Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Security Firm Mandiant Says China's Army Runs Hacking Group APT1

timothy posted about a year and a half ago | from the could-just-be-a-side-gig dept.

China 137

judgecorp writes "The Chinese government has been accused of backing the APT1 hacking group, which appears to be part of the Chinese People's Liberation Army (PLA), according to the security firm which worked with the New York Times when it fell victim to an attack. The firm, Mandiant, says that APT1 is government sponsored, and seems to operate from the same location as PLA Unit 61398." Unsurprisingly, this claim is denied by Chinese officials. You can read the report itself online (PDF), or skim the highlights.

cancel ×

137 comments

Sorry! There are no comments related to the filter you selected.

No kidding (4, Interesting)

crazyjj (2598719) | about a year and a half ago | (#42944665)

I would be surprised to learn of any major military power today that DOESN'T have a cyberwarfare division (and god knows how many government contractors doing it on the sly). This only exposes something publicly that every security researcher has known for over a decade.

Re:No kidding (3, Funny)

Virtucon (127420) | about a year and a half ago | (#42944735)

Yeah, I'm sure the US government already knows about it and has brought it up privately with the Chinese. I expect the conversations went no where:

US: We want you to stop your cyberespionage in the US.
China: You want fried rice or steamed rice with that?

Re:No kidding (2, Interesting)

jsepeta (412566) | about a year and a half ago | (#42944875)

But somehow Hillary Clinton failed to stress the danger the US is in every day because of Chinese military-sponsored attacks on US corporations' websites. Hopefully (doubtfully) John Kerry will be more transparent.

Re:No kidding (0)

Anonymous Coward | about a year and a half ago | (#42945021)

stress the danger the US is in every day because of Chinese military-sponsored attacks on US corporations' websites.

If you have something connected to the Internet that is "dangerous" then I suggest you take it offline immediately. You can't cry when you expose your bank vault and you see everyone trying to see if they can open it. Put your vault back in the bank where it belongs!

Re:No kidding (1)

Virtucon (127420) | about a year and a half ago | (#42945151)

In terms of UML cardinality.. Bank has one to many vaults. A vault has one Bank.

Re:No kidding (1)

ekgringo (693136) | about a year and a half ago | (#42947033)

Yes, and each vault belonging to the Bank is considered a Bank Vault, so as to differentiate it from other types of vaults (e.g. a Seed Vault).

Re:No kidding (4, Insightful)

Virtucon (127420) | about a year and a half ago | (#42945141)

Do you expect a politician to admit when they've left their guard down? Take a look at the Embassy killings in Benghazi if you want a road map as to how the State Department handles transparency.

The fact of the matter is that we are under attack daily from interests by foreign governments or by organizations that receive support and funding from those same governments. Espionage has changed, it doesn't take collateral assets to infiltrate factories when you can hire a bunch of college kids to hack the aerospace firms systems or get those strategy documents from the banking firm. What has to happen is that people need to start treating the Internet like their front door. Firewalls as good, but you don't let just any information out of your home and you certainly don't let everybody in your house either. The Chinese have been observed for years for doing this, so here's a simple thought: Disconnect them from the Internet. Oh wait, that would cause problems with international conventions on fairness right? Frankly if the Obama administration took this seriously they'd be sending that message: Either clean up your act or we'll disconnect your access. Sure they can then proxy or go elsewhere but at least it would be a stand instead of the constant words going back and forth. The Chinese will only respond to actions, not words and we have to start taking more actions where this is concerned.

What about Diplomacy? (1)

kramer2718 (598033) | about a year and a half ago | (#42945971)

Let's not forget that Hillary Clinton is Secretary of State. If Slashdotter's are not familiar with that position, that is a DIPLOMATIC position.

Her job is to NEGOTIATE with foreign governments. Public acknowledgment of such attacks might hash the negotiations.

I would prefer that she DOES HER JOB and works through diplomatic channels. Public threats will not help. Private threats might. This is doubly true for a secretive regime such as China.

It is the job of the cyber-warfare unit–part of the MILITARY. Of course, it probably is not to the military's strategic nor tactical advantage to publicly acknowledge the either.

So sorry Slashdotters, you probably won't get the public details about cyber-warfare that you might want. Don't be so surprised, you haven't be all of the details of physical warfare either.

It's better that the government does its job than keep us informed.

Re:What about Diplomacy? (2)

denvergeek (1184943) | about a year and a half ago | (#42946621)

Hillary Clinton is not the Secretary of State.

Re:No kidding (0)

Anonymous Coward | about a year and a half ago | (#42945573)

If this report is actually true. I have seen many making claims but little that amounts to true evidence. ip's or Chinese characters in comments of the code do not count as evidence. Cybercriminals might be add these intentionally as a distraction.

Re:No kidding (2)

Squidlips (1206004) | about a year and a half ago | (#42947781)

Kerry Transparent???? He certainly was transparent when he moored his yacht in Rhode Island to avoid $700,000

Re:No kidding (0)

Anonymous Coward | about a year and a half ago | (#42944885)

More like "you want steaming pile of ... with that?"

Re:No kidding (4, Insightful)

0racle (667029) | about a year and a half ago | (#42945263)

I would expect it to be closer to:

US: We want you to stop your cyberespionage in the US.
China: You first.

Re:No kidding (1)

Anonymous Coward | about a year and a half ago | (#42945345)

Yeah, because the US totally wants to imitate the Chinese stealth fighter by stealing its inferior secrets /sarcasm

Free countries innovate faster, which is why the non-free countries want to steal what they have.

