SALON

Tuesday, Feb 19, 2013 2:00 PM UTC

Chinese army unit tied to hacks on U.S.

An infantry of hackers in one Shangai neighborhood are thought responsible for majority of attacks

By

Topics: China, Hacking, pla, Unit 61398, cyberattacks, Cybersecurity, New York Times, mandiant, ,

Chinese army unit tied to hacks on U.S. (Credit: Shutterstock/ Maksym Dykha)

Earlier this year, when the New York Times reported that it had been the target of hacks from China, the paper noted that the attacks were likely connected to the Chinese military. On Tuesday, the Times reported that, based on evidence confirmed by U.S. intelligence officials, there is “little doubt” that “an overwhelming percentage of the attacks on American corporations, organizations and government agencies” originate from one People’s Liberation Army unit based in the outskirts of Shanghai.

A study released Tuesday by U.S. security firm Mandiant identified PLA Unit 61398 as the most likely perpetrators of the hacks. Mandiant had been tracking hacks perpetrated by the so-called “Comment Crew” for over six years before concluding that the hackers were part of Unit 61398. Via the Times:

Unit 61398 — formally, the 2nd Bureau of the People’s Liberation Army’s General Staff Department’s 3rd Department — exists almost nowhere in official Chinese military descriptions. Yet intelligence analysts who have studied the group say it is the central element of Chinese computer espionage. The unit was described in 2011 as the “premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence” by the Project 2049 Institute, a nongovernmental organization in Virginia that studies security and policy issues in Asia.

While the Obama administration has never publicly discussed the Chinese unit’s activities, a secret State Department cable written the day before Barack Obama was elected president in November 2008 described at length American concerns about the group’s attacks on government sites. (At the time American intelligence agencies called the unit “Byzantine Candor,” a code word dropped after the cable was published by WikiLeaks.)

The majority of Comment Crew’s attacks, even those carried out against major firms like Coca-Cola to steal internal information, utilized the simple but effective spearphishing technique. Hackers gain access to entire computer networks through sending misleading emails which a user then clicks on. Security experts have expressed concern that Chinese hackers might use such techniques to control critical U.S. infrastructure. The Times noted:

What most worries American investigators is that the latest set of attacks believed coming from Unit 61398 focus not just on stealing information, but obtaining the ability to manipulate American critical infrastructure: the power grids and other utilities.

… A few years ago, administration officials say, the theft of intellectual property was an annoyance, resulting in the loss of billions of dollars of revenue. But clearly something has changed. The mounting evidence of state sponsorship, the increasing boldness of Unit 61398, and the growing threat to American infrastructure are leading officials to conclude that a far stronger response is necessary.

However, China has strongly denied involvement in any such activities. “It is unprofessional and groundless to accuse the Chinese military of launching cyberattacks without any conclusive evidence,” said China’s defense ministry last month.

Following reports on Chinese hacks targeting U.S. news publications, the Obama administration said it was considering more assertive action against this cyber-threat, although what such action might look like remains unclear. Earlier this year, the AP noted that such “actions could include threats to cancel certain visas or put major purchases of Chinese goods through national security reviews.”

Natasha Lennard is an assistant news editor at Salon, covering non-electoral politics, general news and rabble-rousing. Follow her on Twitter @natashalennard, email nlennard@salon.com. More Natasha Lennard.

Next Article

Related Stories

More Related Stories

Featured Slide Shows

The week in 10 pics

close X
  • Share on Twitter
  • Share on Facebook
  • Thumbnails
  • Fullscreen
  • 1 of 11
  • This photo. President Barack Obama has a laugh during the unveiling of the George W. Bush Presidential Center in Dallas, Tx., Thursday. Former first lady Barbara Bush, who candidly admitted this week we've had enough Bushes in the White House, is unamused.
    Reuters/Jason Reed

  • Rescue workers converge Wednesday in Savar, Bangladesh, where the collapse of a garment building killed more than 300. Factory owners had ignored police orders to vacate the work site the day before.
    AP/A.M. Ahad

  • Police gather Wednesday at the Massachusetts Institute of Technology to honor campus officer Sean Collier, who was allegedly killed in a shootout with the Boston Marathon bombing suspects last week.
    AP/Elise Amendola

  • Police tape closes the site of a car bomb that targeted the French embassy in Libya Tuesday. The explosion wounded two French guards and caused extensive damage to Tripoli's upscale al-Andalus neighborhood.
    AP/Abdul Majeed Forjani

  • Protestors rage outside the residence of Indian Prime Minister Manmohan Singh Sunday following the rape of a 5-year-old girl in New Delhi. The girl was allegedly kidnapped and tortured before being abandoned in a locked room for two days.
    AP/Manish Swarup

  • Clarksville, Mo., residents sit in a life boat Monday after a Mississippi River flooding, the 13th worst on record.
    AP/Jeff Roberson

  • Workers pause Wednesday for a memorial service at the site of the West, Tx., fertilizer plant explosion, which killed 14 people and left a crater more than 90 feet wide.
    AP/The San Antonio Express-News, Tom Reel

  • Aerial footage of the devastation following a 7.0 magnitude earthquake in China's Sichuan province last Saturday. At least 180 people were killed and as many as 11,000 injured in the quake.
    AP/Liu Yinghua

  • On Wednesday, Hazmat-suited federal authorities search a martial arts studio in Tupelo, Miss., once operated by Everett Dutschke, the newest lead in the increasingly twisty ricin case. Last week, President Barack Obama, Sen. Roger Wicker, R.-Miss., and a Mississippi judge were each sent letters laced with the deadly poison.
    AP/Rogelio V. Solis

  • The lighting of Freedom Hall at the George W. Bush Presidential Center Thursday is celebrated with (what else but) red, white and blue fireworks.
    AP/David J. Phillip

  • Recent Slide Shows

  • Share on Twitter
  • Share on Facebook
  • Thumbnails
  • Fullscreen
  • 1 of 11

Related Videos

Comments

 5 Comments

Comment Preview

Your name will appear as username

You may use these HTML tags and attributes: <a href=""> <b> <em> <strong> <i> <blockquote>

follow salon

Most Read

Popular on Reddit

links from salon.com

vote
Facebook has been used to find ex-lovers, childhood BFFs or the one who got away. He used it to find the guy who, without his consent, made him his drug mule.
245 points246 points | 23 comments
vote
“This could be a career ender for Michele Bachmann”
158 points159 points | 68 comments
vote
Poll: 3 in 10 voters say “armed revolution might be necessary” - 29% say they believe they'll have to act "in order to protect our liberties" in the next few years
47 points48 points | 16 comments
vote
"New evidence reveals big banks still illegally foreclosing on thousands of homes – and weak settlement allows it."
28 points29 points | comment
vote
Are millennials delusional? New research suggests that members of "Generation Me" are warped by a profound sense of entitlement
24 points25 points | 16 comments

From Around the Web

Presented by Scribol
listener_new_rect The Listener: "The Shelter Cycle": Raised in a cult

Recommendations