Security Firm Mandiant Says China's Army Runs Hacking Group APT1 137
judgecorp writes "The Chinese government has been accused of backing the APT1 hacking group, which appears to be part of the Chinese People's Liberation Army (PLA), according to the security firm which worked with the New York Times when it fell victim to an attack. The firm, Mandiant, says that APT1 is government sponsored, and seems to operate from the same location as PLA Unit 61398." Unsurprisingly, this claim is denied by Chinese officials. You can read the report itself online (PDF), or skim the highlights.
No kidding (Score:5, Interesting)
I would be surprised to learn of any major military power today that DOESN'T have a cyberwarfare division (and god knows how many government contractors doing it on the sly). This only exposes something publicly that every security researcher has known for over a decade.
Re:No kidding (Score:4, Funny)
Yeah, I'm sure the US government already knows about it and has brought it up privately with the Chinese. I expect the conversations went no where:
US: We want you to stop your cyberespionage in the US.
China: You want fried rice or steamed rice with that?
Re: (Score:3, Interesting)
Re: (Score:2)
In terms of UML cardinality.. Bank has one to many vaults. A vault has one Bank.
Re: (Score:1)
Re: (Score:2)
That would be a generalization. Bank Vault is a Vault. Seed Vault is a Vault as well but not in the context of a Bank.
Re:No kidding (Score:5, Insightful)
Do you expect a politician to admit when they've left their guard down? Take a look at the Embassy killings in Benghazi if you want a road map as to how the State Department handles transparency.
The fact of the matter is that we are under attack daily from interests by foreign governments or by organizations that receive support and funding from those same governments. Espionage has changed, it doesn't take collateral assets to infiltrate factories when you can hire a bunch of college kids to hack the aerospace firms systems or get those strategy documents from the banking firm. What has to happen is that people need to start treating the Internet like their front door. Firewalls as good, but you don't let just any information out of your home and you certainly don't let everybody in your house either. The Chinese have been observed for years for doing this, so here's a simple thought: Disconnect them from the Internet. Oh wait, that would cause problems with international conventions on fairness right? Frankly if the Obama administration took this seriously they'd be sending that message: Either clean up your act or we'll disconnect your access. Sure they can then proxy or go elsewhere but at least it would be a stand instead of the constant words going back and forth. The Chinese will only respond to actions, not words and we have to start taking more actions where this is concerned.
What about Diplomacy? (Score:2)
Let's not forget that Hillary Clinton is Secretary of State. If Slashdotter's are not familiar with that position, that is a DIPLOMATIC position.
Her job is to NEGOTIATE with foreign governments. Public acknowledgment of such attacks might hash the negotiations.
I would prefer that she DOES HER JOB and works through diplomatic channels. Public threats will not help. Private threats might. This is doubly true for a secretive regime such as China.
It is the job of the cyber-warfare unit–part of the MIL
Re: (Score:2)
Re: (Score:2)
Yes, It's now John Kerry. You can't tell the players without a scorecard.
Re: (Score:3)
Re:No kidding (Score:5, Insightful)
US: We want you to stop your cyberespionage in the US.
China: You first.
Re: (Score:1)
Yeah, because the US totally wants to imitate the Chinese stealth fighter by stealing its inferior secrets /sarcasm
Free countries innovate faster, which is why the non-free countries want to steal what they have.
Re: (Score:2)
There are plenty of secrets beyond raw technology that are well worth pursuing. If China was secretly positioning assets for a strike on Taiwan for example, that's important strategic information. Even knowing the conditions which would cause such activity is priceless. Then we have influence that can be gained over party officials by access to their files, actual versus reported expenditure patterns, and much more.
Re: (Score:2)
1) I am sure US totally wants to steal information on any stealth fighter developing in China. They want to know what they are making. And I am sure there are many efforts in progress to gain as much information as possible.
