Tuesday, September 3, 2013

Chinese Military Hackers Target Commercial Intellectual Property

Earlier this year, Virginia-based cyber security firm Mandiant released a 60-page report pointing to a specific Chinese military unit as the perpetrators of one of the largest cyber attacks on US infrastructure and corporations to date.

Mandiant alleges that the attacks were directed mainly at 115 US targets, with twenty coming from different industrial sectors such as aerospace, energy, transportation, financial, and even legal institutions. Mandiant's report points to a 12-story office building in Shanghai as the base of operations for Unit 61398, which they dubbed as the “Comment Crew” or “Shanghai Group.” Mandiant said that since 2006, it has observed attacks from this unit against at least 141 companies spanning 20 major industries.

Image Source: Google Earth
Despite China's dismissal of the reports as “groundless” and “irresponsible”, many security experts continue to find the Comment Crews' actions as pointing towards government sponsorship, with one of the most popular cases being the successful hacking of Coca-Cola. The attack was done through a 'spearphishing' email (a more targeted version of phishing emails, which trick victims into entering their private information through a fake link on an email masquerading as belonging to a personal contact) which had been sent to a Coca-Cola executive. The attack was initiated after Coca-Cola has acquired a large Chinese company, and experts suggest that it was done for the purpose of uncovering negotiation strategies and other critical information related to the acquisition.

In addition to the theft of the blueprints for Australia's new spy headquarters, the unit is also believed to have hacked into the systems of several major defense contractors, particularly ones that are vital to the defences of Europe, Asia, and the Gulf. Some of the designs that are purported to have been acquired by the Chinese are the Navy's Aegis ballistic missile defense systems, the advanced Patriot missile system, the F/A-18 fighter jet, the Black Hawk helicopter, and the V-22 Osprey, among others.

One of the fallouts of the accusations is that the Chinese telco giant Huawei is now banned from bidding on broadband network infrastructure in several countries, particularly Australia and the US, out of fear of cyber espionage. While the US administration makes an effort not to single out a specific country in discussions about government-sponsored hacking, officials have previously accused China of launching a huge cyber espionage campaign. House Intelligence Committee Chairman Rep. Mike Rogers stated in an open committee meeting that "there is a precedent in history for such a massive and sustained intelligence effort by a government agency to blatantly steal commercial data and intellectual property."

In May 2013 Mandiant’s Richard Bejtlich made comments to the US Center for National Policy that, after a three month hiatus following the release of Mandiant’s report in February, Unit 61398 were ramping up their activities again. Bejtlich did not say Wednesday which companies had been the target of the the unit’s new attacks, but he said other China-based groups never stopped stealing Western intellectual property. “They steal a staggering amount of information,” he said. 

No comments:

Post a Comment