I've been following these attacks for a bit. Read this a while back in the NYT:
http://www.nytimes.com/2013/01/31/te...ref=technologyThe mounting number of attacks that have been traced back to China suggest that hackers there are behind a far-reaching spying campaign aimed at an expanding set of targets including corporations, government agencies, activist groups and media organizations inside the United States. The intelligence-gathering campaign, foreign policy experts and computer security researchers say, is as much about trying to control China’s public image, domestically and abroad, as it is about stealing trade secrets.
It's a good article. Four pages, including info on other similar cyber attacks, such as the US and Israel against Iran in 2011.
Anyway, it had been suspected the hackers were funded by the government, but now it's all but confirmed:
On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.
The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.
An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
Other security firms that have tracked “Comment Crew” say they also believe the group is state-sponsored, and a recent classified National Intelligence Estimate, issued as a consensus document for all 16 of the United States intelligence agencies, makes a strong case that many of these hacking groups are either run by army officers or are contractors working for commands like Unit 61398, according to officials with knowledge of its classified content.
Of course the Chinese government is denying it. But the evidence against them is pretty compelling. More about why this specific attack campaign is so concerning:
As to the US government response:Mandriant also traced attacks from the Comment Group to Digitial Bond (a company that has access to a major power plant and a mining company), the Chertoff Group (former Department of Homeland head Michael Chertoff's company, which has run simulations of cyber attacks against the U.S.) as well as contractors for the National Geospatial-Intelligence Agency. But the main concern expressed by experts was about Telvent, the company with access to 60% of North America's gas and oil pipelines. According to the report, Telvent was attacked in September of last year and project files were stolen before the hackers' access was cut off, preventing them from gaining control of of the company's systems.
"This is terrifying because - forget about the country - if someone hired me and told me they wanted to have the offensive capability to take out as many critical systems as possible, I would be going after the vendors and do things like what happened to Telvent," Mr. Peterson of Digital Bond said. "It's the holy grail."
http://gawker.com/5985233/chinese-mi...infrastructureBut other government officials noted a reluctance by the U.S. to connect the hacking attacks to the Chinese government. "There are huge diplomatic sensitivities here," one official told the Times. Another government official, a high ranking member of the Defense Department, said the hacking attacks created a tension not seen since the existence of the Soviet Union.
"In the cold war, we were focused every day on the nuclear command centers around Moscow," one senior defense official said recently. "Today, it's fair to say that we worry as much about the computer servers in Shanghai."
This is also apparently unprecedented in its scope. I can't find it now, but the list of companies includes coca-cola o_O.
Nice view into one of the less noticeable ways wars are being fought while we go about our day-to-day lives. Before computers this would have required spies, actual bodies, and on our soil. Now it only takes some talent, an Internet connection and maybe an ergonomic chair.
If major corporations and US government agencies can't secure their information, the idea that the average person has any security seems like an illusion, doesn't it?
Sorry for any typos. This is brought to you by my iPhone.