2) "Free" vs "Un-Free" is not the determining factor is innovation and scientific achievements now or into the future. You should be more worried about spending on education, society's attitude to science and bans on things like stem cell research. In the spending on education and societ
Re: (Score:2)
Re: (Score:1)
Try Again (Score:3, Insightful)
I would be surprised to learn of any major military power today that DOESN'T have a cyberwarfare division (and god knows how many government contractors doing it on the sly). This only exposes something publicly that every security researcher has known for over a decade.
I'm sorry, you were saying you have evidence of the United States targeting civilians, newspapers and non-military corporations by paying a third party to do it and then denied it? This isn't pot/kettle this is apples/oranges.
Re: (Score:1)
If the intent is to imply that the US gov't has a cyberwarfare division and does use it in the manner you stated while denyi
Re: (Score:2)
Re:No kidding (Score:4, Funny)
Re: (Score:1, Insightful)
Sometimes the military targets are US civilians. Buts its OK because we used a drone. They don't count as soldiers.
Re: (Score:1)
Re: (Score:1)
To punish traitors, mostly.
Westerners seem to have retained since Wallace's time the inability to learn to distinguish between who is a "traitor" and who is an invaded enemy. And today sanctimonious traitors declare which own citizen to invigilate, falsely accuse, torture or kill. Go fuck yourself, USAn moron.
Re: (Score:2)
Re: (Score:1)
Stop drinking the Koolaid (Score:4, Insightful)
You're not paying attention. Don't whitewash "the West" - it's governed by corrupt sociopaths who are morally no different from the rulers of China. Our institutions are designed to be less corruptable (which is why our leaders have been changing them) but the humans in power are at least equally evil.
The series of worms the USA and Mossad introduced in Iran (presumably to keep Shiites from reaching nuclear parity with the West) caused civilian collateral damage to US and Scandinavian businesses. The Bush/Obama administration has laughed it off; the only thing they regret was giving Israel the keys to the worms, which turned out to be a scarily bad idea. They don't seem to regret the car-bombing campaign "the West" directed against civilian Iranian scientists and their families, either. This isn't any "conspiracy theory" crap, either, it's recent history. It's exhaustively documented in wikipedia [wikipedia.org] at this point, as well as newspapers and books.
Here in reality [tm] all the existing countries that have the capacity to harm designated "enemies of the state" and get away with it, regardless of civilian/military status, seem quite willing to do so. That includes the Vatican and probably would include the Dalai Lama if he had the ability. Obama's administration blows up teenagers with US citizenship, and Bush's administration knowingly tortured innocent people [wikipedia.org] to death for amusement. They're all evil.
Re: (Score:1)
Yeah, wanting theocracies where the national mythos involves sacrificing yourself to kill your enemy to not have nukes is just foolish. Wanting the entire middle east to not have to go into a nuclear arms race is just 'evil'.
Your idiocy seems to know no bounds. You lack even the most basic ability to think rationally about the world around you.
I had to re-read the gp to assure myself you were actually attempting to respond to it.
Congratulations, you made three arguments that had nothing directly to do with the post you were responding to.
GP: "Don't whitewash the west; the individuals in power are no better than those in the mid-east -- we just (currently) have better checks and balances in place"
You: "You're an idiot, we don't want the mid-east getting nukes."
I did read both of those correctly, yes? I think the original point was that we also do
Re: (Score:2)
Sure, we all have cyber warfare groups...but I don't think most are actively attacking commercial interests with the goal of stealing IP for domestic companies to use like the Chinese do. I think most countries cyber efforts are more focused on defense related espionage.
Re: (Score:3)
Somehow, I fail to see the difference. We want certain kinds of information, that we believe will make our nation stronger. They want any and all information, that they believe will make their nation stronger.
Pot, meet Kettle.
Re: (Score:1)
Re: (Score:2)
Of course if such entities were any good they might be run by an entity different from that which appears to be running them.
Re: (Score:2)
Of course if such entities were any good they might be run by an entity different from that which appears to be running them.
You mean No Such Agency? They keep such a low profile that they might, for all I know, be the only competent government agency we have. I sure hope so. I don't want the Chinese to cut off my electricity—my UPS is only good for an hour.
