Security researchers at Mandiant have published a lengthy report [PDF], which appears to track a notorious hacking gang right to the door of a building belonging to the People's Liberation Army of China.
In its report, Mandiant says it believes it has traced a series of attacks back to the Pudong New Area on the outskirts of Shanghai, the same location as a 130,663 square foot PLA facility known as "Unit 61398".
Unit 61398 staff are said to have been trained in computer security, and are required to be proficient in the English language.
The report has caught the attention of the world's media, after the New York Times published a detailed story about the report earlier today.
It shouldn't be forgotten, of course, that the New York Times itself was recently hacked, and pointed the finger of blame firmly in the direction of China.
As we've discussed before, attribution is the key problem in these stories. How can you prove that country X was behind an internet attack, rather than - say - a patriotic hacker working from his back bedroom, or a hijacked PC controlled by a hacker in a different country?
At the same time, we shouldn't be naive. Countries around the world (not just the Chinese) are using the internet to spy on each other and gain advantage - whether it be political, financial or military.
Mandiant has certainly put together a hefty report - and it's well worth a read. Naturally, the Chinese government has debunked the claims.
Follow @gcluley
Made in China image from Shutterstock.
Mandiant has posted a Youtube video which they claim is a video screen capture of one of these Chinese spies, which they label an "APT actor" in action - creating bogus Gmail accounts, engaging in spear phishing, and connecting to and stealing files from remote servers. http://youtu.be/6p7FqSav6Ho
Not "debunked" I think - more likely "denied". Debunk implies that the story is bunk (bunkum = nonsense) to start with. Which it may be, but I don't think you or the New York Times believe that, and nor do I.
Very like the common and annoying misuse of "refute" for "reject".
You read my mind! I was just about to post this.
debunk: Expose the falseness or hollowness of (a myth, idea, or belief).
The Chinese government has done nothing of the sort. Denied, of course, but definitely not debunked.
Hello,
You write that "the Chinese government has debunked the claims" put forth by Mandiant. Do you mean that they have denied the claims? If they have, in fact, debunked the report can you point to the Chinese Government's counter-analyses?
Thank you!
I meant they have denied the claims that they hack the computers of other countries.
Reporters in Shanghai say that China's Foreign Ministry has called the report "groundless" and described the data as rudimentary.
Sorry if I used the wrong word.
You should be sorry. You're a journalist (lol). Try a dictionary some time.
Actually I'm not a journalist. :) I'm just a guy who works at a security company, and blogs a bit.
But yes, I should have been more careful with my wording. I've left it as-is above so you can carry on embarrassing me.
I tried to download the Mandiant pdf report ,but after the first page everything stops ,
the error window says ; "An error exists on this page .Acrobat may not display the page correctly.Please contact the person who created the pdf document.."
Do you think Chinese hard at work??
That video is hilarious. Hackers use their ip address to login to Gmail without re-routing or use their own phone to authenticate. They all use outdated Windows 2000 with Gui apps. In year 2013, script kiddies are still using the mid 90s Netbus technology? I thought only government contractors use those technology. Also, why would they use a FTP session that can be logged or traced back? This can't be state sponsored actors.
Sounds as though Tom Clancy was on to something with his latest book 'Threat Vector'....
And another boogieman is created to scare Americans into supporting endless wars.
We don't have the money to pay China back what we owe, but starting a war might wipe the books clean.
Graham, has anyone fact checked the content of Mandiant's report? It has quite a few problems:
- The report claims Hebei is a borough of Shanghai. Hebei province is actually 500 miles away. This place the geolocation claim more doubtful.
- Page 11 cited a Unit 61398 central building at 208 Datong Road. That is the address of Unit 61398 Kindergarten (google "site:starbaby.cn 61398"). So Mandiant thinks China's premier cyber war unit would put a preschool that's open to the public in the same place?
- The hacker DOTA was outted by Anonymous back in 2011 when Anonymous attacked HBGary (google "d0ta010 HBGary"), which begs the question who'd use compromised identity?
This report is full of holes.