A secretive Chinese military unit is believed to be behind a series of hacking attacks, a U.S. computer security company said
Photo Credit: Reuters
The security company, Mandiant, identified the People's Liberation Army's Shanghai-based Unit 61398 as the most likely driving force behind the hacking.
Mandiant says it traced scores of cyberattacks on US defense and infrastructure companies to a neighborhood in Shanghai's Pudong district which is also where Unit 61398's 12-storey building is located.
Reuters reporter Jane Lanhee Lee visits the neighbourhood and the buildings around Unit 61398 as an attempt to gather more information.
The building has office space for up to 2,000 people. Mandiant estimates the number of personnel in the unit to be anywhere from hundreds to several thousand.
The surrounding neighborhood is filled with apartment buildings, tea houses, shops and karaoke bars -- residential and commerical uses.
Mandiant states that a special arrangement was made with China Telecom for a fiber optic communication infrastructure in the Pudong neighborhood, pointing to its need for bandwidth and its elite status.
China's Defense Ministry issued a flat denial of the accusations and called them "unprofessional". It said hacking attacks are a global problem and that China is one of world's biggest victims of cyber assaults.
Outside the gate, a sign warns members of the public they are in a restricted military area and should not take pictures.
Mandiant said the unit had stolen "hundreds of terabytes of data from at least 141 organizations across a diverse set of industries beginning as early as 2006," it said.
Most of the victims were located in the United States, with smaller numbers in Canada and Britain.
The information stolen ranged from details on mergers and acquisitions to the emails of senior employees, the company said.
The latest attacks targeted major US technology companies such as Facebook and Apple.
White House said on Feb 20 that it was stepping up diplomatic pressure and mulling tougher laws to stem the threat to American businesses and security from China and other nations.
The cyberspies typically enter targeted computer networks through "spearfishing" attacks, in which a company official receives a creatively disguised email and is tricked into clicking on a link or attachment that then opens a secret door for the hackers, Mandiant says.
Cyberspies would steal and retransmit data for an average of just under a year, but in some cases more than four years.
Information technology companies were their favorite targets, followed by aerospace firms, pointing to a key area of interest as China seeks to develop its own cutting-edge civilian and military aircraft.
Mandiant identifies three of the unit's hackers by their screen names. It says one of them, "UglyGorilla," was first detected in a 2004 online forum.
Unit 61398 hackers were sometimes identified as the "Comment Crew" by security companies due to their practice of inserting secret backdoors into systems by using code embedded in comments on websites.
In the end, the hackers' use of Facebook and Twitter enabled Mandiant to find out who the hackers were. These social networks are banned in China, but Unit 61398 operators got around this 'Great Firewall' by accessing them through the unit's system.