Re: (Score:2)
I think the news isn't that China has an unofficial hacking department, but that someone's managed to narrow down exactly where they work from. This makes it difficult for China to claim that the hackers are private individuals or non-government businesses.
Internet Control (Score:4, Insightful)
Stories like this will be used to push draconian internet control and cyber-security laws on the American public.
Don't be fooled.
Re: (Score:2)
I agree. It's such a refreshing change from bad domestic policy being enacted without cause!
Re: (Score:2)
Or are you just doubling up on your tin foil?
Tin foil is so 1940s.. it's all about the AFDB [zapatopi.net]
or pay ... (Score:2)
... to the contractors. This just looks like WMD in Iraq again -- you (taxpayers) paid a trillion dollar to find out the whole thing was fake and yet nobody got punished. For this one, you will spend billion$ and still won't know if it is real -- after all we can't invade China to find out. When somebody tries to sell you something hard, it must be fishy.
I just wonder why a sophisticate spy operation forgot to fake their IP addresses but leave all trails to one location, given that they have controls of the
So what else is new? (Score:5, Interesting)
Re:So what else is new? (Score:4, Insightful)
A lot of people forget that the population of China is what, 1/5th the world's population?
As such it would make statistical sense that around 1/5th of attacks they see are from China.
This is a figure that tallies roughly pretty well with attacks I've seen on every net facing system I've bothered to monitor. I wouldn't say there are proportionally more attacks from China relative to their share of the world's population than anywhere else. Given the US' population, Russia's population, or a number of South American and Eastern European states whose names I've seen popup a fair bit it's actually the case that I see disproportionally more attacks from these states relative to their population.
I'm not defending China though, I don't buy the conspiracy theories, I think China genuinely is trying to get ahead in the world by stealing corporate secrets more so than anywhere else. The problem is, that Western states are easy targets because they assume that every country is like their own - that no competitor will hack them because that would be corporate suicide for their competitor if the truth ever came to light - the problem with this is that it ignores nations where the governments actively support such activity, rather than come down on it with the full force of the law more actively.
My point though is this, even in TFA it mentions that only something like 140 organisations have been targeted by this group. That's not really a lot, so if you see hack attacks on your personal router it's simple paranoia to assume the Chinese government is trying to hack you rather than a simple statistical likelihood that China has it's share of blanket IP/port scanning script kiddies as anywhere else too. If however you work for a Fortune 500 with something of value, there's a much greater chance that they are indeed out to get you.
Re: (Score:1)
That is good information.
I have to agree for the general case, and that may be what the case was with me. I should add that I had applied for a patent about a year before so it may have made sense for a state sponsored effort to hack my machine. It is hard not to be xenophobic when something like that happens to you.
Thanks
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
A lot of people forget that the population of China is what, 1/5th the world's population? As such it would make statistical sense that around 1/5th of attacks they see are from China.
LOL! Only if you (quite mistakenly) assume that all places worldwide have an equal percentage of hackers.
Re: (Score:2)
I think you need to get a better understanding of statistics, particularly the relevance of sample sizes, and the irrelevance of outliers in a discussion like this.
Fundamentally, the proportion of attacks coming from China is a reasonable enough figure to explain away state sponsorship, or targeted attacks as a general rule when seeing attacks originating from China because the figure isn't disproportionately high relative to the population of the country. If you don't understand why that's simple fact then
Re: (Score:1)
A lot of people forget that the population of China is what, 1/5th the world's population?
As such it would make statistical sense that around 1/5th of attacks they see are from China.
This is a figure that tallies roughly pretty well with attacks I've seen on every net facing system I've bothered to monitor. I wouldn't say there are proportionally more attacks from China relative to their share of the world's population than anywhere else. Given the US' population, Russia's population, or a number of South American and Eastern European states whose names I've seen popup a fair bit it's actually the case that I see disproportionally more attacks from these states relative to their population.
That correlation doesn't hold, I think. A more appropriate one would be to compare learned users of each country's population that can access the Internet. My understanding is that the majority of China is poverty-stricken and not using the Internet. And by this same position, I would expect the cracking attempts from US-based locations to vastly outnumber all other states in sheer number, but I don't believe that's the case either.
