A report released on 19 February indicated that hackers from a unit of China’s People’s Liberation Army (PLA) had amassed hundreds of terabytes of stolen data from over twenty nations as far back as 2006.
The report, released by American security company Mandiant, was the result of six years of investigations. The team tracked individual members of the Chinese hacker group to a high-rise building in residential Shanghai. The location is home to Unit 61398 of the People’s Liberation Army. The report claims that among other information, the unit has obtained technology blueprints, negotiating strategies, and manufacturing companies from 141 companes, 115 of which are in the United States. Among the diverse set of targets was a large defence contractor, and a company that helps utilities to run North American pipelines and power grids.
The most prolific of these actors, in terms of quantity of information stolen, is a group known as APT1 (ATP stands for Advanced Persistent Threat). The Mandiant report indicates that APT1 is staffed by hundreds or thousands of English-proficient speakers with advanced computer security and networking skills. They have hacked into 141 companies, remaining in their networks for an average of 365 days (with the longest lasting 1,764 days), and have targeted companies across twenty industries which were identified by China as strategically important under its Five Year Plan for economic growth.
The Chinese government has denied and condemned the Mandiant report, calling it “unprofessional”. Chinese foreign ministry spokesman Hong Lei stated, “Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don’t know how the evidence in this so-called report can be tenable.”
Mr. Hong further added that China opposes hacking, and believes the nation itself is a victim of cyber attacks. Yet the report, which is lauded in the West for its unprecedented level of detail, indicates that not only are the activities based in China, but that the Chinese government is aware of them.
Hackers in Chinese Culture
While the Chinese government may not know the full extent of Chinese hackers, they are aware that hacking is a prevalent part of Chinese tech-society. There are three types of hacker attacks emanating from China: economic espionage, cyber warfare, and attacks by “hacktivists” with a socio-political agenda. The latter of these, Chinese “Red Hackers” perceive themselves as Internet patriots. They number in the thousands, have nationalistic politics, and exist in a culture where hacking, particularly against the West, is “fashionable”. A 2005 Shanghai Academy of Social Sciences survey found that hackers equated with rock stars. Forty-three percent of elementary-school students “adore” China’s hackers and nearly a third aspire to join them. Within the culture, there are hacker magazines, clubs and online stories. Unlike Western hackers, who tend more anti-government, Chinese hackers are more involved with politics. “Nationalism is hip,” claims a man identified as “the Godfather of hackers”, “and hackers — who spearhead nationalist campaigns with just a laptop and an Internet connection — are figures to revere.”
Of China’s thousands of “Red Hackers”, many may not be acting on direct behalf of their government, but the net effect is the same. The Chinese government does not have a direct connection to all hacker groups, nor do they prosecute hackers for attacks outside of their borders. In instances where hackers work to the benefit of China, this lack of supervision is perceived as tacit approval, particularly as the Chinese distinction between the private and public domain is very small.
Refinement of Phishing
To companies in the West, the particularly increasing difficulty is in identifying the actual hack. The primary tactic used to enter a system is “phishing”, a process by which seemingly innocent messages include links or attachments which dump spyware on recipients’ computers. Initially, these emails were easy to spot, due to poor language use, or obviously malicious attachments, such as “.exe” or “.rar” files. However, Chinese hackers have polished their strategy, using polished English and more convincing attachments, such as links for RSVPs to events, or PDFs which must be opened to obtain the information.
ATP1 has effectively created webmail accounts using real names which are familiar to the recipient, such as a colleague, vendor, or client. The phishing attempts are customised with use subject lines and content relevant to the target, making it more difficult to identify when a security system had been compromised.
The most effective tool against this polished technology is a return to old mediums. Companies are urged to contact a sender face-to-face or via telephone to confirm the attachment’s safety. Even sending an email asking if an attachment is safe is risky, as the malicious sender can simply respond that it is legitimate.
Hacking and the Chinese Economy: What it could mean
Analysts believe that the pattern is likely to continue because it is affordable. Frank Smyth, founder of Global Journalist Security, says, “No one should be surprised, because it doesn’t take that much infrastructure. If you have a team of people in a room, you can create a lot of havoc. That’s much cheaper than building a tank or a jet fighter.”
China’s rapid growth and aging population has caused their reliance on foreign food and energy to increase dramatically. These leadership fears may serve as an impetus to justify an industrial espionage campaign. However these actions may serve to hinder economic progress. The acquisition of foreign technology may handicap Chinese development, according to James Lewis of the Center for Strategic and International Studies. “There is a puzzling lack of faith in China’s own strengths. Beijing has concluded that now is not yet the moment to tame the decades-old effort to pilfer technology.”
Hacking on this scale also signals a reluctance to play by the rules in the in the international market. China’s new leader, Xi Jinping has vocally suggested that the nation embrace reform and work within the rules of international law. The failure to acknowledge of the contents of the Mandiant report are a missed opportunity; the denial, and boomerang accusation that it is China which has been victimised, may generate a loss of trust in both the Chinese government and business relations in the nation.