Filed Under:

U.S. Security Company Tracks Hacking To Chinese Army Unit

Play associated audio

Cyberattacks on dozens of American companies have been traced to an area on the outskirts of Shanghai that houses a Chinese military unit, according to a report out Tuesday by Mandiant, a U.S. cybersecurity company.

The 60-page document, first reported by The New York Times, says the group behind the attacks — nicknamed "Comment Crew" — is the most prolific the company has ever tracked and has been hacking U.S. companies since at least 2006.

Mandiant says the hackers' real identity is Unit 61398 of China's People's Liberation Army, or PLA.

The unit sits near the Yangtze River in Shanghai's sprawling Pudong district, which is home to more than 5 million people. The walled compound stands out in an otherwise typical Shanghai neighborhood of restaurants, karaoke clubs and grocery stores.

The complex, which covers nearly three acres, has a 12-story tower with satellite dishes on the top and few signs other than those that indicate it's run by China's military.

Photos and filming are not permitted, and a BBC reporter was detained Tuesday after trying to videotape the complex.

When an NPR reporter showed up, a plainclothes police officer in a blue down coat was pacing the sidewalk out front, scanning the street and looking agitated as he spoke on a cellphone.

Wide-Ranging Attacks

Mandiant says the hackers have stolen hundreds of terabytes of data, including technology blueprints, proprietary manufacturing processes, business plans and partnership agreements.

"They've compromised over 141 corporations across 20 different industries and stolen just a wealth of intellectual property," says Dan McWhorter, who oversees Mandiant's threat intelligence business unit. Most of the companies were American.

McWhorter says the hackers appeared to be trying to steal intellectual property to help Chinese companies compete against U.S. and other foreign firms.

"In China, the government is very intimately involved in industry," McWhorter says, "so I think the PLA is motivated to take these documents for huge economic gain."

At a briefing Tuesday, China's Foreign Ministry dismissed Mandiant's report. Hong Lei, the ministry spokesman, questioned anyone's ability to track down hackers with certainty.

"Cyberattacks are anonymous and transnational, and it is hard to trace the origin," said Hong, "so I don't know how the findings of the report are credible."

Hong said that China has also suffered from cyberattacks, and that in 2012, foreign hackers seized control of 14 million Chinese computers. Hong seemed to point the finger at America, if not the U.S. government.

"China is also a victim of cyberattacks," he said. "In the attacks mentioned above, the number of attacks originating from the U.S. ranks first."

A Long-Running Operation

McWhorter says tracking the attacks to the PLA wasn't that hard, because the volume of data stolen was enormous, and the operation has been going on for so long.

"We just followed the data, followed the breadcrumbs," says McWhorter. "All the network communication kept going back to Shanghai, again and again."

Mandiant says it tracked the hackers back to four large networks in Shanghai, two in the Pudong area where Unit 61398 is located.

"We started doing our research as far as what kind of organizations could be that large doing this type of activity," says McWhorter, "and that's what led us to discover Unit 61398."

Beyond corporate espionage, Mandiant found hacking that was more worrisome, such as the infiltration of crucial U.S. infrastructure, including electric power grids and gas lines.

McWhorter says there is no sign that Chinese hackers tried to disable such operations, but the capability existed.

"If you have the ability to steal the documents, you could have just as easily crashed the hard drives," he said. "From a national security standpoint, that's very scary."

In his State of the Union address, President Obama alluded to this threat without directly naming China.

"Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems," Obama said.

The president said the nation could not look back years from now and wonder why it didn't do anything to stop it.

Copyright 2013 NPR. To see more, visit http://www.npr.org/.

WAMU 88.5

Art Beat With Lauren Landau, April 23

You can liven up your step with some funky, reggae music or dance like you’re the only person riding the Metro.

NPR

Fast-Food CEOs Earn Supersize Salaries; Workers Earn Small Potatoes

A new report finds that the average compensation of fast-food CEOs has quadrupled since 2000. By comparison, worker wages have increased less than 1 percent.
WAMU 88.5

McDonnell Legal Defense Fund Has Raised $150,000 This Year

The legal defense fund for Bob and Maureen McDonnell has raised nearly $150,000 during the first quarter this year, including several thousand from former GOP presidential nominee Mitt Romney.

NPR

The Price War Over The Cloud Has High Stakes For The Internet

Amazon, Google, Microsoft and others are competing to be the main landlords of the cloud. Their terms and prices could control who gets to build what on the Internet, and for how much.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.