Unit 61398: A Chinese cyber espionage unit on the outskirts of Shanghai?

Made in China. Image from ShutterstockSecurity researchers at Mandiant have published a lengthy report [PDF], which appears to track a notorious hacking gang right to the door of a building belonging to the People’s Liberation Army of China.

In its report, Mandiant says it believes it has traced a series of attacks back to the Pudong New Area on the outskirts of Shanghai, the same location as a 130,663 square foot PLA facility known as “Unit 61398”.

Unit 61398 staff are said to have been trained in computer security, and are required to be proficient in the English language.

The report has caught the attention of the world’s media, after the New York Times published a detailed story about the report earlier today.

New York Times report

It shouldn’t be forgotten, of course, that the New York Times itself was recently hacked, and pointed the finger of blame firmly in the direction of China.

As we’ve discussed before, attribution is the key problem in these stories. How can you prove that country X was behind an internet attack, rather than – say – a patriotic hacker working from his back bedroom, or a hijacked PC controlled by a hacker in a different country?

At the same time, we shouldn’t be naive. Countries around the world (not just the Chinese) are using the internet to spy on each other and gain advantage – whether it be political, financial or military.

Mandiant has certainly put together a hefty report – and it’s well worth a read. Naturally, the Chinese government has debunked the claims.

Made in China image from Shutterstock.