A report released today by a computer security company confirms what many of us have long suspected: for years, the Chinese army has been running a clandestine operation with a skilled group of hackers, and is behind many recent computer attacks on Western governments and companies. The NYT reports:
On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.
The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.
An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.
This remarkable story is troubling for several reasons:
- The Shanghai Group’s activities suggest it is crewed by hackers whose abilities are clearly top-notch.
- Their target selection is extremely alarming. Several times the Shanghai Group has taken control of or stolen information from electricity grids, water projects, power plants, mining companies, and other critical infrastructure systems. One attack targeted Televent, a Canadian company that designs software that “gives oil and gas pipeline companies and power grid operators remote access to valves, switches and security systems.” Moreover, “Telvent keeps detailed blueprints on more than half of all the oil and gas pipelines in North and South America, and has access to their systems.”
- It appears the Chinese army is running this operation. A number of Western diplomatic sources over the years have expressed concern that the Chinese policy machine isn’t particularly well integrated, that the foreign ministry doesn’t always know what the army is up to, and vice versa. That’s frustrating in that the people Washington talks to sometimes aren’t the ones in charge of the decisions that matter to the U.S. This is also dangerous because sometimes the Chinese military has a less realistic view of the outside world and could go haring off on some reckless adventures.
- The most hopeful part of this story is that it appears the U.S. is quite capable of tracking the Shanghai Group’s hack attacks, using private companies or government agencies or both. We’ve been watching them since 2006, monitoring their methods and activities. But even though we know what they are up to, much of our infrastructure and many important corporate secrets remain vulnerable. That needs to be immediately addressed.
In the end, the U.S. can’t ignore hard evidence of official complicity in these kinds of nefarious activities. (Presumably Washington has its own means of listening in on Beijing’s communications, and has or ought to have some contingency plans for cyber campaigns.) As the Times article notes, “Obama administration officials say they are planning to tell China’s new leaders in coming weeks that the volume and sophistication of the attacks have become so intense that they threaten the fundamental relationship between Washington and Beijing.”
Our anxious allies in Asia will be watching to see whether America’s talk about a “pivot” and about a strong stance in Asia really means something.