Chinese army unit tied to hacks on U.S.

An infantry of hackers in one Shangai neighborhood are thought responsible for majority of attacks

Topics: China, Hacking, pla, Unit 61398, cyberattacks, Cybersecurity, New York Times, mandiant, ,

Chinese army unit tied to hacks on U.S. (Credit: Shutterstock/ Maksym Dykha)

Earlier this year, when the New York Times reported that it had been the target of hacks from China, the paper noted that the attacks were likely connected to the Chinese military. On Tuesday, the Times reported that, based on evidence confirmed by U.S. intelligence officials, there is “little doubt” that “an overwhelming percentage of the attacks on American corporations, organizations and government agencies” originate from one People’s Liberation Army unit based in the outskirts of Shanghai.

A study released Tuesday by U.S. security firm Mandiant identified PLA Unit 61398 as the most likely perpetrators of the hacks. Mandiant had been tracking hacks perpetrated by the so-called “Comment Crew” for over six years before concluding that the hackers were part of Unit 61398. Via the Times:

Unit 61398 — formally, the 2nd Bureau of the People’s Liberation Army’s General Staff Department’s 3rd Department — exists almost nowhere in official Chinese military descriptions. Yet intelligence analysts who have studied the group say it is the central element of Chinese computer espionage. The unit was described in 2011 as the “premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence” by the Project 2049 Institute, a nongovernmental organization in Virginia that studies security and policy issues in Asia.

While the Obama administration has never publicly discussed the Chinese unit’s activities, a secret State Department cable written the day before Barack Obama was elected president in November 2008 described at length American concerns about the group’s attacks on government sites. (At the time American intelligence agencies called the unit “Byzantine Candor,” a code word dropped after the cable was published by WikiLeaks.)



The majority of Comment Crew’s attacks, even those carried out against major firms like Coca-Cola to steal internal information, utilized the simple but effective spearphishing technique. Hackers gain access to entire computer networks through sending misleading emails which a user then clicks on. Security experts have expressed concern that Chinese hackers might use such techniques to control critical U.S. infrastructure. The Times noted:

What most worries American investigators is that the latest set of attacks believed coming from Unit 61398 focus not just on stealing information, but obtaining the ability to manipulate American critical infrastructure: the power grids and other utilities.

… A few years ago, administration officials say, the theft of intellectual property was an annoyance, resulting in the loss of billions of dollars of revenue. But clearly something has changed. The mounting evidence of state sponsorship, the increasing boldness of Unit 61398, and the growing threat to American infrastructure are leading officials to conclude that a far stronger response is necessary.

However, China has strongly denied involvement in any such activities. “It is unprofessional and groundless to accuse the Chinese military of launching cyberattacks without any conclusive evidence,” said China’s defense ministry last month.

Following reports on Chinese hacks targeting U.S. news publications, the Obama administration said it was considering more assertive action against this cyber-threat, although what such action might look like remains unclear. Earlier this year, the AP noted that such “actions could include threats to cancel certain visas or put major purchases of Chinese goods through national security reviews.”

Natasha Lennard

Natasha Lennard is an assistant news editor at Salon, covering non-electoral politics, general news and rabble-rousing. Follow her on Twitter @natashalennard, email nlennard@salon.com.

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 11
  • Close
  • Fullscreen
  • Thumbnails

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott and the friends with whom he recorded in middle school in Texas (photo courtesy of Dan Pickering)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Heatmiser publicity shot (L-R: Tony Lash, Brandt Peterson, Neil Gust, Elliott Smith) (photo courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott and JJ Gonson (photo courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    "Stray" 7-inch, Cavity Search Records (photo courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott's Hampshire College ID photo, 1987

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott with "Le Domino," the guitar he used on "Roman Candle" (courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Full "Roman Candle" record cover (courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott goofing off in Portland (courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Heatmiser (L-R: Elliott Smith, Neil Gust, Tony Lash, Brandt Peterson)(courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    The Greenhouse Sleeve -- Cassette sleeve from Murder of Crows release, 1988, with first appearance of Condor Avenue (photo courtesy of Glynnis Fawkes)

  • Recent Slide Shows

Comments

0 Comments

Comment Preview

Your name will appear as username ( settings | log out )

You may use these HTML tags and attributes: <a href=""> <b> <em> <strong> <i> <blockquote>