Re:No kidding (0)

Anonymous Coward | about a year and a half ago | (#42945511)

The US is not a free country. Try to innovate in most fields without having billions to cover patent lawsuits and see how far you get.

Re:No kidding (1)

Intrepid imaginaut (1970940) | about a year and a half ago | (#42946705)

There are plenty of secrets beyond raw technology that are well worth pursuing. If China was secretly positioning assets for a strike on Taiwan for example, that's important strategic information. Even knowing the conditions which would cause such activity is priceless. Then we have influence that can be gained over party officials by access to their files, actual versus reported expenditure patterns, and much more.

Re:No kidding (2)

gotak (547354) | about a year and a half ago | (#42946815)

1) I am sure US totally wants to steal information on any stealth fighter developing in China. They want to know what they are making. And I am sure there are many efforts in progress to gain as much information as possible.

2) "Free" vs "Un-Free" is not the determining factor is innovation and scientific achievements now or into the future. You should be more worried about spending on education, society's attitude to science and bans on things like stem cell research. In the spending on education and society attitude to science the US is lagging many other nations.

Re:No kidding (0)

Anonymous Coward | about a year and a half ago | (#42948143)

Free countries innovate faster

To be fair, if you look at the big picture, un-free countries are financing all this innovation.
So we kind of need each other.

Re:No kidding (1)

mjwalshe (1680392) | about a year and a half ago | (#42945473)

US - but you the one that got caught now pay the price (just like our two cia guys caught bang to rights that you imprisoned for 20 years back in the 50's)

Try Again (3, Insightful)

Anonymous Coward | about a year and a half ago | (#42944949)

I would be surprised to learn of any major military power today that DOESN'T have a cyberwarfare division (and god knows how many government contractors doing it on the sly). This only exposes something publicly that every security researcher has known for over a decade.

I'm sorry, you were saying you have evidence of the United States targeting civilians, newspapers and non-military corporations by paying a third party to do it and then denied it? This isn't pot/kettle this is apples/oranges.

Re:Try Again (1)

bdwebb (985489) | about a year and a half ago | (#42946231)

Do what now? I'm not really sure where you were going with your comment but I personally know of people in 3rd party contractor organizations that participate in cyberwarfare (I obviously don't know what they do or who they target). I don't see where the parent said the US was targeting civilians, newspapers, or non-military corps, just that the organization and 3rd parties exist.

If the intent is to imply that the US gov't has a cyberwarfare division and does use it in the manner you stated while denying it, I don't doubt that you are correct...but that would be exactly a pot/kettle situation. If you're saying that the Chinese target civilians, newspapers, and non-military corporations while the US government does not, I think you're kinda naive...the difference is that the Chinese are attacking us and the US cyberwarfare division and 3rd parties are not (I assume most of the time at least).

Re:No kidding (1)

benjfowler (239527) | about a year and a half ago | (#42945011)

Except that the West goes after military targets. China targets civilians.

Re:No kidding (3, Funny)

daem0n1x (748565) | about a year and a half ago | (#42945067)

I love the smell of naive self-righteous bullshit in the afternoon.

Re:No kidding (1, Insightful)

Anonymous Coward | about a year and a half ago | (#42945089)

Sometimes the military targets are US civilians. Buts its OK because we used a drone. They don't count as soldiers.

Re:No kidding (-1, Troll)

benjfowler (239527) | about a year and a half ago | (#42945397)

I don't give a fuck about anybody getting fried by American drones.

Usually, they are people who have sides with Islam against the West, and have what's coming to them.

Re:No kidding (0)

Forty Two Tenfold (1134125) | about a year and a half ago | (#42945609)

I don't give a fuck about USAns getting fried by Muslim guerillas. The USAns are invaders on foreign turf and every single one of them should be drawn and quartered. Their leaders following.

Re:No kidding (0)

benjfowler (239527) | about a year and a half ago | (#42945689)

Westerners invented drawing and quartering. To punish traitors, mostly.

Nowadays, we just declare them enemy combatants and fry them with Hellfire. I'm happy with that. Everyone hates traitors.

Re:No kidding (1)

Forty Two Tenfold (1134125) | about a year and a half ago | (#42946051)

To punish traitors, mostly.

Westerners seem to have retained since Wallace's time the inability to learn to distinguish between who is a "traitor" and who is an invaded enemy. And today sanctimonious traitors declare which own citizen to invigilate, falsely accuse, torture or kill. Go fuck yourself, USAn moron.

Re:No kidding (-1, Flamebait)

benjfowler (239527) | about a year and a half ago | (#42946293)

Third world missile bait got invaded because they hated the West, attacked them, thinking their stupid monkey god would help them, got mauled, and went crying to mommy because they were a victim of karm/their own stupidity and hubris/starting a fight they couldn't finish.

The stupid, evil Third World paki trash getting shredded by American drones are getting killed because they have it coming, and richly deserve their fate. Don't like it? Bitch to your stupid monkey god next Friday, and stop starting fights you can't finish.

Re:No kidding (0)

Anonymous Coward | about a year and a half ago | (#42947499)

Let me take the us/them out of it and leave us with the actual reasoning in that post:

" got invaded because they hated the , attacked them, thinking would help them, got mauled, and went crying to because they were a victim of karm/their own stupidity and hubris/starting a fight they couldn't finish.

The stupid, evil getting shredded by drones are getting killed because they have it coming, and richly deserve their fate. Don't like it? Bitch to your , and stop starting fights you can't finish."

Shall we parse this?
First premise: target got attacked because they hated the attacker, attacked them first, couldn't handle the response, and so complained to some third party because they acted rashly.

