Quantcast
Latest Stories

Chinese hackers seen as increasingly professional

By

BEIJING — Beijing hotly denies accusations of official involvement in massive cyberattacks against foreign targets, insinuating such activity is the work of rogues. But at least one element cited by Internet experts points to professional cyberspies: China’s hackers take the weekend off.

Accusations of state-sanctioned hacking took center stage this past week following a detailed report by a U.S.-based Internet security firm Mandiant that added to growing suspicions that the Chinese military is not only stealing national defense secrets and harassing dissidents but also pilfering information from foreign companies that could be worth millions or even billions of dollars.

Experts say Chinese hacking attacks are characterized not only by their brazenness, but by their persistence.

“China conducts at least an order of magnitude more than the next country,” said Martin Libicki, a specialist on cyber warfare at the Rand Corporation, based in Santa Monica, California. “The fact that hackers take weekends off suggests they are paid, and that would put paid to the notion that the hackers are private.”

Libicki and other cyber warfare experts have long noted a Monday-through-Friday pattern in the intensity of attacks believed to come from Chinese sources, though there has been little evidence released publicly directly linking the Chinese military to the attacks.

Mandiant went a step further in its report Tuesday saying that it had traced hacking activities against 141 foreign entities in the U.S. Canada, Britain and elsewhere to a group of operators known as the “Comment Crew” or “APT1,” for “Advanced Persistent Threat 1,” which it traced back to the People’s Liberation Army Unit 61398. The unit is headquartered in a nondescript 12-story building inside a military compound in a crowded suburb of China’s financial hub of Shanghai.

Attackers stole information about pricing, contract negotiations, manufacturing, product testing and corporate acquisitions, the company said.

Hacker teams regularly began work, for the most part, at 8 a.m. Beijing time. Usually they continued for a standard work day, but sometimes the hacking persisted until midnight. Occasionally, the attacks stopped for two-week periods, Mandiant said, though the reason was not clear.

China denies any official involvement, calling such accusations “groundless” and insisting that Beijing is itself a major victim of hacking attacks, the largest number of which originate in the U.S. While not denying hacking attacks originated in China, Foreign Ministry spokesman Hong Lei said Thursday that it was flat out wrong to accuse the Chinese government or military of being behind them.

Mandiant and other experts believe Unit 61398 to be a branch of the PLA General Staff’s Third Department responsible for collection and analysis of electronic signals such as e-mails and phone calls. It and the Fourth Department, responsible for electronic warfare, are believed to be the PLA units mainly responsible for infiltrating and manipulating computer networks.

China acknowledges pursuing these strategies as a key to delivering an initial blow to an opponent’s communications and other infrastructure during wartime — but the techniques are often the same as those used to steal information for commercial use.

China has consistently denied state-sponsored hacking, but experts say the office hours that the cyberspies keep point to a professional army rather than mere hobbyists or so-called “hacktivists” inspired by patriotic passions.

Mandiant noticed that pattern while monitoring attacks on the New York Times last year blamed on another Chinese hacking group it labeled APT12. Hacker activity began at around 8:00 a.m. Beijing time and usually lasted through a standard workday.

The Rand Corporation’s Libicki said he wasn’t aware of any comprehensive studies, but that in such cases, most activity between malware embedded in a compromised system and the malware’s controllers takes place during business hours in Beijing’s time zone.

Richard Forno, director of the University of Maryland Baltimore County’s graduate cybersecurity program, and David Clemente, a cybersecurity expert with independent analysis center Chatham House in London, said that observation has been widely noted among cybersecurity specialists.

“It would reflect the idea that this is becoming a more routine activity and that they are quite methodical,” Clemente said.

The PLA’s Third Department is brimming with resources, according to studies commissioned by the U.S. government, with 12 operation bureaus, three research institutes, and an estimated 13,000 linguists, technicians and researchers on staff. It’s further reinforced by technical teams from China’s seven military regions spread across the country, and by the military’s vast academic resources, especially the PLA University of Information Engineering and the Academy of Military Sciences.

The PLA is believed to have made cyber warfare a key priority in its war-fighting capabilities more than a decade ago. Among the few public announcements of its development came in a May 25, 2011 news conference by Defense Ministry spokesman Geng Yansheng, in which he spoke of developing China’s “online” army.

“Currently, China’s network protection is comparatively weak,” Geng told reporters, adding that enhancing information technology and “strengthening network security protection are important components of military training for an army.”

Unit 61398 is considered just one of many such units under the Third Department responsible for hacking, according to experts.

