A few of the most prominent newspapers in the US — The New York Times, The Wall Street Journal, and The Washington Post — have revealed that they have been victims of cyber attacks that closely mirror each other. All three media outlets hired private security consultants to investigate the hacks, and all three believe that the Chinese military is behind the attacks. It's not clear how many other media agencies have been subject to attacks, but it appears that China is looking to monitor coverage of the state — and weed out sources.
Jun 10, 2014
A new Shanghai-based hacker unit with ties to the People's Liberation Army (PLA) in China has been identified, according to a report from security company CrowdStrike. The New York Times writes that the group is codenamed "Putter Panda" due to its penchant for preying upon golf-playing conference attendees. The organization is believed to have been operational since at least 2007, targeting American, European, and Japanese companies involved with the satellite, aerospace, and communication industries. CrowdStrike also writes that Putter Panda has been conducting intelligence-gathering operations on government sectors in the US. The hackers used innocuous-seeming emails containing job postings, PDF invitations to conferences, and even a yoga studio brochure to lure victims into downloading custom malware.Read Article >
Jul 12, 2013
The US Department of Homeland Security and FBI provided a list of IP addresses used by alleged Chinese military hackers to American internet service providers (ISPs) earlier in February, and not-so-subtly encouraged the ISPs to block them, The Wall Street Journal reported today. Based on The Journal's report, the IP addresses that were on the list handed to ISPs were ones linked to the "Comment Crew," an alleged Chinese military hacking outfit that was described in a widely-publicized February report from cybersecurity firm Mandiant. As it turns out, Mandiant actually alerted the US government to its findings a week before it went public with them on February 18th. According to The Journal, the DHS and the FBI then released a memo listing the Comment Crew's suspected IP addresses. DHS officials then sent a follow-up email to ISPs telling them to "institute actions" based on the memo.Read Article >
The Journal cites US officials as saying the goal of giving the IP addresses to the ISPs was to let these companies know that traffic coming over their networks could be actually attacking other US companies. At least some ISPs appear to have followed the urging of DHS, because The Journal reports that shortly after the DHS / FBI memo was released, there was a noticeable drop in observed attacks and infiltrations by the Comment Crew. But that also appears to have been short-lived, as the number of attacks quickly rebounded, and The Journal's sources in the US government say that it was because the Comment Crew wised up and changed their IPs.
May 22, 2013
It's no secret that major US companies have been victims of a growing number of hacks from overseas in recent years, allegedly by attackers looking to steal corporate information and intellectual property, such as patented software. The Department of Defense and US diplomats have also accused China's government and military of being behind some of these attacks. Now, a new report by a group of influential former government officials and private executives says that if intellectual property theft continues at future levels, Congress should consider passing laws allowing US companies to "counterattack" against such hackers, whoever they may be.Read Article >
May 20, 2013
After a relative lull in activity, it looks as though the Chinese hacking group uncovered in a February security report has resumed its attacks on US targets. According to new information that security firm Mandiant submitted to The New York Times, attacks against identical, but unspecified, targets have been gradually increasing over the past two months, now sitting at 60 to 70 percent of their previous strength. Obama administration officials say that the issue will continue to be revisited until it can convince the Chinese leadership that "there is a real cost to this kind of activity."Read Article >
In recent months, President Obama’s national security advisor Tom Donilon has talked tough about Chinese cyberattacks on US businesses and infrastructure targets, saying that "the international community cannot afford to tolerate such activity from any country." The resumption of attacks is expected to figure heavily in Donilon’s upcoming visit to China, notes The Times.
Yesterday a Pentagon report laid the blame for some of the recent hacking attacks in the United States at the feet of the Chinese government and military, and now a group of four US senators have proposed legislation aimed at hurting those the benefit from such actions. The Deter Cyber Theft Act was proposed by Carl Levin (D-MI), John McCain (R-AZ), Jay Rockefeller (D-WV), and Tom Coburn (R-OK), and is designed to address what NSA head General Keith Alexander has called "the greatest transfer of wealth in history" — theft of intellectual property in cyber-related crime.Read Article >
If it were to become law, the Act would require the Director of National Intelligence (DNI) to put together an annual report listing what foreign countries are engaging in economic or industrial cyber-espionage in the US, including a watch list of those considered the most egregious offenders. The report would include what information had been targeted by these attacks, what had been stolen, what materials were created using that stolen information, and what foreign companies — including government entities — benefitted. It would also list what steps the DNI and other federal agencies had taken to combat the attacks.