Second premise: Bad People being hurt by Good People's superior weapons is OK because they deserved it. You have questioned the goodness of the Good People, and therefore are obviously one of the Bad People and have acted rashly.

So, let's change the nouns and see if you still agree:

Third world sex bait got raped because they hated the establishment, were rude to them, thinking their stupid belief in morality would help them, got raped, and went crying to the authorities because they were a victim of starting a relationship they couldn't handle.

The stupid, evil whore getting banged up by an upstanding citizen had it coming, and richly deserves her fate. Don't like it? Complain to your moral advisor and stop starting relationships you can't handle.

A perfect example of the typecast US mentality that is loathed by (most of) the rest of the world.

Stop drinking the Koolaid (4, Insightful)

Anonymous Coward | about a year and a half ago | (#42945915)

Except that the West goes after military targets. China targets civilians.

You're not paying attention. Don't whitewash "the West" - it's governed by corrupt sociopaths who are morally no different from the rulers of China. Our institutions are designed to be less corruptable (which is why our leaders have been changing them) but the humans in power are at least equally evil.

The series of worms the USA and Mossad introduced in Iran (presumably to keep Shiites from reaching nuclear parity with the West) caused civilian collateral damage to US and Scandinavian businesses. The Bush/Obama administration has laughed it off; the only thing they regret was giving Israel the keys to the worms, which turned out to be a scarily bad idea. They don't seem to regret the car-bombing campaign "the West" directed against civilian Iranian scientists and their families, either. This isn't any "conspiracy theory" crap, either, it's recent history. It's exhaustively documented in wikipedia [wikipedia.org] at this point, as well as newspapers and books.

Here in reality [tm] all the existing countries that have the capacity to harm designated "enemies of the state" and get away with it, regardless of civilian/military status, seem quite willing to do so. That includes the Vatican and probably would include the Dalai Lama if he had the ability. Obama's administration blows up teenagers with US citizenship, and Bush's administration knowingly tortured innocent people [wikipedia.org] to death for amusement. They're all evil.

Re:Stop drinking the Koolaid (0)

Anonymous Coward | about a year and a half ago | (#42946463)

Yeah, wanting theocracies where the national mythos involves sacrificing yourself to kill your enemy to not have nukes is just foolish. Wanting the entire middle east to not have to go into a nuclear arms race is just 'evil'.

Your idiocy seems to know no bounds. You lack even the most basic ability to think rationally about the world around you.

Re:Stop drinking the Koolaid (1)

Em Adespoton (792954) | about a year and a half ago | (#42948139)

Yeah, wanting theocracies where the national mythos involves sacrificing yourself to kill your enemy to not have nukes is just foolish. Wanting the entire middle east to not have to go into a nuclear arms race is just 'evil'.

Your idiocy seems to know no bounds. You lack even the most basic ability to think rationally about the world around you.

I had to re-read the gp to assure myself you were actually attempting to respond to it.
Congratulations, you made three arguments that had nothing directly to do with the post you were responding to.

GP: "Don't whitewash the west; the individuals in power are no better than those in the mid-east -- we just (currently) have better checks and balances in place"

You: "You're an idiot, we don't want the mid-east getting nukes."

I did read both of those correctly, yes? I think the original point was that we also don't want those in power in the west having such access -- and drones notwithstanding, the US preaches self-sacrifice for God and Country just like the Muslim world. That's a bit of a straw-man to the argument under discussion however. The main point is that we have to be ever vigilant to make society bigger than the people who rise to power in it -- no matter where in the world you live. Let's not focus so much on the mid-east (who have had millenia to hash this stuff out and are still struggling) that we ignore the lessons in the west that have already been learned by previous generations.

Re:No kidding (1)

schlachter (862210) | about a year and a half ago | (#42945359)

Sure, we all have cyber warfare groups...but I don't think most are actively attacking commercial interests with the goal of stealing IP for domestic companies to use like the Chinese do. I think most countries cyber efforts are more focused on defense related espionage.

Re:No kidding (2)

Runaway1956 (1322357) | about a year and a half ago | (#42945471)

Somehow, I fail to see the difference. We want certain kinds of information, that we believe will make our nation stronger. They want any and all information, that they believe will make their nation stronger.

Pot, meet Kettle.

Re:No kidding (0)

Anonymous Coward | about a year and a half ago | (#42946427)

You are an idiot.

Group 1: Lets hack into a government/military agency to see whether they are about to sell nukes to Al Qaeda.

Group 2: Lets hack into a bunch of companies to steal their IP.

Runaway1956: assert(Morality(Group1) == Morality(Group2));

To reiterate: an idiot.

Re:No kidding (1)

mpe (36238) | about a year and a half ago | (#42945741)

I would be surprised to learn of any major military power today that DOESN'T have a cyberwarfare division (and god knows how many government contractors doing it on the sly).

Of course if such entities were any good they might be run by an entity different from that which appears to be running them.

Re:No kidding (0)

Anonymous Coward | about a year and a half ago | (#42946335)

They all do, and they admit to as much. The point here is that a specific, actively attacking group, associated with specific attacks may be part of the PLA.

Your comment is inexplicably stupid. It is logically equivalent to:

Reasonably reputable expect: We are convinced that Jullian Allange is a spy working for the FSB.

You: No kidding. I would be suprised to learn that ANY military power DOESN'T have spies working for them. This only exposes something that every......

Re:No kidding (1)

mblase (200735) | about a year and a half ago | (#42947399)

I think the news isn't that China has an unofficial hacking department, but that someone's managed to narrow down exactly where they work from. This makes it difficult for China to claim that the hackers are private individuals or non-government businesses.

