March 28, 2024

China’s Army Is Seen as Tied to Hacking Against U.S.

The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.

An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.

“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”

Other security firms that have tracked “Comment Crew” say they also believe the group is state-sponsored, and a recent classified National Intelligence Estimate, issued as a consensus document for all 16 of the United States intelligence agencies, makes a strong case that many of these hacking groups are either run by army officers or are contractors working for commands like Unit 61398, according to officials with knowledge of its classified content.

Mandiant provided an advance copy of its report to The New York Times, saying it hoped to “bring visibility to the issues addressed in the report.” Times reporters then tested the conclusions with other experts, both inside and outside government, who have examined links between the hacking groups and the army (Mandiant was hired by The New York Times Company to investigate a sophisticated Chinese-origin attack on its news operations, but concluded it was not the work of Comment Crew, but another Chinese group. The firm is not currently working for the Times Company but it is in discussions about a business relationship.)

While Comment Crew has drained terabytes of data from companies like Coca-Cola, increasingly its focus is on companies involved in the critical infrastructure of the United States — its electrical power grid, gas lines and waterworks. According to the security researchers, one target was a company with remote access to more than 60 percent of oil and gas pipelines in North America. The unit was also among those that attacked the computer security firm RSA, whose computer codes protect confidential corporate and government databases.

Contacted Monday, officials at the Chinese embassy in Washington again insisted that their government does not engage in computer hacking, and that such activity is illegal. They describe China itself as a victim of computer hacking, and point out, accurately, that there are many hacking groups inside the United States. But in recent years the Chinese attacks have grown significantly, security researchers say. Mandiant has detected more than 140 Comment Crew intrusions since 2006. American intelligence agencies and private security firms that track many of the 20 or so other Chinese groups every day say those groups appear to be contractors with links to the unit.

While the unit’s existence and operations are considered a Chinese state secret, Representative Mike Rogers of Michigan, the Republican chairman of the House Intelligence Committee, said in an interview that the Mandiant report was “completely consistent with the type of activity the Intelligence Committee has been seeing for some time.”

Article source: http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?partner=rss&emc=rss

British Police Arrest Man in Hacking Case

The police in Britain arrested a 19-year-old man in connection with digital attacks on businesses and government agencies “by a single hacking group,” the Metropolitan Police said Tuesday in a statement.

The police did not name the man or the hacking organization. Suspicion immediately fell on two groups: Anonymous, a shadowy international network of computer hackers, and Lulz Security, a group that has claimed responsibility in recent weeks for attacks on the Web sites of the Central Intelligence Agency and the United States Senate as well as Sony and, on Monday, the Web site of a British agency that combats organized crime.

The arrest resulted from a joint investigation by a British cybercrime unit, local police and the Federal Bureau of Investigation into attacks on “a number of international business and intelligence agencies,” the police said, without naming specific targets.

The British police said man was being questioned in a London police station and was suspected of violating several British computer and fraud laws. After his arrest, they said, officers searched a home in Wickford, about 35 miles north of London, and turned up material that police said was under examination. They said the search was conducted late Monday night; the timing of the arrest was not made clear.

Attacks this spring on the Web sites of several companies, including Sony and Bethesda Softworks, a gaming site, exploited holes in Internet security systems that are meant to protect hundreds of thousands of private user accounts. In a letter posted last week, Lulz Security said that it planned to mount further attacks on government and corporate Web sites, and that its attacks were meant to improve privacy protections on the Web by exposing lax security.

But the letter also outlined some expanded ambitions. “Top priority is to steal and leak any classified government information,” the group wrote, adding that it was now teaming up with Anonymous. “Prime targets are banks and other high-ranking establishments.”

Lulz Security appeared to dismiss speculation that one of its hackers had been the target of the British arrest, writing in a sarcastic Twitter post that it “seems the glorious leader of LulzSec got arrested, it’s all over now . . . wait . . . we’re all still here!” Web sites that track hacking news suggested that the suspect may be a disgruntled former member of Anonymous known to live in Wickford.

Earlier this month, Spanish police announced they had arrested three men said to be the local leadership of the hacker group Anonymous in connection with attacks on the Web sites of government sites and businesses.

Those arrests came after hackers who object to legislation that would increase penalties for illegal downloads briefly brought down the Spanish Ministry of Culture’s Web site. The police said that one of the Spanish suspects had a computer server in his apartment in the northern Spanish port city of Gijón, from which the group is believed to have orchestrated its attacks.

Article source: http://www.nytimes.com/2011/06/22/world/europe/22hacking.html?partner=rss&emc=rss