AN AMERICAN information-security firm has identified a secretive Chinese military unit as the likely source of hacking attacks against more than a hundred companies around the world. In a report made public on Tuesday, the firm, Mandiant, based in Alexandria, Virginia, said it could now back up suspicions it first reported in more qualified form in 2010.
The firm had said then the Chinese government may have authorised the hacking activity it had traced to China, but that there was “no way to determine the extent” of official involvement. In its new report, Mandiant upgrades its assessment. “The details we have analysed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them,” the report said.
China’s government has denied the allegations. Hong Lei, a spokesman for China’s foreign ministry, said on February 19th that China has itself been a victim of cyber-attacks, and that it enforces laws that ban such activity. “Groundless criticism is irresponsible and unprofessional, and it will not help to solve the problem," he said of the Mandiant report.
According to the report, a Shanghai-based unit of the People’s Liberation Army General Staff Department, known as Unit 61398, is staffed by hundreds and possibly thousands of people specially trained in network security, digital signal processing, covert communications and English linguistics. The unit’s 12-storey building (pictured above) has been equipped with special fibre-optic communications infrastructure “in the name of national defence”.
Mandiant said that since 2006, it has observed attacks from this unit against at least 141 companies spanning 20 major industries, including four of the seven strategic emerging industries that China has identified in its current five-year plan.
The New York Times, which hired Mandiant to investigate China-based cyber-attacks against its news operations, was the first to report on the firm’s findings. Mandiant concluded that the attacks against the newspaper had come from a different Chinese source.
In the case of the attacks described in the new report, Mandiant said it could not prove that the attacks came from within the military building it identified. But it concluded that this was the most plausible explanation for its findings. “Either they are coming from inside Unit 61398, or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighbourhood,” Kevin Mandia, the founder and chief executive of the company told the paper.