Greg Walton, a cyber-security researcher who has tracked Chinese hacking campaigns, said he’s observed the “Comment Crew” at work, but cites as equally active another Third Department unit operating out of the southwestern city of Chengdu. It is tasked with stealing secrets from Indian government security agencies and think tanks, together with the India-based Tibetan Government in Exile, Walton said.

Another hacking outfit believed by some to have PLA links, the “Elderwood Group,” has targeted defense contractors, human rights groups, non-governmental organizations, and service providers, according to computer security company Symantec.

It’s believed to have compromised Amnesty International’s Hong Kong website in May 2012, although other attacks have gone after targets as diverse as the Council on Foreign Relations and Capstone Turbine Corporation, which makes gas microturbines for power plants.

Civilian departments believed to be involved in hacking include those under the Ministry of Public Security, which commands the police, and the Ministry of State Security, one of the leading clandestine intelligence agencies. The MSS is especially suspected in attacks on foreign academics studying Chinese social issues and unrest in the western regions of Tibet and Xinjiang.

Below them on the hacking hierarchy are private actors, including civilian universities and research institutes, state industries in key sectors such as information technology and resources, and college students and other individuals acting alone or in groups, according to analysts, University of Maryland’s Forno said.

China’s government isn’t alone in being accused of cyber espionage, but observers say it has outpaced its rivals in using military assets to steal commercial secrets.

“Stealing secrets is stealing secrets regardless of the medium,” Forno said. “The key difference is that you can’t easily arrest such electronic thieves since they’re most likely not even in the country, which differs from how the game was played during the Cold War.”


Follow us on Facebook Follow on Twitter Follow on Twitter




Recent Stories:

Filipinos second-shortest in Southeast Asia 6 mins elapsed Ex-COA chief and co-accused in Arroyo plunder case nabbed 2 hours elapsed Kris Aquino’s ex- close in security named new Air Force chief 2 hours elapsed The ‘link diagram’ that killed ex-Bataan police officer 2 hours elapsed Cebu has hair of John Paul II and piece of John XXIII’s skin 2 hours elapsed LTRFB denies Victory Liner appeal 2 hours elapsed NLEX holds off Jumbo Plastic for a playoff berth 2 hours elapsed Tagle to Napoles: Be honest and return the money 3 hours elapsed
Complete stories on our Digital Edition newsstand for tablets, netbooks and mobile phones; 14-issue free trial. About to step out? Get breaking alerts on your mobile.phone. Text ON INQ BREAKING to 4467, for Globe, Smart and Sun subscribers in the Philippines.

Tags: Chinese hackers , cyberattacks , infotech , News

  • valsore

    Let’s boycott made In China products to keep jobs at home. Let’s hack them too, for good measure, LOL.

  • http://profile.yahoo.com/NDH6O6PNTAJ23SNYTA6LSYY47Q Butuan

    Chinese people are menace in the world. 

    • Manuel Pacquiao

       and Filipinos are a “Nuisance”?

    • Manuel Pacquiao

       Baho ug boto, uli na sa Boto-an

    • Manuel Pacquiao

       wala gyud kay hinungdan. maayo pa ang iti sa manok, pwede fertilizer. ikaw, walay gamit.

  • staad

    communists are like islamists, hypocrites.
    they say one thing but their actions are different.

    • valsore

      Aren’t we all hypocrites one way or another?

  • mark_john21

    When the US hacks Iran computers it’s just fine. But when they are hacked  we see this outburst. Indeed, you reap what you sow.

    • valsore

      Agree. But I prefer ethical hacking to destroy machines that manufacture weapons of mass destruction found anywhere in the world.

  • akramgolteb

    Bili ng bili at gamit ng gamit kasi kayo ng mga Chinese hardware eh tulad ng Huawei at Lenovo. Mura nga, ayan na hack naman kayo. Ngayon pati LTE system halos lahat gumagamit na eh made in China din ito. Kahit anong oras puedeng pasukin kahit anong network ng China ngayon dahil lahat ng hardware galing sa kanila pati mga wireless system platform, meron ang mga ito ng hidden OS na puede activate kahit kailan.

  • ThudOthwacker

    50 cents army are pawns in cyber terrorist tactics of PLA. And Corporal Purpledizzy is the commanding officer of PLA in ASEAN region.

    • Manuel Pacquiao

       so, anong pakialam mo?

      • ThudOthwacker

        Ask yourself first, dingbat!