- Read Article >
China's Ministry of Defense has steadfastly denied any role in the hacking attacks, and while the US has been looking at more aggressive tactics to deal with future problems they've mostly been couched in the context of dealing with hackers that happen to be within China's borders. However gentle the language may be, the statements made in the new report are much more clear: pinning some of the blame directly on China's government and military.
Apr 22, 2013
After years of accusations over Chinese government-sponsored hacks of American companies and agencies, the US government looks to be taking a more agressive stance. The Wall Street Journal reports that the Obama administration is looking into an array of options to send a message to China and proactively defend against future attacks.Read Article >
Current officials and others who have recently left the government inform the paper that the administration is considering using the Justice Department to prosecute individuals connected to the hacks. While it's unlikely that China would release its citizens for US prosecution, the indictments could limit where suspects could travel out of fear of being released into US custody. Other options include placing sanctions on Chinese companies said to be involved in the attacks, or placing visa restrictions on suspected hackers, like researchers working for the Chinese military. The administration is also said to be considering a formal complaint to the World Trade Organization. Lastly, the US could consider offensive or defensive countermeasures against the cyberattacks.
Apr 13, 2013
The United States and China will form working groups that focus in on two of today's most pressing issues: cybersecurity and climate change. That's according to US Secretary of State John Kerry, who outlined the plans during a visit to Beijing. The collaboration on cybersecurity is particularly notable; both countries have traded barbs and accusations of cyber espionage in recent months. It's unclear what (if anything) will come as a result of the joint effort, but the working group's formation suggests both sides are eager to quell months of rising tension and public squabbling.Read Article >
Both countries are also promising to work together on a "more focused and urgent" response to climate change concerns. "The United States of America and the People's Republic of China recognize that the increasing dangers presented by climate change," reads a joint statement announcing the second working group. "Forceful, nationally appropriate action by the United States and China – including large-scale cooperative action – is more critical than ever," it says. Each acknowledges climate change as a crisis, but the US and China often disagree on the best way of tackling the issue — China insists developing nations shouldn't need to invest the same resources as larger carbon emitters. Set to begin immediately, the global warming-focused group will work to discover new ways in which which the US and China can "advance cooperation on technology, research, conservation, and alternative and renewable energy." Findings will be presented at this summer's Strategic and Economic Dialogue (S&ED).
Mar 30, 2013
China has come out in strong opposition to a new US law that restricts government purchases of Chinese technology, saying the measure threatens to harm economic relations between the two countries. The provision, passed Thursday as part of a larger US spending bill, requires NASA, the Department of Justice, and the Commerce Department to consult with federal law enforcement before procuring Chinese IT systems. The law purportedly aims to mitigate the risk of cyber-espionage, but as Reuters reports, Chinese authorities say it could have drastic consequences.Read Article >
Mar 27, 2013
US Congress restricts government purchase of Chinese computer equipment, citing cyber-espionage concerns
The latest US appropriations bill, signed into law just this week, includes a provision that is likely to further raise tensions between the country and China. The provision requires the Department of Justice, Department of Commerce, NASA, and the NSF to perform a formal assessment of risk of cyber-espionage before purchasing computer systems and other IT equipment. There is a clause in the bill that states that the assessment must specifically analyze — with the assistance of the FBI — any "such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized" by the People's Republic of China to determine if the purchase is "in the national interest of the United States." Stewart A. Baker first wrote about the provision on his blog yesterday, and Reuters published a report on the restriction earlier today.Read Article >
The provision comes shortly after a spate of attacks against US media outlets and government agencies. A report from security agency Mandiant traced those incidents to a building in Shanghai housing the People's Liberation Army Unit 61398, which is involved in cyber-espionage — a claim the Chinese government has denied.
Mar 25, 2013
One of China's most elite and prestigious research universities appears to have a working relationship with the military unit that's said to be behind recent cyber-espionage attacks on US companies and government agencies. Reuters has discovered at least three research papers on cyber warfare co-authored by professors at Shanghai Jiao Tong University and members of PLA Unit 61398. Last month, a report from computer security agency Mandiant implicated that the military unit was responsible for hacks like those that compromised media outlets like The New York Times and The Washington Post — a claim that the Chinese government has denied.Read Article >
Evidence of a tie between such an influential university and a military unit involved with cyber-espionage operations is notable, though there is nothing yet that suggests university faculty worked together with PLA employees involved in espionage operations. The Unit 61398 members who co-authors papers with professors were all researchers, according to Reuters. Experts tell Reuters that the three papers suggesting a link between the PLA and the university appear to be related to keeping computer networks secure, not breaking into them. They add, however, that detailing defenses can help create plans of attack. Reuters was unable to obtain comment from either the PLA or Shanghai Jiao Tong University.
