Skip to main content

Homeland Security urged ISPs to block IP addresses of suspected Chinese hackers

Homeland Security urged ISPs to block IP addresses of suspected Chinese hackers

Share this story

china base 61398 (city8.com)
china base 61398 (city8.com)

The US Department of Homeland Security and FBI provided a list of IP addresses used by alleged Chinese military hackers to American internet service providers (ISPs) earlier in February, and not-so-subtly encouraged the ISPs to block them, The Wall Street Journal reported today. Based on The Journal's report, the IP addresses that were on the list handed to ISPs were ones linked to the "Comment Crew," an alleged Chinese military hacking outfit that was described in a widely-publicized February report from cybersecurity firm Mandiant. As it turns out, Mandiant actually alerted the US government to its findings a week before it went public with them on February 18th. According to The Journal, the DHS and the FBI then released a memo listing the Comment Crew's suspected IP addresses. DHS officials then sent a follow-up email to ISPs telling them to "institute actions" based on the memo.

DHS told ISPs to "institute actions" against hacker IP addresses

The Journal cites US officials as saying the goal of giving the IP addresses to the ISPs was to let these companies know that traffic coming over their networks could be actually attacking other US companies. At least some ISPs appear to have followed the urging of DHS, because The Journal reports that shortly after the DHS / FBI memo was released, there was a noticeable drop in observed attacks and infiltrations by the Comment Crew. But that also appears to have been short-lived, as the number of attacks quickly rebounded, and The Journal's sources in the US government say that it was because the Comment Crew wised up and changed their IPs.

The Journal doesn't specify exactly which ISPs received the memo, nor which IP addresses were included on the original list, but says that one of the IP addresses was for the website of a "major oil company" that was compromised by the Comment Crew or other hackers. If it's accurate, The Journal's report suggests a previously unknown level of cooperation between the government and private industry when it comes to fighting hackers, one that calls into question the need for further expanding information-sharing efforts between the two sectors. Nonetheless, Congress has been pushing to pass new bills including the controversial CISPA that would do just that. At the same time, US officials told The Journal that US intelligence services were also running cyber espionage operations on Chinese targets, but that these were all military and government, and not private companies. While the particular series of incidents described by The Journal took place months ago, such cooperation and spying allegedly continues to this day.