China military unit behind many hacking attacks on U.S., cybersecurity firm says

An analyst monitors Internet traffic at the U.S. cybersecurity firm Mandiant. / CBS

Updated 5:39 PM ET

A shadowy unit of China's vast army, tucked away in a nondescript office building in the thriving business hub of Shanghai, is behind a huge proportion of the hacking attacks on U.S. websites, according to an American cybersecurity firm.

Mandiant released a detailed 60-page report (PDF) Tuesday claiming its "research and observations indicate that the Communist Party of China is tasking the Chinese People's Liberation Army to commit systematic cyber espionage and data theft against organizations around the world."

The report says Mandiant tracked thousands of computer attacks on U.S. companies and organizations, starting in 2006 and rapidly increasing right into this year, to one specific neighborhood in Shanghai. Mandiant found that a vast majority of the attacks were coming from one group of hackers, dubbed by the company "Advanced Persistent Threat 1", or APT1.

"We ran into APT1 again and again and again, so we started observing and orienting toward APT1 just because of the volume of attacks they were doing," Mandiant founder and chief executive Kevin Mandia told The New York Times. "After responding to APT1 for years, at over 100 different organizations, you start to pick up patterns ... over 98 percent of the time, when they were doing their intrusions in the U.S. companies, they were also using computer addresses from Shanghai. So I called 98 percent not an anomaly."

Researching the attacks led Mandiant to a tall building on the outskirts of Shanghai, with satellite dishes on the top and a secure perimeter, which houses Unit 61398 of the People's Liberation Army.

"In seeking to identify the organization behind this activity, our research found that People's Liberation Army (PLA's) Unit 61398 is similar to APT1 in its mission, capabilities, and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate."

• The "Cold War for the next generation"
• U.S. getting cyber-robbed "every single day"
• U.S. weighs action against Beijing after cyberattacks

Mandia told The Times that his company's open-source research showed Unit 61398 is "chartered with hiring people that can speak English, and be able to exploit networks, and know computer security. We thought that was an interesting combination, and that unit just so happens to be located in the same region of Shanghai where we're tracking over 90 percent of the connections coming from."

The report cites an internal 2008 memo from China's state-controlled telecommunications company, China Telecom, purportedly found online by Mandiant. The document appears to detail some of the infrastructure installation at the Unit 61398 building. The author of the memo advises his or her colleagues at the regional branch of China Telecom that the PLA "also hope Shanghai Telecom will smoothly accomplish this task for the military based on the principle that national defense construction is important."

China has repeatedly denied any government involvement in computer hacking.

"Chinese law forbids hacking and any other actions that damage Internet security," a statement from the Defense Ministry said early this year. "The Chinese military has never supported any hacking activities. Cyberattacks are characterized by being cross-national and anonymous. To accuse the Chinese military of launching cyberattacks without firm evidence is not professional and also groundless."

Talking to journalists Tuesday, Foreign Ministry spokesman Hong Lei responded to the report, according to The Associated Press: "To make groundless accusations based on some rough material is neither responsible nor professional." He also said that China, too, has been a target of hackers.

Play Video

Rogers: U.S. robbed "every single day" via cyberattacks

Play Video

Security firm warns of increasing cyber threat

Play Video

Who's behind cyber threat to America?

The report comes on the heels of warnings from U.S. lawmakers -- and from Mandiant itself -- that Chinese hackers have been behind a startling wave of cyber attacks on U.S. entities.

Rep. Mike Rogers, R-Mich., who has co-authored cyber security legislation pending in Congress, said in a panel discussion on "Face the Nation" earlier this month that hackers are intent "every single day" on "shutting down our financial services or finding other ways to destroy material in companies that won't allow them to function on a day-to-day basis."

His remarks came after three of the U.S.'s biggest newspapers and Twitter were all targeted by hackers. The New York Times and The Washington Post said the attacks were believed to have originated in China. On Tuesday, CNET reported that Apple was also the target of hackers along with those aforementioned companies.

Speaking to The New York Times for an article published Tuesday, Mandia said his company published its report to alert the U.S. public and government that, "it's not just freelance people in China doing these attacks, it's attacks directed by the government. So that means these attacks can be more advanced they can be more funded, they can be more pervasive, and they will probably continue unabated. It could be the new normal."

Mandia told CBS News correspondent Bob Orr earlier this month that the number and sophistication of the attacks on U.S. organizations is so daunting, it would be futile to try and prevent them all.

"These attacks are inevitable, so let's make sure we keep these attackers from our crown jewels," said Mandia.

To bolster the U.S. defenses against such cyberattacks on vital infrastructure and defense systems, Mandia said it was crucial that entities targeted by hackers start sharing the information on the attacks more fluidly, stressing that "everybody needs to get smarter from each breech, almost like a neighborhood watch."

President Obama signed an executive order on Feb. 12 aimed at boosting the nation's cybersecurity by enabling the government to share information with private firms more easily, and establishing mandatory reporting on security threats from government agencies to U.S. corporations at risk. Congress, however, has been unable to agree on any legislation to set new laws on cybersecurity.

In the wake of attacks on the U.S. newspapers, Orr reported that the Pentagon was pushing to expand its cybersecurity forces. The U.S. military's so-called Cyber Command will grow five-fold over the next few years, from 900 employees at present, to about 5,000 civilian and military personnel, Orr reported.

