Filed Under:

U.S. Security Company Tracks Hacking To Chinese Army Unit

Play associated audio

Cyberattacks on dozens of American companies have been traced to an area on the outskirts of Shanghai that houses a Chinese military unit, according to a report out Tuesday by Mandiant, a U.S. cybersecurity company.

The 60-page document, first reported by The New York Times, says the group behind the attacks — nicknamed "Comment Crew" — is the most prolific the company has ever tracked and has been hacking U.S. companies since at least 2006.

Mandiant says the hackers' real identity is Unit 61398 of China's People's Liberation Army, or PLA.

The unit sits near the Yangtze River in Shanghai's sprawling Pudong district, which is home to more than 5 million people. The walled compound stands out in an otherwise typical Shanghai neighborhood of restaurants, karaoke clubs and grocery stores.

The complex, which covers nearly three acres, has a 12-story tower with satellite dishes on the top and few signs other than those that indicate it's run by China's military.

Photos and filming are not permitted, and a BBC reporter was detained Tuesday after trying to videotape the complex.

When an NPR reporter showed up, a plainclothes police officer in a blue down coat was pacing the sidewalk out front, scanning the street and looking agitated as he spoke on a cellphone.

Wide-Ranging Attacks

Mandiant says the hackers have stolen hundreds of terabytes of data, including technology blueprints, proprietary manufacturing processes, business plans and partnership agreements.

"They've compromised over 141 corporations across 20 different industries and stolen just a wealth of intellectual property," says Dan McWhorter, who oversees Mandiant's threat intelligence business unit. Most of the companies were American.

McWhorter says the hackers appeared to be trying to steal intellectual property to help Chinese companies compete against U.S. and other foreign firms.

"In China, the government is very intimately involved in industry," McWhorter says, "so I think the PLA is motivated to take these documents for huge economic gain."

At a briefing Tuesday, China's Foreign Ministry dismissed Mandiant's report. Hong Lei, the ministry spokesman, questioned anyone's ability to track down hackers with certainty.

"Cyberattacks are anonymous and transnational, and it is hard to trace the origin," said Hong, "so I don't know how the findings of the report are credible."

Hong said that China has also suffered from cyberattacks, and that in 2012, foreign hackers seized control of 14 million Chinese computers. Hong seemed to point the finger at America, if not the U.S. government.

"China is also a victim of cyberattacks," he said. "In the attacks mentioned above, the number of attacks originating from the U.S. ranks first."

A Long-Running Operation

McWhorter says tracking the attacks to the PLA wasn't that hard, because the volume of data stolen was enormous, and the operation has been going on for so long.

"We just followed the data, followed the breadcrumbs," says McWhorter. "All the network communication kept going back to Shanghai, again and again."

Mandiant says it tracked the hackers back to four large networks in Shanghai, two in the Pudong area where Unit 61398 is located.

"We started doing our research as far as what kind of organizations could be that large doing this type of activity," says McWhorter, "and that's what led us to discover Unit 61398."

Beyond corporate espionage, Mandiant found hacking that was more worrisome, such as the infiltration of crucial U.S. infrastructure, including electric power grids and gas lines.

McWhorter says there is no sign that Chinese hackers tried to disable such operations, but the capability existed.

"If you have the ability to steal the documents, you could have just as easily crashed the hard drives," he said. "From a national security standpoint, that's very scary."

In his State of the Union address, President Obama alluded to this threat without directly naming China.

"Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems," Obama said.

The president said the nation could not look back years from now and wonder why it didn't do anything to stop it.

Copyright 2013 NPR. To see more, visit http://www.npr.org/.

NPR

When Caravaggio Plays Quevedo In Tennis, The Court Becomes A Sonnet

"It's a little space, well-measured and precise, in which you have to keep the ball bouncing," says Álvaro Enrigue. His book, Sudden Death, pits the Italian painter against the Spanish poet.
NPR

Birmingham Chefs Test Appetite For New Flavors With Supper Clubs

Pop-up dining experiences are cropping up across the country. While diners savor an exclusive meal, chefs get to try out recipes and gauge the local market for their food before opening a restaurant.
WAMU 88.5

Analysis Of The New Hampshire Primary

New Hampshire holds the nation's first primary election. The winners, the losers and what the results could mean for the presidential candidates vying for the Democratic and Republican nominations.

NPR

Password Security Is So Bad, President Obama Weighs In

In unveiling a sweeping plan to fund and revamp cybersecurity, the president asks citizens to consider using extra layers of security besides the password.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.