Copyright © 2014,
.
To subscribe to the Philippine Daily Inquirer newspaper in the Philippines, call +63 2 896-6000 for Metro Manila and Metro Cebu or email your subscription request here.
Factual errors? Contact the Philippine Daily Inquirer's day desk. Believe this article violates journalistic ethics? Contact the Inquirer's Reader's Advocate. Or write The Readers' Advocate:
c/o Philippine Daily Inquirer Chino Roces Avenue corner Yague and Mascardo Streets, Makati City, Metro Manila, Philippines Or fax nos. +63 2 8974793 to 94
Advertisement Advertisement
  1. Mark Caguioa lambasts Ginebra teammates on Twitter
  2. ‘Unlimited’ Internet promos not really limitless; lawmakers call for probe
  3. No truth to viral no-visa ‘chronicles’
  4. Nokia to be named Microsoft Mobile
  5. Senator wants to probe PH slow Internet connection
  6. Bam Aquino becomes Master Splinter’s son after Wiki hack
  7. Viber releases new design for iPhone, comes to Blackberry 10 for the first time
  8. New York police Twitter campaign backfires badly
  9. PH has slowest internet in Southeast Asia
  10. Did Deniece Cornejo lambast Vhong Navarro on social media?
  1. PH has slowest internet in Southeast Asia
  2. Mark Caguioa lambasts Ginebra teammates on Twitter
  3. Netizens seethe over Aquino’s ‘sacrifice’ message
  4. Did Deniece Cornejo lambast Vhong Navarro on social media?
  5. Senator wants to probe PH slow Internet connection
  6. Facebook rolls out ‘nearby friends’ feature
  7. Nasa’s moon-orbiting robot crashes down
  8. Judge in Apple v. Samsung patent trial fed up with smart phones in court
  9. Mommy Dionisia sings ‘Riking Bull,’sends netizens ablaze
  10. Nokia to be named Microsoft Mobile
  1. #RejectedBbPilipinas2014Questions flood Twitter
  2. Did Deniece Cornejo lambast Vhong Navarro on social media?
  3. Netizens fall in love with Crimea prosecutor Natalia Poklonskaya
  4. Mommy Dionisia Pacquiao scores, takes over social media
  5. Nude and so dangerous
  6. Mommy Dionisia sings ‘Riking Bull,’sends netizens ablaze
  7. Russia tries to curb Crimean prosecutor’s Internet fame
  8. Memes flourish after Pacquiao victory
  9. PH has slowest internet in Southeast Asia
  10. Netizens thank Capa for Lee arrest

News

  • Ex-COA chief and co-accused in Arroyo plunder case nabbed
  • Kris Aquino’s ex- close in security named new Air Force chief
  • The ‘link diagram’ that killed ex-Bataan police officer
  • Cebu has hair of John Paul II and piece of John XXIII’s skin
  • LTRFB denies Victory Liner appeal
  • Sports

  • NLEX holds off Jumbo Plastic for a playoff berth
  • Pacquiao can dodge tax issues
  • F1 boss Bernie Ecclestone rejects bribery charges
  • Big Chill freezes Cafe France to arrest skid
  • Pacquiao has to go through PBA Rookie draft
  • Lifestyle

  • Gongs and southern dances star in a workshop at San Francisco Bayanihan Center
  • This woman ate what?
  • Photos explore dynamics of youths’ sexual identity
  • 12th Philippine Food Expo set at the World Trade Center
  • No tourist draw, Malang the croc will remain wild
  • Entertainment

  • Smithsonian wants photos, videos for ‘Day in the Life of Asian Pacific Americans’
  • What Garcia Marquez left behind
  • Has Ai Ai fallen deeply with ‘sireno?’
  • Sony developing live-action Barbie comedy
  • California court won’t review Jackson doctor case
  • Business

  • Metro Pacific acquires stake in Victorias
  • How ‘one percent’ economic elite was uncovered
  • Facebook profits triple as mobile soars
  • Insular Honors Sales Performers at Testimonial Rites
  • Apple increases stock buyback, will split stock
  • Technology

  • Enrile in Masters of the Universe, Lord of the Rings?
  • Top Traits of Digital Marketers
  • No truth to viral no-visa ‘chronicles’
  • ‘Unlimited’ Internet promos not really limitless; lawmakers call for probe
  • Viber releases new design for iPhone, comes to Blackberry 10 for the first time
  • Opinion

  • Editorial cartoon, April 24, 2014
  • Talking to Janet
  • Respite
  • Bucket list
  • JPII in 1981: walking a tightrope
  • Global Nation

  • Filipinos second-shortest in Southeast Asia
  • Obama to visit Filipino soldiers in Fort Bonifacio
  • Fil-Am youth conferences unite under one theme
  • Embassy advisory: Filipinos still need visas to enter US
  • No travel restriction to Mideast, DFA clarifies
  • Advertisement
    Marketplace