Another poster had the right angle, I think. The number is greatly influ
Re: (Score:1)
On the other hand, Obama actually admitted the US was involved in the virus that hit the Uranian nuclear materials processing plant. I suspect it was a calculated admission, not and inadvertent one, but an admission nonetheless.
Re: (Score:2)
I've noticed this too, and always suspected that the world's routers are somehow working with seemingly innocent sites acting as a kind of mesh botnet for foreign entities (mostly Chinese). Can you tell us what you do to keep them out?
Re: (Score:2)
Okay. I have a Netgear WNR3500L.
If you examine the Netgear log, you should never get anything of the type below, as it is something that Negear would have allowed in whether you liked it or not. The example below is from Jinan, China.
[LAN access from remote] from 221.1.202.102:56024 to 192.168.1.4:32789 Sunday, Jul 22,2004 23:43:16
Log messages of the form below are things that your computer requested, such as when you clicked on a link, and the router allowed. The "192.168.1.2" was assigned to my
Re: (Score:2)
I just did a quick 12 log sample and 1/2 of the blind login attempts on a public VM we have are from China. Others from Europe and Latin America, one from the US.
3D printer (Score:3)
Now that I know what PLA is made of, I'll be printing with ABS from now on.
The PLA is not the government (Score:2, Informative)
The People's Liberation Army is part of the Chinese Communist Party, not the Chinese state.
Re: (Score:1)
So? As '1984' taught me about totalitarian regimes, the Party *IS* the state.
It's an irrelevant distinction. Who commands the PLA's activities? The Chinese state. Or I suppose it's possibly the other way around. Hopefully not.
Re: (Score:2)
Re: (Score:2)
So you mean it's more like the Schutzstaffel?
Re: (Score:2)
Chinese Communist Party = Chinese state
The PLA works for the Chinese state and its actions are well known by the state leaders.
Re: (Score:2)
The Communist Party may be segmented from the state apparatus to some degree, but in the end, the same people are giving the orders to both.
Although, it is important to consider that the PLA is it's own constituency within China and it even runs its own factories. It is entirely possible that the PLA is just muscling the commercial competition, as opposed to say, preparing for the opening moves of WW3. Of course, since it is China's military, it could be equal parts of both.
The PLA is government (Score:2)
Any reasonable definition of "government" would include the Chinese Communist Party. The term "party" takes on different meaning in a 1-party state.
System Security (Score:1)
Can it really be called hacking? (Score:5, Insightful)
When all your base are so easy to belong?
-- U.S. government has receives grade of "C-"
-- DHS received a "D" for 2006, an "F" in 2005
-- DoE pulled its grade up to a "C" from an "F."
-- Department of Commerce received an "F"
http://www.technewsworld.com/story/56892.html [technewsworld.com]
Re: (Score:2)
Re: (Score:2)
U.S. government has receives grade of "C-"
Which is what I'm giving you for English.
Big Government (Score:2)
Y'know, I think a lot of American CEOs would be a lot more supportive of "big government" if we had a government agency that provided free industrial espionage services.
Re: (Score:1)
Re: (Score:2)
In the US, the big-business class are just a bunch of selfish, stupid pricks who take huge subsidies and then turn around and bite the hand that feeds them. Having the US intelligence community feed intelligence back to US business would make no difference to the autistic Rand-worshipping hand-flappers who run corporate America.
There's a simple solution here. Call their bluff.
Re: (Score:2)
Re: (Score:1)
You make it sound like those campaign contributions don't do anything in order to get any kind of 'services'...
Actual Report Here (Score:5, Informative)
Mandiant page with appendix and hashes for their materials here [mandiant.com].
I was reading through this last night and it contains some interesting details, but is also something of an advertisement for Mandiant's services. Some highlights:
Re:Actual Report Here (Score:4, Funny)
Re: (Score:1)
You forget... the options aren't mutually exclusive!
