Mandiant, a major cyber security firm who acts as agent for both government and private industry has released its report detailing China’s role in cyber attacks stating “Our research and observations indicate that the Communist Party of China is tasking the Chinese People’s Liberation Army (PLA) to commit systematic cyber espionage and data theft against organizations around the world.”
Using well-defined computer network attack methods, and gaining access over extended periods of time, the cyber spy unit stole broad categories of information including technology blueprints, proprietary manufacturing processes, pricing documents, business plans, partnership agreements, test results, contact lists and emails from within the organizations that were victimized.
Chinese hackers have attacked the NY Times, stealing journalist’s emails and contacts. According to The London Times; Chinese hackers have targeted British military drone technology and have attacked British aerospace, defense and technology firms working on drones. They utilized the spyware program known as Beebus.
The unit uses close to a 1,000 command and control servers hosted on at least 849 distinct IPs in 13 countries. The report continues “The detection and awareness…is made even more probable by the sheer scale and sustainment of attacks that we have observed and documented in this report”
In a country that extensively monitors Internet use; the spying unit’s long-running operations indicate it “is acting with the full knowledge and cooperation of the government.”
National security agencies and law enforcement investigated the hacking of a White House computer a few months ago. The attack penetrated a network inside the White House Military Office that handles top-secret data. It was traced to a server in China. The cyber attack coincided with Chinese cyber attacks against Japanese and private sector computers. There have been ever growing tensions between China and Japan over the Senkaku Islands. Although the Islands have been under Japanese control for decades, China is now claiming them as its territory; referring to them as the Diaoyu Islands.
Operation Aurora, the code name for a Chinese “spear phish” attack on Google and other U.S. companies was discovered in late 2009. “Spear-phishing” is a fraudulent use of email. The user receives an email that they are made to think is from someone familiar to them. Once opened, it can allow the hacker to infiltrate a computer network, and exfiltrate the information that they are seeking.
According to Mandiant, some of the Chinese hackers got lazy and did not log out of the servers that they were using for cyber-espionage, before logging into U.S. social media sites such as Twitter and Facebook. By deviating from following their proper protocol, they in turn led investigators to discover their real identities. Thus, Mandiant was able to trace two hackers, known as Ugly Gorilla and DOTA all across the Web using data points.
Brian Fung of the National Journal writes, “It’s no small irony the everyday shortcuts users take, and which subsequently open them up to hackers like DOTA and Ugly Gorilla, are the same traps that the two hackers fell into. “