Re:No kidding (0)

Anonymous Coward | about a year and a half ago | (#42947967)

Excuse me commie lover, this is not a case of pot calling the kettle black whatsoever.

This is a human rights issue.
Here in America, we strike special medals to honor our cyber soldiers pentagon medal [slashdot.org] .

Mandiant is merely highlighting the fact that Chinese cyber units get no comparable recognition of the sort.
Once again, these godless commies are exploiting cheap labor and trampling human rights, while we Americans are obviously holier-than-thou.

Re:No kidding (-1, Flamebait)

kutahuja (2845699) | about a year and a half ago | (#42948201)

http://www.cloud65.com/ [cloud65.com] Gabriella. if you, thought Deborah`s postlng is amazing... last monday I got a new Lexus LS400 from having made $5668 this-past/five weeks and-in excess of, ten k lass month. it's by-far the coolest work I have ever had. I began this nine months/ago and almost immediately began to make over $75... p/h. I follow this great link,

Internet Control (4, Insightful)

Anonymous Coward | about a year and a half ago | (#42944707)

Stories like this will be used to push draconian internet control and cyber-security laws on the American public.
Don't be fooled.

Re:Internet Control (1)

DFurno2003 (739807) | about a year and a half ago | (#42944787)

True Story, It's too bad that our response to outside threats could end with bad domestic policy.

Re:Internet Control (1)

Trails (629752) | about a year and a half ago | (#42945501)

I agree. It's such a refreshing change from bad domestic policy being enacted without cause!

Re:Internet Control (0)

Anonymous Coward | about a year and a half ago | (#42944815)

How so? Is there significant operational overlap between requiring companies to have competent IT and censorship/violating privacy of individuals? Or are you just doubling up on your tin foil?

Re:Internet Control (1)

Virtucon (127420) | about a year and a half ago | (#42944891)

Or are you just doubling up on your tin foil?

Tin foil is so 1940s.. it's all about the AFDB [zapatopi.net]

Re:Internet Control (0)

Anonymous Coward | about a year and a half ago | (#42947577)

just like China!!!?
which is also why China's denial shouldn't be taken seriously... they profess to control the horizontal and the vertical

So what else is new? (5, Interesting)

mnooning (759721) | about a year and a half ago | (#42944833)

I was so excited when I got my first wireless router a number of years ago that I used to check the in/out listings daily. I did not care too much about unauthorized access (who would want to monitor me?) so I just chose the Netgear defaults. I quickly found out that a number of DAILY accesses were from somewhere in China. They were not from the same places in China, but they were from China nonetheless. I quickly made the security corrections. Fortunately they do not seem to get in now. Emphasis on the words "seem to".

Re:So what else is new? (3, Insightful)

Xest (935314) | about a year and a half ago | (#42945001)

A lot of people forget that the population of China is what, 1/5th the world's population?

As such it would make statistical sense that around 1/5th of attacks they see are from China.

This is a figure that tallies roughly pretty well with attacks I've seen on every net facing system I've bothered to monitor. I wouldn't say there are proportionally more attacks from China relative to their share of the world's population than anywhere else. Given the US' population, Russia's population, or a number of South American and Eastern European states whose names I've seen popup a fair bit it's actually the case that I see disproportionally more attacks from these states relative to their population.

I'm not defending China though, I don't buy the conspiracy theories, I think China genuinely is trying to get ahead in the world by stealing corporate secrets more so than anywhere else. The problem is, that Western states are easy targets because they assume that every country is like their own - that no competitor will hack them because that would be corporate suicide for their competitor if the truth ever came to light - the problem with this is that it ignores nations where the governments actively support such activity, rather than come down on it with the full force of the law more actively.

My point though is this, even in TFA it mentions that only something like 140 organisations have been targeted by this group. That's not really a lot, so if you see hack attacks on your personal router it's simple paranoia to assume the Chinese government is trying to hack you rather than a simple statistical likelihood that China has it's share of blanket IP/port scanning script kiddies as anywhere else too. If however you work for a Fortune 500 with something of value, there's a much greater chance that they are indeed out to get you.

Re:So what else is new? (1)

mnooning (759721) | about a year and a half ago | (#42945339)

That is good information.

I have to agree for the general case, and that may be what the case was with me. I should add that I had applied for a patent about a year before so it may have made sense for a state sponsored effort to hack my machine. It is hard not to be xenophobic when something like that happens to you.

Thanks

Re:So what else is new? (1)

Type44Q (1233630) | about a year and a half ago | (#42946575)

A lot of people forget that the population of China is what, 1/5th the world's population? As such it would make statistical sense that around 1/5th of attacks they see are from China.

LOL! Only if you (quite mistakenly) assume that all places worldwide have an equal percentage of hackers.

Re:So what else is new? (1)

kanwisch (202654) | about a year and a half ago | (#42946673)

A lot of people forget that the population of China is what, 1/5th the world's population?

As such it would make statistical sense that around 1/5th of attacks they see are from China.

This is a figure that tallies roughly pretty well with attacks I've seen on every net facing system I've bothered to monitor. I wouldn't say there are proportionally more attacks from China relative to their share of the world's population than anywhere else. Given the US' population, Russia's population, or a number of South American and Eastern European states whose names I've seen popup a fair bit it's actually the case that I see disproportionally more attacks from these states relative to their population.

That correlation doesn't hold, I think. A more appropriate one would be to compare learned users of each country's population that can access the Internet. My understanding is that the majority of China is poverty-stricken and not using the Internet. And by this same position, I would expect the cracking attempts from US-based locations to vastly outnumber all other states in sheer number, but I don't believe that's the case either.

