The American computer security firm Mandiant released a 60-page report on Tuesday, linking members of China’s cyber hacking group Comment Crew directly to the Chinese military.
Through their work with Mandiant, The New York Times reports that Unit 61398 of China’s People’s Liberation Army operates a 12-story building in Shanghai, responsible for Chinese cyber attacks on American corporations and government agencies.
David E. Sanger, chief Washington correspondent for The New York Times, says officials have known China was the source of hacking for some time, but Mandiant’s report increases the level of information about particular agents and operatives involved.
“What this does for the first time, is put the core of the biggest of the Chinese hacking groups, one called Comment Crew, into the region of Shanghai where there is a specific P.L.A. unit called 61398,” he said.
Mandiant specializes in intrusions from China, Sanger says, and when The New York Times had its own hacker attack from China, Mandiant came in to help.
In an interview with Sanger, Kevin Mandia, founder and chief executive of Mandiant, says it’s public knowledge that China is behind a lot of the hacker intrusions we see today. They could become the new normal, he said.
“It’s not just freelance people in China doing these attacks, it’s attacks directed by the government,” he said. “That means these attacks can be more advanced, they can be more funded, can be more pervasive and will probably continue on unabated.”
Sanger said as Mandiant followed some of the hackers, the company could see these hackers put in a full workday of draining out data from American corporations, before clocking out for the night. Following the hacker’s routine also allowed Mandiant to pick up patterns.
“Over 98 percent of the time, when they’re committing a computer intrusion, they’re using the mainland Chinese character set. Over 98 percent of the time, when they were doing their intrusions into U.S. companies, they were also using IP addresses from Shanghai. So, I call 98 percent not an anomaly,” he said.
These patterns, Mandia says, are similar to the signature of an artist.
“That’s how people are able to figure out what work is Comment Crew, which Mandiant believes is synonymous with Unit 61398 — and what are the work of other computer hackers,” he said.
President Barack Obama spent a great deal of time discussing cyber intrusions during his State of the Union address, Sanger said. But when the U.S. discussed the issue with Chinese leadership in the past, there wasn’t much success.
“One thing (the administration) plans to do is bring it up at a very senior level with the new Chinese leadership on a repeated basis in an effort to try and get a degree of attention around the Chinese leadership that hasn’t been there before,” he said.