Re: (Score:2)
Re: (Score:2)
we're in denial (Score:5, Interesting)
posting anon for obvious reasons. I work for a very large tech company, and we've been trying to remove these bastards for years. YEARS. But the admins still click on cutepicture.exe in their email, and the devs always open the malicious Confidential2012salaries.ppt.... so it's like one big game of whack-a-mole. When we get more effective, sometimes we can maintain a dry environment for a good long time. Other times they throw serious resources at us and we get flooded, sometimes even tracing malicious action to short-term contractors physcially working in the US. It's like a swarm of locusts, picking through every bit of data with commercial value. I think one thing that escapes many US/EU security people is the scale of the PRC effort. When you have tens of thousands of people at your disposal, and update your overall plans every 5 years, it's never "a hack." If you do anything they're interested in, they're in your house.
But two alternate realities persist:
1. The Chinese government will continue to vapidly claim that attribution based on years of solid data are "unfounded and irresponsible" accusations. It is difficult to understand or engage with an adversary on any constructive level when their government consistently spouts predictable juvenile lies.
2. Our/your PR & legal people will steadfastly refuse to discuss the long-game nature of the Chinese intrusions, and deny they started 2-5-10 years ago and persist to this day. (We got a good chuckle out of the NYT assertion that the intruders entered only a few months ago, and that they have been eradicated from the network. I believe their corp lawyers said that. Any tech who believes either assertion it is a fool.)
Maybe you should get rid of Windows? (Score:4, Insightful)
By far the largest security hole is Windows.
When the US Gov abolishes Windows, I will assume it is serious. Until then, this is political theatre.
Re: (Score:2)
That is the only real way to be secure, unfortunately. It would require an overwrite of the OS to be more locked down, like iOS.
Doing everything over https would be nice, too, but there is too much inertia, a lot of software would need to be overwritten, and probably hardware devices to be replaced, too.
There is a solution for your company (Score:2)
like i said (Score:1)
Cyber-warfare returns us to the Middle Ages (Score:3, Interesting)
Re: (Score:2)
Sun Tzu - "numbers alone confer no advantage in war".
"Battle of Watling Street" - 10K Romans vs. 150-250K Britons. I'lll give you a hint if you're not sure - the winner wasn't the Britons.
No, it's not "modern weaponry" that made numbers "not a tactical advantage"....
Unless, of course, you define "overwhelming numbers" as "enough guys to win, no matter what". In which case, "overwhe
Re: (Score:1)
if your power is in production capacity... (Score:1)
WMD in Irqa 2.0? (Score:2)
Repots from contractors? How do we know it is not the same this time? Last time, it was so convincing too until after we spent a trillion dollars and thousands of lives.
Nice PR for Mandiant and Richard Beitjich (Score:5, Interesting)
While there's no doubt that there are hundreds of thousands of hackers in China (not surprising given the population there), and there is little doubt that many of them are going to be hacking the "Big Bad" (i.e., the U.S.), this is mostly a PR campaign for Mandiant and Richard Beitjich.
Beitjich has been bitching and moaning about China for years now. He won't be satisfied until the US is at war with China - not cyberwar, REAL war.
The problem is multiple:
1) First, there is my "security meme" which should be engraved on everyone's forehead:
"You can haz better security, you can haz worse security. But you cannot haz 'security'. There is no security. Deal."
This means there is no way to keep hackers out of your networks, given the state of the software and telecommunications industries in terms of software development. There is no secure software (short of some specific stuff used by the DoD - and I'm not sure about thee, as the saying goes) and no secure infrastructure. What one guy can make, another guy can break. This is history.
The consensus in infosec today is that the best you can do is try to detect a breach, react to it and contain it so the enemy doesn't get everything it's after. All attempts at "preventing" hacking are utterly futile.
2) Cybercrime is a "growth industry". It's where the narcotics industry was back in the first half of the 20th Century after the anti-drug laws were passed. It will continue to grow until the software and telecommunications industries change their development practices - and based on human resistance to change, this won't happen until cybercrime is ubiquitous and governments and corporations are nailed to a wall of loss.