Another poster had the right angle, I think. The number is greatly influenced by state-sponsorship or lack of law enforcement.

Re:So what else is new? (0)

Anonymous Coward | about a year and a half ago | (#42946767)

Your angle on statistics makes sense.

However it's naive to think western governments don't actively support corporate espionage against foreign competitors. Google for a story of how CIA helped Boeing secure a major bid against Airbus by spying on the French.

Re:So what else is new? (0)

Anonymous Coward | about a year and a half ago | (#42947131)

> A lot of people forget that the population of China is what, 1/5th the world's population? As such it would make statistical sense that around 1/5th of attacks they see are from China.

That assumes that all the people in the world have roughly the same skill level to perform such an attack, which is not true. Even being a script-kiddie would require some computer literacy, a skill which only a fraction of Chinese would have. A fairer "statistical sense" would be: out of the portion of computer users that are able to do such an attack, would the 1/5 portion that Chinese represents still make a statistical sense? I doubt it.

Re:So what else is new? (1)

gestalt_n_pepper (991155) | about a year and a half ago | (#42945543)

I've noticed this too, and always suspected that the world's routers are somehow working with seemingly innocent sites acting as a kind of mesh botnet for foreign entities (mostly Chinese). Can you tell us what you do to keep them out?

Re:So what else is new? (2)

mnooning (759721) | about a year and a half ago | (#42947483)

Okay. I have a Netgear WNR3500L.

If you examine the Netgear log, you should never get anything of the type below, as it is something that Negear would have allowed in whether you liked it or not. The example below is from Jinan, China.

[LAN access from remote] from 221.1.202.102:56024 to 192.168.1.4:32789 Sunday, Jul 22,2004 23:43:16

Log messages of the form below are things that your computer requested, such as when you clicked on a link, and the router allowed. The "192.168.1.2" was assigned to my laptop.

[Site allowed: web.mail.comcast.net] from source 192.168.1.2, Sunday, Jul 22,2004 19:12:08

Disable the Router's PIN!!! It has a brute force vulnerability. There are (now) numerous articles on it.

Use WPA2-PSK[AES] encryption.

Use a very long administrative password with capital and small letters, and numbers.

Use a long users' log on password with a good alphanumeric mix. You only have to type it into your laptop or computer once.

After you have done all this, log out of the router, then reboot it. Then log back in and change both the administrative and the user's passwords again. This is because an outside agent can monitor/gather info while you are doing the first set. Presumably you can change the passwords again before the outside agent has a chance to analyze that you changed it the first time, and hence has no chance to monitor the second change. Paranoid, yes, but, I NEVER get the "LAN access from remote" messages anymore.

Re:So what else is new? (1)

GodfatherofSoul (174979) | about a year and a half ago | (#42945879)

I just did a quick 12 log sample and 1/2 of the blind login attempts on a public VM we have are from China. Others from Europe and Latin America, one from the US.

3D printer (2)

ArcadeMan (2766669) | about a year and a half ago | (#42944855)

Now that I know what PLA is made of, I'll be printing with ABS from now on.

The PLA is not the government (1, Informative)

coldsalmon (946941) | about a year and a half ago | (#42944861)

The People's Liberation Army is part of the Chinese Communist Party, not the Chinese state.

Re:The PLA is not the government (0)

Anonymous Coward | about a year and a half ago | (#42944925)

The People's Liberation Army is part of the Chinese Communist Party, not the Chinese state.

And that's exactly what the article and summary said ... why is this modded up? The accusation is that the Chinese state is backing APT1 which is a division of the PLA.

Re:The PLA is not the government (0)

Anonymous Coward | about a year and a half ago | (#42944999)

Pick a possible reason why their are denying it, or add your own:
1) PLA has no clue what's going on. Where there is a leadsership disconnect, a rogue actor can take the country and world to the brink
2) This action has been going on for a very long time so it was before many of them and therefore is difficult to control
3) They fear the military that is grasping enormous power in the cyber war theater and are being coerced into cooperation

Re:The PLA is not the government (0)

Anonymous Coward | about a year and a half ago | (#42945063)

These sensibilities never pop up vis-a-vis CIA/US MIC. Very disturbing that the community which jumps at the chance to convict the US for similar acts now jump at the chance to exonerate China.

Re:The PLA is not the government (1)

Anonymous Coward | about a year and a half ago | (#42944931)

So? As '1984' taught me about totalitarian regimes, the Party *IS* the state.

It's an irrelevant distinction. Who commands the PLA's activities? The Chinese state. Or I suppose it's possibly the other way around. Hopefully not.

Re:The PLA is not the government (1)

benjfowler (239527) | about a year and a half ago | (#42945027)

The Chinese Communist Party commands the PLA.

In China, the Party _is_ the State.

Re:The PLA is not the government (1)

poity (465672) | about a year and a half ago | (#42944993)

So you mean it's more like the Schutzstaffel?

Re:The PLA is not the government (0)

Anonymous Coward | about a year and a half ago | (#42945075)

In a one-party state, the distinction there is pretty fuzzy.

A two-party state like the US is twice as good.

Re:The PLA is not the government (1)

Zontar_Thing_From_Ve (949321) | about a year and a half ago | (#42945105)

Your subject is correct, but your post itself is not.

Chinese Communist Party = Chinese state

The PLA works for the Chinese state and its actions are well known by the state leaders.

Re:The PLA is not the government (1)

tnk1 (899206) | about a year and a half ago | (#42945129)

The Communist Party may be segmented from the state apparatus to some degree, but in the end, the same people are giving the orders to both.

