In what is certain to become one of the—if not “the”—lead MSM stories on Tuesday, the New York Times informs us that a: “Chinese Army Unit Is Seen as Tied to Hacking Against U.S.”
Taken at face value, it is an especially important and newsworthy read, if for no other reasons than: a.) the seriousness and the extent of the implications of the Times’ exposé (according to the report, over 140 corporations have been hacked, and many major, national security-related nightmares have been created as a result of these nefarious hacking activities by the Chinese) which, when combined with an abundance of support materials and related information from cybersecurity firm Mandiant Corporation provides readers with an extremely compelling set of facts (including a live video of “teh Chinese military hackerz”--consider the source of the video--doing their dirty deeds, in real time, no less); and, b.) the equally fascinating backstory behind the story, which media observer Adam Martin over at the New York Magazine “Intelligencer” blog covers more thoroughly and concisely than I ever could…
Meet 'Comment Crew,' China's Military-Linked HackersAnd, the lead-in from this morning's NY Times…
By Adam Martin
New York Magazine’s “Intelligencer Blog”
February 19th, 2013 12:05AM
When The New York Times reported last month that hackers had infiltrated its computer systems, it was pretty sure they were with the Chinese military, but beyond that it didn't really identify them. That changed on Monday night, when The Times ran a massive report tracing the hackers to a building outside Shanghai, which houses Unit 61398 of the People's Liberation Army. That unit is thought to house the hacking outfit known in computer security circles as "Comment Crew" or "Shanghai Group," thought to be responsible for much of China's alleged cyber-attacks since 2006. The Times based its story largely on a 60-page study from Mandiant, the security firm it hired to fight off the the attacks that followed its expose on the family wealth of outgoing Chinese Prime Minister Wen Jiabao. Not only did Mandiant trace the likely infiltrators of the Old Gray Lady, it found Comment Crew was behind hundreds of attacks on U.S. companies, focusing increasingly "on companies involved in the critical infrastructure of the United States — its electrical power grid, gas lines and waterworks." Nervous yet?
The Chinese government maintains that it does not engage in hacking, which is illegal, and said China itself was a victim of hackers. But Mandiant is confident enough in the evidence it has gathered, including IP addresses located near Unit 61398's headquarters, unique malware and web domains used repeatedly by hackers, and even video of hackers at work (below), that it brushed off China's denial quite glibly:“Either [the attacks] are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”If not Unit 61398, the report concludes sarcastically, the hacks are coming from "a secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure that is engaged in a multiyear enterprise-scale computer espionage campaign right outside of Unit 61398’s gates…"
Chinese Army Unit Is Seen as Tied to Hacking Against U.S.A link to the Mandiant page that provides a link to their video on this story--which includes real-time coverage of actual hacking activities by the Chinese—is included in the intro excerpt, above. I thought I’d provide an additional YouTube link to it, since I’m pretty sure it’s going to be quite heavily-viewed, if the inevitable Internet traffic jam to that Mandiant Corporation page hasn’t already commenced. (SEE: “APT1: Exposing One of China's Cyber Espionage Units.")
By DAVID E. SANGER, DAVID BARBOZA and NICOLE PERLROTH
New York Times (Page A1)
February 19, 2013
On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.
The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.
An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area…
…Other security firms that have tracked “Comment Crew” say they also believe the group is state-sponsored, and a recent classified National Intelligence Estimate, issued as a consensus document for all 16 of the United States intelligence agencies, makes a strong case that many of these hacking groups are either run by army officers or are contractors working for commands like Unit 61398, according to officials with knowledge of its classified content.
Mandiant provided an advance copy of its report to The New York Times, saying it hoped to “bring visibility to the issues addressed in the report.” Times reporters then tested the conclusions with other experts, both inside and outside government, who have examined links between the hacking groups and the army (Mandiant was hired by The New York Times Company to investigate a sophisticated Chinese-origin attack on its news operations, but concluded it was not the work of Comment Crew, but another Chinese group. The firm is not currently working for the Times Company but it is in discussions about a business relationship.)
Last but not least, being someone who currently runs a very small software firm but who’s also spent a great deal of time in the media business, I wanted to add a couple of additional comments and realities to the mix.
First of all, hacking and security, in general, are (and have been) truly serious issues throughout the software industry, moreso now than ever. Personally, my tiny business has spent six figures dealing with this problem over the past three years, alone. (And, trust me, that’s a very massive sum for us.) And, when you read more of today’s Times’ story, it’s a no-brainer to grasp the severity of the matter--in terms of how these issues have adversely affected our country’s and many other nations’ security and its [their] relationship[s] with China, already—and how this situation could very negatively impact the United States’ relationship with the Chinese, going forward.
Second, the entire subject is further amplified by the taxpayer-supported/tech-feeding, domestic terrorism frenzy that’s currently in vogue within our nation’s military-industrial complex. (Paraphrasing Rahm Emanuel: “Never let a crisis go to waste.” i.e.: There’s never a better time for the status quo to make a quick [trillion or two] buck[s] off of taxpayers than when our government and the MSM have scared the crap out of Main Street.)
Are we scared yet?
That being said, there is a nuclear pissing war going on right now between the New York Times and the Chinese, as a read of the linked stories in the Martin/NY Magazine blog intro, above, will confirm this.
And, on top of this, as I’ve learned over many decades, when it comes to stories such as this, it always helps to follow the money, at least when the news relates to any business sector. Of course, the software security business is no exception to that greater truth. You see, Mandiant Corporation — a fairly small software applications developer, private label tech reseller and I.T. consulting firm—is very closely aligned with a much larger firm named, Fire-Eye, arguably, the “hottest” cybersecurity company in the U.S., and one of the very top, Wall Street-backed startups in any sector in the entire country, right now.
# # #
NOTE: There are, at a minimum, one or two fellow Kossacks whom I know are directly associated with at least one or two of the cybersecurity firms mentioned in today's NY Times' article. Hopefully, they'll weigh in on this story within the community at some point, as well. (Then again, since they actually work for these mentioned I.T. firms, that may be a very good reason as to why we may not hear from them, at all.)