Chinese hackers increasingly professional

2013-02-25 14:36
(Picture: <a href=\\http://www.shutterstock.com\\>Shutterstock</a>)

(Picture: Shutterstock)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

kalahari.com

Beijing – Beijing hotly denies accusations of official involvement in massive cyber attacks against foreign targets, insinuating such activity is the work of rogues. But at least one element cited by internet experts points to professional cyber spies: China's hackers take the weekend off.

Accusations of state-sanctioned hacking took centre stage this past week following a detailed report by a US-based internet security firm Mandiant that added to growing suspicions that the Chinese military is not only stealing national defence secrets and harassing dissidents but also pilfering information from foreign companies that could be worth millions or even billions of dollars.

Experts say Chinese hacking attacks are characterised not only by their brazenness, but by their persistence.

"China conducts at least an order of magnitude more than the next country," said Martin Libicki, a specialist on cyber warfare at the Rand Corporation, based in Santa Monica, California.

"The fact that hackers take weekends off suggests they are paid, and that would put paid to the notion that the hackers are private."

Hacking pattern

Libicki and other cyber warfare experts have long noted a Monday-through-Friday pattern in the intensity of attacks believed to come from Chinese sources, though there has been little evidence released publicly directly linking the Chinese military to the attacks.

Mandiant went a step further in its report on Tuesday saying that it had traced hacking activities against 141 foreign entities in the US, Canada, Britain and elsewhere to a group of operators known as the "Comment Crew" or "APT1", for "Advanced Persistent Threat 1", which it traced back to the People's Liberation Army Unit 61398. The unit is headquartered in a nondescript 12-story building inside a military compound in a crowded suburb of China's financial hub of Shanghai.

Attackers stole information about pricing, contract negotiations, manufacturing, product testing and corporate acquisitions, the company said.

Hacker teams regularly began work, for the most part, at 8:00 Beijing time. Usually they continued for a standard work day, but sometimes the hacking persisted until midnight. Occasionally, the attacks stopped for two-week periods, Mandiant said, though the reason was not clear.

China denies any official involvement, calling such accusations "groundless" and insisting that Beijing is itself a major victim of hacking attacks, the largest number of which originates in the US. While not denying hacking attacks originated in China, foreign ministry spokesperson Hong Lei said on Thursday that it was flat out wrong to accuse the Chinese government or military of being behind them.

Mandiant and other experts believe Unit 61398 to be a branch of the PLA General Staff's Third Department responsible for collection and analysis of electronic signals such as e-mails and phone calls. It and the Fourth Department, responsible for electronic warfare, are believed to be the PLA units mainly responsible for infiltrating and manipulating computer networks.

China acknowledges pursuing these strategies as a key to delivering an initial blow to an opponent's communications and other infrastructure during wartime – but the techniques are often the same as those used to steal information for commercial use.

China has consistently denied state-sponsored hacking, but experts say the office hours that the cyberspies keep point to a professional army rather than mere hobbyists or so-called "hacktivists" inspired by patriotic passions.

Mandiant noticed that pattern while monitoring attacks on the New York Times last year blamed on another Chinese hacking group it labeled APT12. Hacker activity began at around 8:00 Beijing time and usually lasted through a standard workday.

The Rand Corporation's Libicki said he wasn't aware of any comprehensive studies, but that in such cases, most activity between malware embedded in a compromised system and the malware's controllers takes place during business hours in Beijing's time zone.

Richard Forno, director of the University of Maryland Baltimore County's graduate cybersecurity program, and David Clemente, a cybersecurity expert with independent analysis center Chatham House in London, said that observation has been widely noted among cybersecurity specialists.

"It would reflect the idea that this is becoming a more routine activity and that they are quite methodical," Clemente said.

The PLA's Third Department is brimming with resources, according to studies commissioned by the US government, with 12 operation bureaus, three research institutes, and an estimated 13 000 linguists, technicians and researchers on staff. It's further reinforced by technical teams from China's seven military regions spread across the country, and by the military's vast academic resources, especially the PLA University of Information Engineering and the Academy of Military Sciences.

Cyber warfare

The PLA is believed to have made cyber warfare a key priority in its war-fighting capabilities more than a decade ago. Among the few public announcements of its development came in a news conference held on 25 May 2011 by defense ministry spokesperson Geng Yansheng, in which he spoke of developing China's "online" army.

"Currently, China's network protection is comparatively weak," Geng told reporters, adding that enhancing information technology and "strengthening network security protection are important components of military training for an army."
Unit 61398 is considered just one of many such units under the Third Department responsible for hacking, according to experts.