Although, it is important to consider that the PLA is it's own constituency within China and it even runs its own factories. It is entirely possible that the PLA is just muscling the commercial competition, as opposed to say, preparing for the opening moves of WW3. Of course, since it is China's military, it could be equal parts of both.

System Security (2)

[000000] (130723) | about a year and a half ago | (#42944913)

I think this should be a wakeup call for companies to allocate finance to IT security. It’s hard to go to the board and explain that you need xx£$ for beefing up security if you have not been a target of a hack attempt/virus etc..

Can it really be called hacking? (4, Insightful)

sl4shd0rk (755837) | about a year and a half ago | (#42944921)

When all your base are so easy to belong?

-- U.S. government has receives grade of "C-"
-- DHS received a "D" for 2006, an "F" in 2005
-- DoE pulled its grade up to a "C" from an "F."
-- Department of Commerce received an "F"

http://www.technewsworld.com/story/56892.html [technewsworld.com]

Re:Can it really be called hacking? (1)

david614 (10051) | about a year and a half ago | (#42945099)

What grade did the 2PLA get?

Re:Can it really be called hacking? (1)

wonkey_monkey (2592601) | about a year and a half ago | (#42945139)

U.S. government has receives grade of "C-"

Which is what I'm giving you for English.

Re:Can it really be called hacking? (0)

Anonymous Coward | about a year and a half ago | (#42945875)

Don't worry, I got this: Whooosh

Really?? (0)

Anonymous Coward | about a year and a half ago | (#42945091)

All of the offensive "Cyber Warfare" activities are conducted by the PLA. That's part of their mandate.

????

Big Government (1)

goodmanj (234846) | about a year and a half ago | (#42945109)

Y'know, I think a lot of American CEOs would be a lot more supportive of "big government" if we had a government agency that provided free industrial espionage services.

Re:Big Government (0)

benjfowler (239527) | about a year and a half ago | (#42945159)

Interesting that you say that. The French spy on people and pass stuff back to French businesses. It's also interesting that in France, big business and big government are, unlike the US, very cozy.

In the US, the big-business class are just a bunch of selfish, stupid pricks who take huge subsidies and then turn around and bite the hand that feeds them. Having the US intelligence community feed intelligence back to US business would make no difference to the autistic Rand-worshipping hand-flappers who run corporate America.

Re:Big Government (0)

Anonymous Coward | about a year and a half ago | (#42947073)

I wish the US businesses were run by "autistic Rand-worshipping hand-flappers." But no, they're not.

Re:Big Government (1)

Rob Riggs (6418) | about a year and a half ago | (#42945245)

The question becomes "industrial espionage for whom?" Do campaign donors for the winning party get preferential treatment? That's called "corruption" and it's a leading reason why the U.S. is steadily rising the the "government corruption" rankings world-wide. Secondly, the only beneficiaries will be multi-national companies (yes,all your favorite and least favorite brands), most of whom choose to hide their income and assets in tax havens. The CEOs are more than happy to have big U.S. government -- just as long as they don't have to pay for those benefits.

Re:Big Government (1)

warGod3 (198094) | about a year and a half ago | (#42946111)

You make it sound like those campaign contributions don't do anything in order to get any kind of 'services'...

Actual Report Here (5, Informative)

guttentag (313541) | about a year and a half ago | (#42945211)

Direct Link to the 6.8 MB PDF file here [mandiant.com] .

Mandiant page with appendix and hashes for their materials here [mandiant.com] .

I was reading through this last night and it contains some interesting details, but is also something of an advertisement for Mandiant's services. Some highlights:
  • The name of the group is People's Liberation Army Unit 61398 in Shanghai, and Mandiant has found that one of their personas uses easy to remember passwords for the many accounts he sets up, including a sort of mnemonic for the unit's number (“2j3c1k” likely stands for 2 ju 3 chu 1 ke, which likely stands for 2nd Bureau, 3rd Division, 1st Section, which is the official name of Unit 61398). The majority of attacks come from the neighborhood where this unit is based, and they have been supplied with "special" fiber connections "in the name of national defense."
  • The group is focused on the U.S. and Canada, and is mostly interested in attacking the information technology industry, but has taken an interest in aerospace, public administration, satellites and telecom, scientific research, energy and transportation.
  • They include interesting profiles of three "personas" known to be involved in the units attacks: Malware author "Ugly Gorilla" (a.k.a. "Wang Dong"), hacker "DOTA" (whose gmail account they claim to have broken into, and they provide a screenshot) and tool author "SuperHard" (Mei Qiang).
  • The group uses the term “rouji,” which translates to "Meat Chicken," in their software to refer to infected computers.

Re:Actual Report Here (3, Funny)

Is0m0rph (819726) | about a year and a half ago | (#42946521)

Are you sure with the aliases of Wang Dong and SuperHard this isn't some Chinese gay porno movie making unit?

Re:Actual Report Here (1)

jofny (540291) | about a year and a half ago | (#42946803)

The releasing of that many indicators and this information a)Puts Mandiant as a business and as individual employees at risk of retaliation and b)Means that the Chinese will change their tactics away from the indicators that have been released, so Mandiant and their clients will have *less* visibility than they had before. The report was released for the common good, IMO.

we're in denial (5, Interesting)

Anonymous Coward | about a year and a half ago | (#42945383)

posting anon for obvious reasons. I work for a very large tech company, and we've been trying to remove these bastards for years. YEARS. But the admins still click on cutepicture.exe in their email, and the devs always open the malicious Confidential2012salaries.ppt.... so it's like one big game of whack-a-mole. When we get more effective, sometimes we can maintain a dry environment for a good long time. Other times they throw serious resources at us and we get flooded, sometimes even tracing malicious action to short-term contractors physcially working in the US. It's like a swarm of locusts, picking through every bit of data with commercial value. I think one thing that escapes many US/EU security people is the scale of the PRC effort. When you have tens of thousands of people at your disposal, and update your overall plans every 5 years, it's never "a hack." If you do anything they're interested in, they're in your house.