Mar 12, 2013
China has signalled it is willing to open a "constructive dialogue" to help stem the wave of cyberattacks allegedly coming from within its borders. Speaking to the Associated Press, a foreign ministry spokesperson condemned the recent attacks, adding that "cyberspace needs rules and cooperation, not wars. China is willing to have constructive dialogue and cooperation with the global community, including the United States."Read Article >
Today's statement appears to be in direct response to strong comments from US government officials yesterday that called for a crackdown on cyberattacks originating from China. White House national security adviser Tom Donilon said that China "should take serious steps to investigate and put a stop to these activities," and asked the country to "engage with us in a constructive direct dialogue to establish acceptable norms of behavior in cyberspace."
Feb 28, 2013
China's Defense Ministry today revealed new details about alleged cyberattacks on its websites, claiming that the US was responsible for nearly two-thirds of the 144,000 security breaches the ministry saw each month last year. The Chinese government accused the US of frequently hacking into state websites last week, but today's announcement marks the first time that China has disclosed details on the breadth of the alleged attacks.Read Article >
"The Defense Ministry and China Military Online websites have faced a serious threat from hacking attacks since they were established, and the number of hacks has risen steadily in recent years," said Geng Yansheng, a Defense Ministry spokesman. "According to the IP addresses, the Defense Ministry and China Military Online websites were, in 2012, hacked on average from overseas 144,000 times a month, of which attacks from the U.S. accounted for 62.9 percent."
Feb 20, 2013
Following yesterday’s explosive New York Times report implicating the Chinese military in a string of international cyber attacks, the country is once again denying it had any involvement, calling security company Mandiant’s investigation "scientifically flawed." Reuters reports that a response on the country’s Ministry of Defense website directly refutes Mandiant’s claims, saying that, "the report, in only relying on linking IP address to reach a conclusion the hacking attacks originated from China, lacks technical proof."Read Article >
The country has consistently denied any official involvement in the attacks, but the newest response takes a more relativistic stance, saying that the US is also engaged in its fair share of hacking attacks against China, "but we don’t use this as a reason to criticize the United States." It also questions where to draw the line between "hacking" and "everyday gathering of online (information)," although presumably months of spear phishing attacks, password cracking, and installing malware on the other party's systems would fall under the former.
Feb 19, 2013
The location of the "overwhelming percentage" of Chinese cyberattacks on US corporations and government agencies is believed to have been found, and it’s a People’s Liberation Army base in Shanghai, reports The New York Times. According to a 60-page study from computer security agency Mandiant, the hacking group, referred to as "Comment Crew," could not be placed inside the 12-story office tower, the home of PLA Unit 61398, but there is no other explanation how so many of the attacks could have come from such a small geographical area. The alternative, says Mandiant, is that "a secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multi-year, enterprise scale computer espionage campaign right outside of Unit 61398’s gates, performing tasks similar to Unit 61398’s known mission."Read Article >
In the past weeks, major media outlets like The Washington Post, Wall Street Journal, and The New York Times have been hacked. The latter reported that it believed the Chinese military was involved in the four-month-long attack on its systems; a charge that China staunchly denied. According to The Times, representatives of the Chinese embassy in Washington denied the charge again on Monday, insisting that the Chinese government does not engage in illegal computer hacking. Obama administration officials are quoted as saying that they plan to tell the Chinese leadership that the "volume and sophistication" of the attacks threaten the relationship between the two countries.
Feb 2, 2013
There have been an unusually high number of hacks this week, and today The Washington Post confirmed yesterday's reports that it was also the target of what the publication suspects is Chinese hackers. The Post joins The Wall Street Journal and The New York Times, which all appear to have been hacked to monitor their coverage of China. However, the Post reports that the extent of its attack, which may have begun as early as 2008 or 2009, was "unusual."Read Article >
In an official statement, the Post confirmed reports from Krebs on Security that the publication had indeed been hacked. Anonymous sources speaking to the Post provided further information, and said that the hack targeted the publication's main server and several other computers. It's not clear what information was taken, but the Post reports that administrative passwords were likely compromised, giving hackers access to a number of company systems during the attack. However, the Post denies allegations from Krebs that the company turned over one of its servers to the NSA and Department of Defense for analysis, saying "that would be an unusual step for a news organization that traditionally has carefully guarded the security of its e-mail and other information from government intrusion."
