American computer security firm.

The report by Mandiant identified the hackers, known collectively as APT1, as “one of the most prolific cyber-espionage groups” and suggested they were supported by Shanghai-based Unit 61398 of the People’s Liberation Army.

The hackers have waged attacks on an array of industries, mostly in the United States, but also in Britain and Canada, including an attack last September on Calgary-based Telvent Canada, which provides IT systems for critical infrastructure, the report said.

China’s Foreign Ministry dismissed the report Tuesday as “groundless,” and the Defence Ministry denied any involvement in hacking attacks.

But David Skillicorn, a computing professor and cyber-hacking expert at Queen’s University, said the evidence contained in the report was “damning.”

“It can’t be anything but Chinese government-sponsored,” he said. “This is a huge pile of evidence.”

Particularly worrisome, Skillicorn said, is that the Chinese hackers may not just be setting their sights on stealing companies’ secrets but could be looking to target critical infrastructure as well, which could have “disastrous” consequences.

Last September, Telvent Canada, which creates software to help monitor energy-related infrastructure, including power grids and oil and gas pipelines, notified its customers about a security breach.

The computer security blog KrebsOnSecurity.com reported at the time that the breach spanned operations in the U.S., Canada and Spain, and that a Chinese hacking group was likely to blame.

The Mandiant report said Tuesday that its analysts linked the attack to APT1 “based on the tools and infrastructure that the hackers used to exploit and gain access to the system.”

Martin Hanna, a spokesman for Schneider Electric, which owns Telvent, said in an email that the company has been working with its customers and is also actively working with law enforcement and security specialists.

APT1, which is also known in the security community as “Comment Crew,” has been responsible for stealing hundreds of terabytes of data since 2006 from at least 141 organizations spanning 20 industries — including information technology, aerospace, public administration, satellite and telecommunications, scientific research and energy, the Mandiant report said.

Targeting mostly English-speaking countries, this group of hackers has been able to access organizations’ technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists, the report said.

Mandiant said it traced APT1’s activities to four networks in Shanghai, two of which serve the Pudong New Area, which is also where the Chinese army’s Unit 61398 is located.

Unit 61398 is staffed by hundreds, perhaps thousands of people Its personnel are trained in computer security and computer network operations and are required to be proficient in English, Mandiant said.

“The nature of APT1’s targeted victims and the group’s infrastructure and tactics align with the mission and infrastructure of PLA Unit 61398,” the report concluded.

Joe Stewart, director of malware research for Dell SecureWorks, said in an interview Tuesday that though he was hesitant to draw a direct link between APT1 and the Chinese government, the proof offered by Mandiant was pretty convincing.

The security community has been discussing a “Shanghai nexus” for Chinese-based attacks as far back as 2011, he said.

Stewart said though the Chinese hackers have launched attacks on energy infrastructure companies, it remains unclear whether they intend to do any harm to physical infrastructure.

Still, the ongoing attacks should serve as a wake-up call to organizations to protect themselves. While some companies have heeded the warnings, others don’t seem to want to admit their vulnerabilities and are “just burying it internally,” he said.

U.S. President Barack Obama addressed cyber-security during his state of the union address last week.

“We know foreign countries and companies swipe our corporate secrets,” Obama said. “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”

Skillicorn, the Queen’s professor, said he doesn’t think the Canadian government has addressed the cyber-security problem sufficiently and currently lacks a clear lead agency on the matter. He suggested that Communications Security Establishment Canada could fulfil that role.

Julie Carmichael, a spokeswoman for Public Safety Minister Vic Toews, said Public Safety Canada is the lead on cyber security.

“Our government takes cyber security seriously and operates on the advice of security experts,” she said in an email. “Our government recently made significant investments ($245 million) in a Cyber Security Strategy designed to defend against electronic threats, hacking and cyber espionage,” Carmichael said.


http://o.canada.com/2013/02/19/cana...-backed-by-secretive-chinese-government-unit/

 

[Arav_Rana]

that's a load of crap

That guy is telling about the % of possible diverted traffic. Even it is not 15%, But still China diverted the traffic.
To do this you need a lot of skills and most important resources.


And, his claim about BGP a bit right, but upgrading this protocol is tough and replacing BGP just becz of some security concern is not possible. As BGP is EGP, this is not possible to fix all things in short time.