But two alternate realities persist:
1. The Chinese government will continue to vapidly claim that attribution based on years of solid data are "unfounded and irresponsible" accusations. It is difficult to understand or engage with an adversary on any constructive level when their government consistently spouts predictable juvenile lies.
2. Our/your PR & legal people will steadfastly refuse to discuss the long-game nature of the Chinese intrusions, and deny they started 2-5-10 years ago and persist to this day. (We got a good chuckle out of the NYT assertion that the intruders entered only a few months ago, and that they have been eradicated from the network. I believe their corp lawyers said that. Any tech who believes either assertion it is a fool.)

Re:we're in denial (0)

Anonymous Coward | about a year and a half ago | (#42946055)

We got a good chuckle out of the NYT assertion that the intruders entered only a few months ago, and that they have been eradicated from the network. I believe their corp lawyers said that. Any tech who believes either assertion it is a fool.

I could believe that because of 1 thing you seem to be glossing over: the NYT was probably a recent and extremely low-value low-priority target. There was nothing of real value to steal and the intrusion was simple retaliation for fairly recent articles which were embarrassing to some Chinese politicians.

Maybe you should get rid of Windows? (4, Insightful)

Anonymous Coward | about a year and a half ago | (#42946135)

By far the largest security hole is Windows.

When the US Gov abolishes Windows, I will assume it is serious. Until then, this is political theatre.

Re:Maybe you should get rid of Windows? (0)

Anonymous Coward | about a year and a half ago | (#42946519)

Or maybe we should get rid of the notion that the Internet and email should be a wide open place where people can pay their bills and access their banking over http in the same universe as people who install keyloggers and remote access. "Chump can't download no attachments, chump can't execute a trojan." "Chump can't accept MIME or stream funny video in inherently insecure codec, chump can't have worm self-activate."

Re:Maybe you should get rid of Windows? (1)

satuon (1822492) | about a year and a half ago | (#42947201)

That is the only real way to be secure, unfortunately. It would require an overwrite of the OS to be more locked down, like iOS.

Doing everything over https would be nice, too, but there is too much inertia, a lot of software would need to be overwritten, and probably hardware devices to be replaced, too.

Re:we're in denial (0)

Anonymous Coward | about a year and a half ago | (#42946497)

They send us hacks, we should send them nukes. I mean didn't the USGOV promise exactly that???

A warning should also be sent that they are to sit there and take our 'gift', or else boots will follow.

All the fighting in the ME is useless anyway. This is a real threat on the horizon, not just for America, but the whole planet. I really doubt thieves will make good rulers....especially communist ones. WE should crush them while their military is still 50 years behind in tech.

There is a solution for your company (1)

Zontar_Thing_From_Ve (949321) | about a year and a half ago | (#42946603)

Your post seems to be a bunch of complaining on how your company seems completely and utterly powerless to do anything about stupid behavior by its employees. Just have your mail admins deny attachments on email. For example, if it comes from external sources, don't let attachments of any kind get through or only allow certain ones. This is rather trivial to fix. I have to wonder just how smart your "large tech company" is since they seem to have no clue on how to stop this sort of thing.

like i said (1)

fazey (2806709) | about a year and a half ago | (#42945447)

Like I said weeks ago... dont you think those sshd / mail password crackers from china are all part of the chinese govt? I do... you inevitably play the numbers game... get a box... locally exploit it... get root(or in some cases get root from password cracking). From there you sniff, grab the shadow file and run jtr... Now you have more passwords. People reuse passwords, so try it on anything their user logged in from, etc... eventually you spread like a virus... All the way into the lair of your enemies.

I stand by my previous statements. Block china, and know that you are at least THAT much safer.

Time to think out of the box (0)

Anonymous Coward | about a year and a half ago | (#42945885)

1. Generate fake documents with technobabbles
2. Generate fake personal identities with emails/facebook account/the whole nine yards
3. Generate VMs with fake hardware specs
4. Put 1/2/3 together and automate them, repeat until the fake information far exceeds the real one
5. Profit!

Cyber-warfare returns us to the Middle Ages (3, Interesting)

Wormsign (1498995) | about a year and a half ago | (#42945903)

With the advent of modern weaponry, overwhelming numbers of troops being a tactical advantage became a thing of the past. No longer could you simply overwhelm your foe with bodies. One small unit with heavy machine guns or a tank or air support could take out much larger opposing forces who were not as well armed. We now see this situation reversing itself. China has an over abundance of warm bodies and they can easily throw many more people at cyber-warfare and cyber-espionage than we can. Other than gradually moving more infrastructure off the public internet and blocking massive swathes of IP address space, I don't see any solution to this that won't be so cost-prohibitive that we end up bankrupting ourselves (more) to fend them off. Even blocking IPs doesn't work now when they control botnets in our borders. The battle lines are continuously obscured. How can you defend when there is no direction to defend from? Even moving infrastructure to private networks is complicated as there is great cost associated when you need to move data or tasks to and from the public internet. China isn't going away, and they have no incentive to stop trying to hack our systems. We have nowhere near the manpower it would take to respond in kind and doing something like Stuxnet on them would likely backfire or escalate beyond our control. Maybe that escalation is the only solution. It's scary.

if your power is in production capacity... (1)

genericmk (2767843) | about a year and a half ago | (#42946173)

If you're playing catchup in terms of technology and your power is in ability to manufacture on a vast scale, corporate espionage makes perfect sense. It's unfortunate that here we only have technology to steal and not much in terms of production capacity. That's a substantial disadvantage.

