State role in cyberespionage campaign? China says report 'lacks technical proof'

A report by security firm Mandiant provides one of the most extensive cases yet for the Chinese government's hand in massive-scale online data theft. Targets included an array of key businesses.

Andy Wong/AP/File
In this November 2012 photo, US and Chinese national flags are hung outside a hotel in Beijing. The Chinese Ministry of Defense released a statement on its website Wednesday arguing that the new report, released by US security firm Mandiant, provides thin support for its assertion that Chinese state forces were behind online attacks against some 150 victims, mostly US-based sites, writes Reuters.

China's government says that an extensive report on an alleged ongoing cyberespionage campaign by Chinese military hackers – which included a broad array of business targets – "lacks technical proof" of state involvement.

The Chinese Ministry of Defense released a statement on its website Wednesday arguing that the new report, released by US security firm Mandiant, provides thin support for its assertion that Chinese state forces were behind online attacks against some 150 victims, mostly US-based sites, writes Reuters.

"The report, in only relying on linking IP [Internet protocol] address to reach a conclusion the hacking attacks originated from China, lacks technical proof," the statement said.
"Everyone knows that the use of usurped IP addresses to carry out hacking attacks happens on an almost daily basis." 

"Second, there is still no internationally clear, unified definition of what consists of a 'hacking attack'. There is no legal evidence behind the report subjectively inducing that the everyday gathering of online [information] is online spying," it added.

The Mandiant report, released Tuesday, provides one of the most extensive cases yet for the Chinese government's involvement in online theft of data on a massive scale. The report documents the deeds of a large group of hackers, dubbed "APT1" by the firm, as they cracked the servers of 141 companies in 20 major industries and successfully stole many terabytes of data. Mandiant traced almost all of APT1's routes online back to Shanghai, and some even more specifically to a region in the city where a cyber-focused unit of the Chinese military, Unit 61398, is located.

Although possibly a military enterprise, APT1 appears to be focused toward corporate profit ends. The report notes that hackers' targets included a broad range of business types, including information technology, aerospace, financial services, agriculture, energy, and health care, and that information stolen included product specs, manufacturing procedures, and business plans. That sort of information, writes The Associated Press, could provide China's various state-owned megacorporations with major bargaining leverage and competitive advantages in the global marketplace.

Companies in fields from petrochemicals to software can cut costs by receiving stolen secrets. An energy company bidding for access to an oil field abroad can save money if spies can tell it what foreign rivals might pay. Suppliers can press customers to pay more if they know details of their finances. For China, advanced technology and other information from the West could help speed the rise of giant state owned companies seen as national champions.

Although the report asserts that "the sheer scale and duration of sustained attacks against such a wide set of industries from a singularly identified group based in China leaves little doubt about the organization behind APT1," some cyberespionage experts note that it's still a step short of proving the involvement of Unit 61398 and the Chinese military. Dell Secureworks cybersecurity expert Joe Stewart told The Christian Science Monitor, "There’s what we suspect and what we can prove."

“We still don’t have any hard proof that ... APT1 is coming out of that [Unit 61398's 12-story] building, other than a lot of weird coincidence pointing that direction. To me, it’s not hard evidence,” he said.

But, as the Mandiant report notes, the other valid possibility that the evidence supports seems "unlikely": that "[a] secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multi-year, enterprise scale computer espionage campaign right outside of Unit 61398’s gates, performing tasks similar to Unit 61398’s known mission."

Regardless, the report has brought Unit 61398 into the limelight, and the unit has locked down security in response. Agence France-Presse reports that one of its photographers, along with another international photographer, was briefly held by soldiers after shooting video outside the unit's headquarters.

Six Chinese soldiers in uniform pulled the AFP photographer out of a car and brought him to the guardhouse, where they searched his bag and seized his camera's memory card before allowing him to leave with a warning.

Speaking in English, the apparent leader of the group told him no photography was allowed since it was a military installation.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.