Tweet
Submitted without (much) comment:
On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.
The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.
An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
Remember when Obama alluded to foreign countries “swiping” our domestic secrets during his State of the Union speech? This is what he was talking about.
This probably could have been nipped in the bud years ago, but that would have pissed off the US titans of industry so eagerly shipping our jobs overseas to Shanghai — and whose largesse funds the election campaigns of our politicians. Even now, I wonder if it could be stopped or even reined in.
And Stuxnet comes home to roost.
Photo by Gary Lerude under Creative Commons license
30 Comments
Australian, Mar 12, 2012
Security experts admit China stole secret fighter jet plans
The F-35 is basically a jobs program. There is no evidence that the most expensive military airplane ever built will actually function, therefore the nonchalance.
And the UK has a competing airplane, the Eurofighter, so “Britain’s intelligence community” lacked incentive to help the F-35. There are so many reasons China has an open field, because the MIC — and the F-35 specifically — doesn’t make any sense to begin with.
Military secrets are the most fleeting of all.
The big problem now is that they’re hacking into the companies whose equipment supplies the nation’s utilities and other infrastructure.
This could set back adoption of the “smart grid” by decades.
Why would alleged Chinese hacking (as if other nations weren’t hacking, eh?) set back a “smart grid”? Because the security portion of any such grid is the weak link?
Serious question.
I have to admit that all the talk about Chinese hacking seemed to me like the cyber attack point of our looming war against China.
We need to feel we can destroy any nation, and, it seems to me, our government is trying to nip the nascent regional, much less global, influence of China. As we become a fading empire, we’re becoming more militant and more, well, outright nasty and mean.
Such a convenient report just as CISPA is being re-introduced.
Maybe we also need to ask what the US is doing in offensive cyberwarfare.
And we also need to understand how much the Commander-in-Chief knows or understands about these issues. Leaving it to the inside “experts” could be dangerous for the rest of us.
we have been sold down the river to benefit cheap labor loving corps and china ever since nixon met mao. cant help but wonder how much of the political contributions to our middle class killing politicians have come from china laundered thru organizations like chamer of commerce?
And guess what? Bradley Manning told us this years ago with his attempt to get the information out.
I challenge all members of Congress to actually READ all the documents he is accused of releasing and then decide if he is a traitor or a HERO to this country!
Stuxnet was the game-changer. Once again, the US deploys the most advanced weapon available in the world, and then wonders why other countries would want to develop their own and possibly use it against the US. Sadly, our leaders just can’t see their own hubris and belligerence.
You might wish to start at AIPAC.
No smart grid. Just means that we’ll have to deploy highly distributed energy generation infrastructure. If you invest enough in generating capacity locally, load balancing is not as much an issue. The Smart Grid was promoted primarily as delivering centralized generated energy from high-wind and high-solar areas to populated areas. Given enough distributed generating capability, populated areas could take care of residential and most commercial needs. That means that Smart Grid was really to take care of large volume customers who get discounted rates now because their use is concentrated. In order words, to power industry far from the centralized energy source.
Maybe we need to rethink such a concentrated system that is inherently vulnerable in a lot of respects. Economic “efficiency” so tyrranizes considerations of designs that other values get sidelined.
Say more. I’m not getting your connection with my comment about blowback.
Anyone who has read David Wingrove’s Chung Kuo series expects the Chinese to use cyber warfare against the West.
We had a Maytag washer, made in Newton, Iowa in the 1980′s. The controls were electro-mechanical. Our family tried very hard to break it, but was unable to do so. When we moved recently, we left the Maytag behind and bought a new Amana washer, made in China and named after a company that used to make things in Iowa. It has strictly electronic controls which worked correctly for a few weeks and now work when they feel like it.
Yes, we have turned much too much economic power over to China. But from a security point of view, by putting all of our eggs in the online / software / electronic controls basket, we are opening up tremendous vulnerabilities to hacking, spoofing, insider attacks, the same search for profits above all else that sent jobs to China in the first place, and to just plain incompetence – of which there appears to be a surfeit in the US these days.
Interesting how fastasy drives reality, isn’t it.
You don’t suppose Mr. Mandia’s firm sells products that would protect one against these Chinese Army cyber attacks do you?
I am curious why this story is all over the web today, when MSM doesn’t pay attention to more important stories. Why this concerted effort to show that China is doing what we all know it is doing. Why stories about malfeasance on Wall Street or Washington never make it to page 1, but this is all over the news today. Who is behind this and why is it so eagerly picked up by our servile press?
Bravo!
but,but,but China is hacking into our systems.Maybe we should not go around trying to invade other nations security systems.
Just a few yrs ago they unleashed “stuxnet” into Iran now others are giving us our medicine.
Wait till other nations start using drones…then our morality will kick in.
Because the very companies who are putting together the smart grid are the ones being targeted most heavily — and prominent defense contractors have already been hacked.
If the defense contractors can fall victim to spearphishing, the reasoning in Congress will go, what’s to keep the contractors putting together the smart grid from being hacked?
Ah, but that would interfere with the big privatized utilities’ ability to play Enron and sell power back and forth to each other and jack up our electric bills thereby.
Like I said: “And Stuxnet comes home to roost.”
The Chinese government’s response to all recent hacking accusations, including the latest ones by Mandiant, is essentially “we didn’t do it and besides the US started it with Stuxnet”. Never mind that the Mondiant researchers found evidence of PLA hacking going back in to 2004, which predates Stuxnet by several years, and that there is speculation that the northeast rolling blackout of 2003 was caused by an early version of this group in essence “knocking on doors”. It doesn’t matter, because our government is known to engage in the same kind of dirty hacking deeds as is the PRC.
Very well put.
Thnx, Phoenix Woman, for your explanations about the smart grid.
I hadn’t paid a lot of attention to it and had been thinking it was all about us, the 90-ish Percenters. heh.
It’s not only the blogs heavily covering this report, but NPR has had pretty heavy coverage. IIRC it was mentioned on broadcast TV news, but I wasn’t paying close attention.
The public must be put in a fear mindset so they will welcome giving up their privacy rights and their access to any and all sites.
Today David Sanger, the WH’s fave leak to guy, was on NPR, WNYC public radio for me, discussing Chinese hacking and Mandiant.
Also, CISPA is coming up in Congress. WendyDavis’s post covers that, mentions that the House Intel Committee had hearings with zero privacy concerns covered. Zilch. Nada. Figures.
Here’s something the NYT wouldn’t tell us, but HuffPo will:
Mandiant gives lots of credit to Anonymous for helping uncover the extent of the PLA’s hacking.
I thought you might find this interesting.
http://edge.org/responses/q2013
I picked up from the Mandiant report that some of the hacks were against expertise in software control and data acquisition (SCADA) software developers. There are a lot of uses for that technology in industry and not just in electric grid control (even without SmartGrid).
Excellent point about Enronning the charges with the SmartGrid.
If you want wind and solar to contribute at utility scale levels you need to go where the wind blows and the sun shines. The upper plains for example, offshore or the Mojave. Then you need to transport that renewable power to load centers. That’s just how it is. No conspiracy, physics and weather.
I am amazed at how non-skeptical folks here are of these assertions by a private security vendor who sells products to protect against the sort of scary threats being asserted.
This is classic MIC manipulation of the press and public. Maybe this Chinese threat is real, maybe hyped. A more objective assessment is in my view neccessary.