The Intelligence Center of computer security firm Mandiant has identified the majority of highly sophisticated attacks on the U.S. to have originated by 4 networks in a bland, twelve story building in Shanghai which houses (allegedly) a super secret cyber warfare unit of China’s Army.
“Highlights of the report include:
- Evidence linking APT1 to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Cover Designator 61398).
- A timeline of APT1 economic espionage conducted since 2006 against 141 victims across multiple industries.
- APT1′s modus operandi (tools, tactics, procedures) including a compilation of videos showing actual APT1 activity.
- The timeline and details of over 40 APT1 malware families.
- The timeline and details of APT1′s extensive attack infrastructure.
Mandiant is also releasing a digital appendix with more than 3,000 indicators to bolster defenses against APT1 operations. This appendix includes:
- Digital delivery of over 3,000 APT1 indicators, such as domain names, IP addresses, and MD5 hashes of malware.
- Thirteen (13) X.509 encryption certificates used by APT1.
- A set of APT1 Indicators of Compromise (IOCs) and detailed descriptions of over 40 malware families in APT1′s arsenal of digital weapons.
- IOCs that can be used in conjunction with Redline™, Mandiant’s free host-based investigative tool, or with Mandiant Intelligent Response® (MIR), Mandiant’s commercial enterprise investigative tool.”
Mandiant went on to say how the decision to publish outweighed and possibly impaired their own discovery methods for the public good.
You can read the report here: http://intelreport.mandiant.com/
The Foreign Ministry of the PRC has denied the charge:
"To make groundless accusations based on some rough material is neither responsible nor professional," Hong told reporters at a regularly scheduled news conference. In a reiteration of China's standard response to such accusations, Hong said China strictly outlaws hacking and said the country itself was a major victim of such crimes, including attacks originating in the United States. "As of now, the cyberattacks and cybercrimes China has suffered are rising rapidly every year," Hong said.” – http://www.google.com/hostednews/ap/article/ALeqM5gqGzo86yXzI9q8-HN1zYXx7QVgog?docId=03e227bd185041cd95972d4dc26f2e20
Mandiant provided an advance copy of its report to The New York Times, saying it hoped to “bring visibility to the issues addressed in the report.” Times reporters then tested the conclusions with other experts, both inside and outside government, who have examined links between the hacking groups and the army (Mandiant was hired by The New York Times Company to investigate a sophisticated Chinese-origin attack on its news operations, but concluded it was not the work of Comment Crew, but another Chinese group. The firm is not currently working for the Times Company but it is in discussions about a business relationship.) - http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?smid=tw-nytimestech&seid=auto&_r=1&
President Obama signed an Executive Order last week which is essentially the most disputed part of CISPA, enabling companies to share threat related security information with the government.
“Under a directive signed by President Obama last week, the government plans to share with American Internet providers information it has gathered about the unique digital signatures of the largest of the groups, including Comment Crew and others emanating from near where Unit 61398 is based … There are huge diplomatic sensitivities here,” said one intelligence official, with frustration in his voice.
But Obama administration officials say they are planning to tell China’s new leaders in coming weeks that the volume and sophistication of the attacks have become so intense that they threaten the fundamental relationship between Washington and Beijing.” – ibid
To me this all means, “China holds too much American paper, the trade balance, the manufacturing capability, and basically has pwned us.”
In my opinion, this needs to stop. It needs to stop NOW. It’s time to protect our I.P., and our companies. Either grow a pair, or just give up and let China roll over us. Make it clear. Draw the line.