3) As we used to say in Federal prison, "I hope you don't like it. What are you going to do about it?" i.e., China is a nuclear power. They have 200 or so nuclear warheads. So what is the US going to do to stop Chinese hackers from spying? Bomb them? Threaten them with trade sanctions and start a trade war - with China owning trillions of dollars of US debt and is the US biggest trading partner? The days are gone when the US can just stomp on countries they don't like. Iran is giving the US the finger over the sanctions on it. How much less is China going to be affected?
Finally, I view this whole situation as "leveling the playing field." This is related to 2) above. The U.S. has used its military and economic clout for a hundred years to overwhelm and push countries all over the world around. What is happening now is that the chickens are coming home to roost. The U.S. "intellectual property" (an oxymoron at best) regime is being looted - as it should be.
So nothing is going to change for at least the next decade, maybe two decades.
So as my meme says: Deal.
Re: (Score:1)
The U.S. has used its military and economic clout for a hundred years to overwhelm and push countries all over the world around. What is happening now is that the chickens are coming home to roost. The U.S. "intellectual property" (an oxymoron at best) regime is being looted - as it should be.
So nothing is going to change for at least the next decade, maybe two decades.
So as my meme says: Deal.
What does any of that mean?
Does anyone explain why this was modded up? Because it is bashing the US? How is industrial and corporate espionage in any way, shape, or form acceptable? Reduced to its essential message, what I am hearing is "being a thief and d*ck is cool." Whatever.
Re: (Score:2)
What does any of that mean?
Does anyone explain why this was modded up? Because it is bashing the US? How is industrial and corporate espionage in any way, shape, or form acceptable? Reduced to its essential message, what I am hearing is "being a thief and d*ck is cool." Whatever.
No, you've got it wrong. The OP is saying that, "being a thief and d*ck to the US is cool." And yes, it was modded up because it is an anti-US rant.
Re: (Score:2)
Does anyone explain why this was modded up?
Because it is the truth? I don't like it one bit, but they've been leeching intellectual property for decades now, and we (the US) have hardly lifted a finger. I've yet to see the US Govt. demonstrate any resolve to deal with this problem in any form or fashion, aside from the occasional murmur in a stump speech. When they actually do say something, china will release a solemn response about about trade wars, protectionism, hints at currency dumping, etc.
Re: (Score:2)
Was it COOL how US spies manipulate the politics and economies of foreign countries?
Did you know that Panama was created SOLELY because US wanted to build the Panama canal?
What goest aroud comes around - in the real world.
Smart Charlie Wilson sent arms to help the Afghans fight those Soviet Commies - Oops. They became the Taliban...
It doesn't make the hacking right - even if everyone is doing it.
The question is what can we do about the open n
Re: (Score:1)
Did you like the Mission Impossible movies? tv series?
Was it COOL how US spies manipulate the politics and economies of foreign countries?
Did you know that Panama was created SOLELY because US wanted to build the Panama canal?
What goest aroud comes around - in the real world.
Smart Charlie Wilson sent arms to help the Afghans fight those Soviet Commies - Oops. They became the Taliban...
It doesn't make the hacking right - even if everyone is doing it.
The question is what can we do about the open nature of our internet and what COST there is to close up the security caverns...
OK... well, firstly, these are private corporations. There is a difference between them and the U.S. Government. So even if this were somehow fair play, the target of China's aggression wouldn't be the right one by your logic. It's sloppy reasoning, and what I am (rightly) responding to is reflexive, unreasoning anti-US rhetoric.
Secondly, if I understand the history, the reason the Taliban because imminent in regional politics is that after we rescinded military and intelligence aid from Afghanistan, we did
Cybervoodoo and APT nonsense (Score:2)
The problem is that most enterprise security sucks (Score:2)
These Chinese hackers are not nearly as good as the press makes them out to be. In fact, they are on advanced amateur level at best. Instead, the security of the corporate and governmental networks they are attacking sucks badly, both from a technological side and with regard to the human angle.
Maybe this isn't so bad (Score:2)
I'm disappointed in slashdot! (Score:2)
This story has been up all day and not one mention of the Kuang Grade Mark 11.
How to clean up Mandiant on computer (Score:1)