Feb 2, 2013
It was revealed this week that several high-profile US newspapers suffered attacks from hackers, and now information is coming to light that indicates The Washington Post may have been yet another victim. Krebs on Security reports that a former Post information technology employee was part of a group that responded to a security breach the paper suffered that had ramifications throughout 2012. According to the report, servers and desktops at the Post had been compromised with software that allowed the attackers access to the network and the machines themselves. The Post newsroom and other operations were all reportedly compromised.Read Article >
Usernames and passwords were reportedly transmitted back to the perpetrators of the attack, with signs at the time indicating that Chinese hackers were to blame in this instance as well. One of the servers from the Post is said to have been taken by individuals from the National Security Agency and Defense Department for analysis at one point. When contacted by Krebs on Security, the Post declined to comment.
Feb 1, 2013
The relationship between Google and China has grown increasingly contentious, and in a new book former CEO Eric Schmidt reportedly has some harsh words for the country. The Wall Street Journal reports that it has seen preliminary galleys of The New Digital Age, written by Schmidt and Google Ideas director Jared Cohen. In the book, the pair reportedly call China "the world's most active and enthusiastic filterer of information" — something Google has had to deal with firsthand in recent years. The book also states that China operates "sophisticated and prolific" hacking campaigns targeting foreign companies. Concerns about the latter have been a particular point of focus this week, with both The New York Times and The Wall Street Journal reporting that they had recently been infiltrated by hacking attacks; both targets said they traced their attackers to China.Read Article >
The concerns are raised in the context of global competition; the book warns that with an increasing dependence on digital communication and commerce, the Chinese government's alleged willingness to participate in cyber attacks could give the country economic and political advantages. "The disparity between American and Chinese firms and their tactics will put both the government and the companies of the United States as a distinct disadvantage," the book reportedly reads, with Schmidt and Cohen warning that the US will not be able to take advantage of the same tactics due to the US legal system and "sense of fair play."
Jan 31, 2013
Yesterday the New York Times revealed that it had suffered attacks at the hands of what it claimed were hackers from China, and today the Wall Street Journal has joined the group of victims. The Journal is reporting that its computers had been compromised by Chinese hackers, apparently to monitor the paper's coverage of China itself. The timeframe or length of these specific attacks weren't detailed, but Paula Keve — chief spokesperson for WSJ parent company Dow Jones & Co. — said in a statement that a network overhaul had recently been completed in order to enhance security. That said, the infiltration is an "ongoing issue," but Keve stressed that the company is continuing to work with authorities and security experts in order "to protect our customers, employees, journalists and sources."Read Article >
The Beijing bureau of the WSJ is one of the ways in which the hackers are said to have been able to gain access to the publication's systems. "Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information," Keve said. The Federal Bureau of Investigation has been investigating both the Times and Journal incidents, considering them both part of a national-security case against the US.
Jan 31, 2013
China is staunchly denying a report from The New York Times that suggests its military colluded with hackers to launch a four-month cyber attack against the US newspaper. Foreign Ministry spokesman Hong Lei took a harsh tone in responding to the NYT's accusations. "The competent Chinese authorities have already issued a clear response to the groundless accusations made by The New York Times," he told reporters earlier today. "To arbitrarily assert and to conclude without hard evidence that China participated in such hacking attacks is totally irresponsible. The intrusion, which has been described as consistent with other hacks supposedly led by the Chinese military, targeted a journalist responsible for authoring a report analyzing the family wealth of prime minister Wen Jiabao.Read Article >
Additionally, security firm Symantec isn't pleased with the Times for implying that its antivirus software was an unreliable, essentially useless defense against the hackers. In a statement released today, the company emphasized that it's critical for major media corporations like The New York Times to harness "the full capability" of its security offerings. "Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats," the statement reads, concluding again that "anti-virus software alone is not enough." The Times report says Symantec's software caught just one instance of malware on its systems when in fact 45 pieces of software would later be discovered.
Jan 31, 2013
The New York Times has published a wild account of a four month-long hack, reportedly originating in China, that compromised its computer systems and targeted its reporters. The report suggests that the attack may have been politically motivated, and that it may have been conducted by the Chinese military. The hack has since been shut down, but several important questions remain unanswered.Read Article >
The Times says that it received warnings from Chinese government officials in response to an investigation into the wealth of prime minister Wen Jiabao's relatives. Following the warnings, the publication asked its ISP — AT&T — to monitor its network for attacks. The Times says that on October 25th, the day its investigation was published, AT&T notified it of an attack consistent with others "believed to have been perpetrated by the Chinese military." When the Times and AT&T could not repel the attack, a private security firm named Mandiant was hired.