WMD in Irqa 2.0? (1)

hackingbear (988354) | about a year and a half ago | (#42946409)

Repots from contractors? How do we know it is not the same this time? Last time, it was so convincing too until after we spent a trillion dollars and thousands of lives.

OS Deficiency? (0)

Anonymous Coward | about a year and a half ago | (#42946501)

The word "Linux" appears in the report exactly once. It appears in a link to a .pdf document about file system overlay on embedded linux. The citation says that the document was living at a Chinese university, and was last accessed on 13 February, 2013. As of today, it is 404. The word "Windows", on the other hand, appears many times in the report. Security holes in Windows seem to be the main vector of attack. This is the take-home message. Any organization with a Windows machine exposed to the world should consider themselves fundamentally unsecure. This is not to say that Linux or other *nix O/S variants are totally secure. I've been hacked through an old Sun workstation on my local network. But, in terms of low hanging fruit, getting all Windows machines behind a firewall is a pretty low hanging fruit in terms of security enhancement. My 2-cents worth.

Nice PR for Mandiant and Richard Beitjich (4, Interesting)

Master of Transhuman (597628) | about a year and a half ago | (#42946915)

While there's no doubt that there are hundreds of thousands of hackers in China (not surprising given the population there), and there is little doubt that many of them are going to be hacking the "Big Bad" (i.e., the U.S.), this is mostly a PR campaign for Mandiant and Richard Beitjich.

Beitjich has been bitching and moaning about China for years now. He won't be satisfied until the US is at war with China - not cyberwar, REAL war.

The problem is multiple:

1) First, there is my "security meme" which should be engraved on everyone's forehead:

"You can haz better security, you can haz worse security. But you cannot haz 'security'. There is no security. Deal."

This means there is no way to keep hackers out of your networks, given the state of the software and telecommunications industries in terms of software development. There is no secure software (short of some specific stuff used by the DoD - and I'm not sure about thee, as the saying goes) and no secure infrastructure. What one guy can make, another guy can break. This is history.

The consensus in infosec today is that the best you can do is try to detect a breach, react to it and contain it so the enemy doesn't get everything it's after. All attempts at "preventing" hacking are utterly futile.

2) Cybercrime is a "growth industry". It's where the narcotics industry was back in the first half of the 20th Century after the anti-drug laws were passed. It will continue to grow until the software and telecommunications industries change their development practices - and based on human resistance to change, this won't happen until cybercrime is ubiquitous and governments and corporations are nailed to a wall of loss.

3) As we used to say in Federal prison, "I hope you don't like it. What are you going to do about it?" i.e., China is a nuclear power. They have 200 or so nuclear warheads. So what is the US going to do to stop Chinese hackers from spying? Bomb them? Threaten them with trade sanctions and start a trade war - with China owning trillions of dollars of US debt and is the US biggest trading partner? The days are gone when the US can just stomp on countries they don't like. Iran is giving the US the finger over the sanctions on it. How much less is China going to be affected?

Finally, I view this whole situation as "leveling the playing field." This is related to 2) above. The U.S. has used its military and economic clout for a hundred years to overwhelm and push countries all over the world around. What is happening now is that the chickens are coming home to roost. The U.S. "intellectual property" (an oxymoron at best) regime is being looted - as it should be.

So nothing is going to change for at least the next decade, maybe two decades.

So as my meme says: Deal.

Re:Nice PR for Mandiant and Richard Beitjich (1)

HPHatecraft (2748003) | about a year and a half ago | (#42947831)

The U.S. has used its military and economic clout for a hundred years to overwhelm and push countries all over the world around. What is happening now is that the chickens are coming home to roost. The U.S. "intellectual property" (an oxymoron at best) regime is being looted - as it should be.

So nothing is going to change for at least the next decade, maybe two decades.

So as my meme says: Deal.

What does any of that mean?

Does anyone explain why this was modded up? Because it is bashing the US? How is industrial and corporate espionage in any way, shape, or form acceptable? Reduced to its essential message, what I am hearing is "being a thief and d*ck is cool." Whatever.

I call BS (0)

Anonymous Coward | about a year and a half ago | (#42948241)

I'm not saying the Chinese aren't doing industrial espionage. A lot of nations do and have done in the past.
I'm saying this is just an elaborate ad.
If you were going to do this in a massive scale, would you make sure the IPs trace back to you? Why not put everything in a disk (or a couple of them) and ship it back, since they are already operating on so many countries.
They're sure that they're using real Chinese people because of the language settings? As if, you really have to have Chinese menus and so on to steal documents in English, especially when the "actors" (the report's terminology) are supposedly well-versed in English. You can't just pick English(NZ).
Another thing about the people related or supposedly working for this Chinese unit is they're hiring/recruiting people with Circuit Design, English, Math and Signal Processing. That sounds more like traditional ELINT, rather than "hackers".
And about security, it's not Windows (though that's not a good start). It's people being lax and everyone pretending changing the passwords will do. You can't enforce security on the computer systems without people enforcing security on themselves.
There's lots of EAL software and systems - rigorously tested. Which corporations are using them properly?
It's not the systems. It's the people. Bring back Multics - watch Accounting go batshit crazy.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?