US security group suspects Chinese military is behind hacking attacks
BEIJING/SAN FRANCISCO, (Reuters) – A secretive Chinese military unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking.
The company, Mandiant, identified the People’s Liberation Army’s Shanghai-based Unit 61398 as the most likely driving force behind the hacking. Mandiant said it believed the unit had carried out “sustained” attacks on a wide range of industries.
“The nature of ‘Unit 61398’s’ work is considered by China to be a state secret; however, we believe it engages in harmful ‘Computer Network Operations’,” Mandiant said in a report released in the United States on Monday.
“It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,” it said.
The Chinese Foreign Ministry said the government firmly opposed hacking, adding that it doubted the evidence provided in the report.
“Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don’t know how the evidence in this so-called report can be tenable,” spokesman Hong Lei told a daily news briefing.
“Arbitrary criticism based on rudimentary data is irresponsible, unprofessional and not helpful in resolving the issue.”
Hong cited a Chinese study which pointed to the United States as being behind hacking in China.
“Of the above mentioned Internet hacking attacks, attacks originating from the United States rank first.”
China’s Defence Ministry did not immediately respond to faxed questions about the report.
Unit 61398 is located in Shanghai’s Pudong district, China’s financial and banking hub, and is staffed by perhaps thousands of people proficient in English as well as computer programming and network operations, Mandiant said in its report.
The unit had stolen “hundreds of terabytes of data from at least 141 organisations across a diverse set of industries beginning as early as 2006”, it said.
Most of the victims were located in the United States, with smaller numbers in Canada and Britain. The information stolen ranged from details on mergers and acquisitions to the emails of senior employees, the company said.
The 12-storey building, which houses the unit, sits in an unassuming residential area and is surrounded by a wall adorned with military propaganda photos and slogans; outside the gate a sign warns members of the public they are in a restricted military area and should not take pictures.
There were no obvious signs of extra security on Tuesday.