Security Firm Mandiant Says China's Army Runs Hacking Group APT1 137
judgecorp writes "The Chinese government has been accused of backing the APT1 hacking group, which appears to be part of the Chinese People's Liberation Army (PLA), according to the security firm which worked with the New York Times when it fell victim to an attack. The firm, Mandiant, says that APT1 is government sponsored, and seems to operate from the same location as PLA Unit 61398." Unsurprisingly, this claim is denied by Chinese officials. You can read the report itself online (PDF), or skim the highlights.
Internet Control (Score:4, Insightful)
Stories like this will be used to push draconian internet control and cyber-security laws on the American public.
Don't be fooled.
Can it really be called hacking? (Score:5, Insightful)
When all your base are so easy to belong?
-- U.S. government has receives grade of "C-"
-- DHS received a "D" for 2006, an "F" in 2005
-- DoE pulled its grade up to a "C" from an "F."
-- Department of Commerce received an "F"
http://www.technewsworld.com/story/56892.html [technewsworld.com]
Try Again (Score:3, Insightful)
I would be surprised to learn of any major military power today that DOESN'T have a cyberwarfare division (and god knows how many government contractors doing it on the sly). This only exposes something publicly that every security researcher has known for over a decade.
I'm sorry, you were saying you have evidence of the United States targeting civilians, newspapers and non-military corporations by paying a third party to do it and then denied it? This isn't pot/kettle this is apples/oranges.
Re:So what else is new? (Score:4, Insightful)
A lot of people forget that the population of China is what, 1/5th the world's population?
As such it would make statistical sense that around 1/5th of attacks they see are from China.
This is a figure that tallies roughly pretty well with attacks I've seen on every net facing system I've bothered to monitor. I wouldn't say there are proportionally more attacks from China relative to their share of the world's population than anywhere else. Given the US' population, Russia's population, or a number of South American and Eastern European states whose names I've seen popup a fair bit it's actually the case that I see disproportionally more attacks from these states relative to their population.
I'm not defending China though, I don't buy the conspiracy theories, I think China genuinely is trying to get ahead in the world by stealing corporate secrets more so than anywhere else. The problem is, that Western states are easy targets because they assume that every country is like their own - that no competitor will hack them because that would be corporate suicide for their competitor if the truth ever came to light - the problem with this is that it ignores nations where the governments actively support such activity, rather than come down on it with the full force of the law more actively.
My point though is this, even in TFA it mentions that only something like 140 organisations have been targeted by this group. That's not really a lot, so if you see hack attacks on your personal router it's simple paranoia to assume the Chinese government is trying to hack you rather than a simple statistical likelihood that China has it's share of blanket IP/port scanning script kiddies as anywhere else too. If however you work for a Fortune 500 with something of value, there's a much greater chance that they are indeed out to get you.
Re:No kidding (Score:1, Insightful)
Sometimes the military targets are US civilians. Buts its OK because we used a drone. They don't count as soldiers.
Re:No kidding (Score:5, Insightful)
Do you expect a politician to admit when they've left their guard down? Take a look at the Embassy killings in Benghazi if you want a road map as to how the State Department handles transparency.
The fact of the matter is that we are under attack daily from interests by foreign governments or by organizations that receive support and funding from those same governments. Espionage has changed, it doesn't take collateral assets to infiltrate factories when you can hire a bunch of college kids to hack the aerospace firms systems or get those strategy documents from the banking firm. What has to happen is that people need to start treating the Internet like their front door. Firewalls as good, but you don't let just any information out of your home and you certainly don't let everybody in your house either. The Chinese have been observed for years for doing this, so here's a simple thought: Disconnect them from the Internet. Oh wait, that would cause problems with international conventions on fairness right? Frankly if the Obama administration took this seriously they'd be sending that message: Either clean up your act or we'll disconnect your access. Sure they can then proxy or go elsewhere but at least it would be a stand instead of the constant words going back and forth. The Chinese will only respond to actions, not words and we have to start taking more actions where this is concerned.
Re:No kidding (Score:5, Insightful)
US: We want you to stop your cyberespionage in the US.
China: You first.
Stop drinking the Koolaid (Score:4, Insightful)
You're not paying attention. Don't whitewash "the West" - it's governed by corrupt sociopaths who are morally no different from the rulers of China. Our institutions are designed to be less corruptable (which is why our leaders have been changing them) but the humans in power are at least equally evil.
The series of worms the USA and Mossad introduced in Iran (presumably to keep Shiites from reaching nuclear parity with the West) caused civilian collateral damage to US and Scandinavian businesses. The Bush/Obama administration has laughed it off; the only thing they regret was giving Israel the keys to the worms, which turned out to be a scarily bad idea. They don't seem to regret the car-bombing campaign "the West" directed against civilian Iranian scientists and their families, either. This isn't any "conspiracy theory" crap, either, it's recent history. It's exhaustively documented in wikipedia [wikipedia.org] at this point, as well as newspapers and books.
Here in reality [tm] all the existing countries that have the capacity to harm designated "enemies of the state" and get away with it, regardless of civilian/military status, seem quite willing to do so. That includes the Vatican and probably would include the Dalai Lama if he had the ability. Obama's administration blows up teenagers with US citizenship, and Bush's administration knowingly tortured innocent people [wikipedia.org] to death for amusement. They're all evil.
Maybe you should get rid of Windows? (Score:4, Insightful)
By far the largest security hole is Windows.
When the US Gov abolishes Windows, I will assume it is serious. Until then, this is political theatre.