Edited by CBSNews.com foreign editor Tucker Reals

[tnguyencbs]

Cybercrime is a threat to our national security and the U.S government need to take a more proactive approach. I've worked with Government IT C
Than Nguyen
http://www.insourcegroup.com

[modernj]

Just make a truce. The U.S. stops cyberattacks, the worlds most destructive cyberviruses, drones along China's shore and China does the same just in case in the future.

[tevj99`]

The REAL cost of exporting most of our manufacturing and jobs to China is beginning to become apparent. Fatter bottom lines for US corporations and their investors are not without consequence. We will now begin the work of demonizing China in a hopeful attempt to bring back at least some of our manufacturing and the jobs that go with it, to the US. Cyber attacks can come from anywhere in the world, and the Chinese aren't the only ones we need to worry about.

[FP1970]

Chinese spies also infiltrate the actual American homeland every day thanks to America's habit of blindly admitting immigrants on the basis of their technical skills--and never daring to ask if someone might have ulterior motives in wanting to come to America.

[LaurettaEWilson]

The power of the internet. Very concerning.

Lauretta
<a href=http://www.real-changes.com>Real Changes, Hypnotherapy London
T:447570046862 W:www.real-changes.com</a>

[Martha12345]

Perhaps if we skip a few loan payments they'll consider stopping .

[littlebuddyd]

I don't care what anyone says, all these cyber attacks equate to a act of war on our country. If China had people physically breaking in to buildings, military and civilian, and stealing documents and technology all over our country it would be an act of war. Why is this any different than that. We should take our evidence to the UN and demand in front of the world that China stop or we will break them finacially and wipe clean debt to them. But we will never do that because either Obama wants them to suceed of the CIA or NSA is already doing the same back to them.

[hypnotoad72]

It can start by our ceasing that country MFN status.

For YEARS, if not DECADES, a case can be built to the international community about China. Nixon, Reagan, Bush, Clinton, Bush, Obama, and 2016 presumable candidate Clinton all blindly act like lapdogs, saying how China is oh-so-important. When China puts out toxic or deadly products, ignores environmental and human labor concerns, and a whole slew of issues that shows they are nobody's friend yet the politicians and corporations continue to ignore them, the moment China turns on them like they have everyone else, what will happen then?

I'm taking my tinfoil hat off now. This is getting ridiculous.

[littlebuddyd]

I never said we were going to have a military war with th 1.7 billion communist in china. I said if you hit them were it hurts "their wallet" I think we would get their attention. China soesn't want a war with us either. A war between China and the US would be Tantamount to Armegedon. As it is we are being visiosly attacked in cyber space for no good reason other than China's own new found greed and these are the guys that are going to rain in the Pong Pong Man in North Korea from lobing nukes at us. What part of hand sitting do you think we should be doing. The part where we say to the Chinese " please don't spying on us" "Oh by the way can we borrow another 5 trillion dollars." Or should we just stop buying ANYTHING that is mad in china for a couple of weeks. I bet we will get their attention if they had to shut their factories down for a couple of weeks do to lack of orders.

[Bojax39]

"China military unit behind many hacking attacks on U.S., cybersecurity firm says"

And yet we continue to trade with and enrich these proven enemies. Go figure.

[hypnotoad72]

But they aren't communist. They're capitalist and therefore our bestest friends by default...

[aintfakin]

Beaner96 replies:
linkicon reporticon emailicon
Many products designed by American companies are manufactured in a more competitive labor market.

Those same products, if manufactured in the U.S., would cost significantly more.
Is that what you would prefer? You want to pay 20%-30% more for the same products?

Profits will remain the same, the increased cost of production would be handed directly to the consumer.

You should be thankful for China's competitive labor market. I, for one, can't afford to pay more for every day necessities.
--------------------------------------
20 to 30 percent? Is that what CEO's are making in extra profit? I doubt if it would be 20 or 30 percent once we get rid of these one way free trade agreements and hit other countries, especially China with titfortat duties.
When you consider that this extra money is being made off my fellow unemployed citizens in this country I would pay more the products I need. Products in this country would be made to more exacting specifications and would last longer eliminating the need for frequent replacement. Most of the stuff I buy with working parts such as small appliances etc are nothing but trash.
I feel bad for your current financial condition but you can blame no one but the folks who do send jobs away from this country which has forced wages down in this country too....due to one way so called "free" trade agreements.
Vo tech colleges are cheap....learn a new trade.

[hypnotoad72]

Beaner,

they are not American companies.

They are multi-national.

No moral imperative to hire Americans, they say...

Even if our taxpayer money helps float their boats...

http://www.ctj.org/html/corp0402.htm

http://www.businessinsider.com/microsoft-to-grassley-were-still-using-h-1bs-no-moral-imperative-to-hire-americans-2009-3

http://www.businessinsider.com/ballmer-threatens-obama-says-hell-move-jobs-overseas-2009-6

But if we're giving them tax money, then there is a moral imperative. Otherwise Microsoft, which isn't exactly a poor startup, should pay back every penny, with interest. That would be the first legitimately philanthropic thing they've done in years, if not decades.

BTW: Vo-tech colleges are pretty damn expensive for what they hand out in return. Try going to one and you might just see what so many have experienced...

Beaner also doesn't understand that the 'design' jobs are also going overseas, just so the companies can keep a 70% profit margin or higher. Beaner might finally complain the moment Beaner loses his job or has to compete in the same way he wants everyone else except Beaner to do... he doesn't how slanted the erroneously-named "global economy" truly is, and he never will I suspect.

[stupa5]

Test Hack