Greg Walton, a cyber-security researcher who has tracked Chinese hacking campaigns, said he's observed the "Comment Crew" at work, but cites as equally active another Third Department unit operating out of the southwestern city of Chengdu. It is tasked with stealing secrets from Indian government security agencies and think tanks, together with the India-based Tibetan Government in Exile, Walton said.

Another hacking outfit believed by some to have PLA links, the "Elderwood Group," has targeted defense contractors, human rights groups, non-governmental organisations, and service providers, according to computer security company Symantec.

It's believed to have compromised Amnesty International's Hong Kong website in May 2012, although other attacks have gone after targets as diverse as the Council on Foreign Relations and Capstone Turbine Corporation, which makes gas microturbines for power plants.

Civilian departments believed to be involved in hacking include those under the ministry of public security, which commands the police, and the ministry of state security, one of the leading clandestine intelligence agencies. The MSS is especially suspected in attacks on foreign academics studying Chinese social issues and unrest in the western regions of Tibet and Xinjiang.

Below them on the hacking hierarchy are private actors, including civilian universities and research institutes, state industries in key sectors such as information technology and resources, and college students and other individuals acting alone or in groups, according to analysts, University of Maryland's Forno said.

China's government isn't alone in being accused of cyber espionage, but observers say it has outpaced its rivals in using military assets to steal commercial secrets.

"Stealing secrets is stealing secrets regardless of the medium," Forno said. "The key difference is that you can't easily arrest such electronic thieves since they're most likely not even in the country, which differs from how the game was played during the Cold War."

Read more on:    cybercrime
NEXT ON NEWS24X

Read News24’s Comments Policy

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
1 comment
Add your comment
Comment 0 characters remaining
 

Inside News24

 
 

DA wants to empower fishing communities - Zille

DA leader Helen Zille says the party has a plan for harbours and small-scale fishing communities.

 
 

Latest elections multimedia

Why Jack Parow wants you to vote on 7 May
The ad the SABC doesn't want to air
Elections 2014 in one cartoon
This year's election posters
 
Traffic
Lottery
 
  • Friday Grabouw - 11:32 AM
    Road name: N2 Eastbound
    DELAYS between Sir Lowrys Pass and Grabouw
  • Friday Cape Town - 10:14 AM
    Road name: M3 Inbound
    EVENT - left lane closed between Rhodes Avenue and UCT
 
More traffic reports...
 

Jobs in Cape Town [change area]

Property [change area]

Travel - Look, Book, Go!

Escape winter, head to Mauritius

Escape winter by spending 7 nights in Mauritius' tropical bliss from R13 215 per person sharing. Includes return flights, airport transfers and accommodation. Book now!

Kalahari.com - shop online today

Get many eggs in one basket!

Gaming bundles: 2 Super Hits games for R99, 3 Disney games for R99 and more + exclusive accessory bundles only available on kalahari.com. While stocks last. Shop now!

25% off bestselling books!

The Real Meal Revolution by Tim Noakes, Jeffrey Archer’s Be Careful What You Wish for, Man’s Search for Meaning by Victor E. Frank and many more titles. Shop now!

Up to 25% off electronics

Buy top electronics and save up to 25%. Such as kalahari.com’s 1# selling product the gobii eReader, Patriot X Porter flash drive, Asus Nexus 7” 3G tablet, Samsung Galaxy SIII, Lenovo G580 Notebook and many more. Shop now!

DStv HD PVR Decoder now R949

The DStv HD PVR Decoder has further revolutionised the television experience with lifelike viewing, sharper images, more vibrant colours and precision picture quality. Now R949, save R550. Offer valid while stocks last. Shop now!

Up to 30% off appliances & homeware

Save up to 30% on appliances and homeware this Easter! Offer valid while stocks last. Shop now.

OLX Free Classifieds [change area]

Samsung Galaxy s4

Mobile, Cell Phones in South Africa, Western Cape, Cape Town. Date October 24

Best bargain in big bay

Real Estate, Houses - Apartments for Sale in South Africa, Western Cape, Cape Town. Date October 25

VW Golf 6, 1.6 Trendline (Excellent condition)

Vehicles, Cars in South Africa, Western Cape, Cape Town. Date October 25

Samsung Galaxy Y

The Samsung Y (Young) is tiny but powerful with Android...

From R1499.00

I'm shopping for:

Horoscopes
Aquarius
Aquarius

You may find yourself putting in that extra effort on looking good and making an impression. ...read more

There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.








Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.