CBS News/ February 19, 2013, 5:39 PM

China military unit behind many hacking attacks on U.S., cybersecurity firm says

An analyst monitors Internet traffic at the U.S. cybersecurity firm Mandiant.

An analyst monitors Internet traffic at the U.S. cybersecurity firm Mandiant. / CBS

Updated 5:39 PM ET

A shadowy unit of China's vast army, tucked away in a nondescript office building in the thriving business hub of Shanghai, is behind a huge proportion of the hacking attacks on U.S. websites, according to an American cybersecurity firm.

Mandiant released a detailed 60-page report (PDF) Tuesday claiming its "research and observations indicate that the Communist Party of China is tasking the Chinese People's Liberation Army to commit systematic cyber espionage and data theft against organizations around the world."

The report says Mandiant tracked thousands of computer attacks on U.S. companies and organizations, starting in 2006 and rapidly increasing right into this year, to one specific neighborhood in Shanghai. Mandiant found that a vast majority of the attacks were coming from one group of hackers, dubbed by the company "Advanced Persistent Threat 1", or APT1.

"We ran into APT1 again and again and again, so we started observing and orienting toward APT1 just because of the volume of attacks they were doing," Mandiant founder and chief executive Kevin Mandia told The New York Times. "After responding to APT1 for years, at over 100 different organizations, you start to pick up patterns ... over 98 percent of the time, when they were doing their intrusions in the U.S. companies, they were also using computer addresses from Shanghai. So I called 98 percent not an anomaly."

Researching the attacks led Mandiant to a tall building on the outskirts of Shanghai, with satellite dishes on the top and a secure perimeter, which houses Unit 61398 of the People's Liberation Army.

"In seeking to identify the organization behind this activity, our research found that People's Liberation Army (PLA's) Unit 61398 is similar to APT1 in its mission, capabilities, and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate."

Mandia told The Times that his company's open-source research showed Unit 61398 is "chartered with hiring people that can speak English, and be able to exploit networks, and know computer security. We thought that was an interesting combination, and that unit just so happens to be located in the same region of Shanghai where we're tracking over 90 percent of the connections coming from."

The report cites an internal 2008 memo from China's state-controlled telecommunications company, China Telecom, purportedly found online by Mandiant. The document appears to detail some of the infrastructure installation at the Unit 61398 building. The author of the memo advises his or her colleagues at the regional branch of China Telecom that the PLA "also hope Shanghai Telecom will smoothly accomplish this task for the military based on the principle that national defense construction is important."

China has repeatedly denied any government involvement in computer hacking.

"Chinese law forbids hacking and any other actions that damage Internet security," a statement from the Defense Ministry said early this year. "The Chinese military has never supported any hacking activities. Cyberattacks are characterized by being cross-national and anonymous. To accuse the Chinese military of launching cyberattacks without firm evidence is not professional and also groundless."

Talking to journalists Tuesday, Foreign Ministry spokesman Hong Lei responded to the report, according to The Associated Press: "To make groundless accusations based on some rough material is neither responsible nor professional." He also said that China, too, has been a target of hackers.

Play Video

Rogers: U.S. robbed "every single day" via cyberattacks

Play Video

Security firm warns of increasing cyber threat

Play Video

Who's behind cyber threat to America?

The report comes on the heels of warnings from U.S. lawmakers -- and from Mandiant itself -- that Chinese hackers have been behind a startling wave of cyber attacks on U.S. entities.

Rep. Mike Rogers, R-Mich., who has co-authored cyber security legislation pending in Congress, said in a panel discussion on "Face the Nation" earlier this month that hackers are intent "every single day" on "shutting down our financial services or finding other ways to destroy material in companies that won't allow them to function on a day-to-day basis."

His remarks came after three of the U.S.'s biggest newspapers and Twitter were all targeted by hackers. The New York Times and The Washington Post said the attacks were believed to have originated in China. On Tuesday, CNET reported that Apple was also the target of hackers along with those aforementioned companies.

Speaking to The New York Times for an article published Tuesday, Mandia said his company published its report to alert the U.S. public and government that, "it's not just freelance people in China doing these attacks, it's attacks directed by the government. So that means these attacks can be more advanced they can be more funded, they can be more pervasive, and they will probably continue unabated. It could be the new normal."

Mandia told CBS News correspondent Bob Orr earlier this month that the number and sophistication of the attacks on U.S. organizations is so daunting, it would be futile to try and prevent them all.

"These attacks are inevitable, so let's make sure we keep these attackers from our crown jewels," said Mandia.

To bolster the U.S. defenses against such cyberattacks on vital infrastructure and defense systems, Mandia said it was crucial that entities targeted by hackers start sharing the information on the attacks more fluidly, stressing that "everybody needs to get smarter from each breech, almost like a neighborhood watch."

President Obama signed an executive order on Feb. 12 aimed at boosting the nation's cybersecurity by enabling the government to share information with private firms more easily, and establishing mandatory reporting on security threats from government agencies to U.S. corporations at risk. Congress, however, has been unable to agree on any legislation to set new laws on cybersecurity.

In the wake of attacks on the U.S. newspapers, Orr reported that the Pentagon was pushing to expand its cybersecurity forces. The U.S. military's so-called Cyber Command will grow five-fold over the next few years, from 900 employees at present, to about 5,000 civilian and military personnel, Orr reported.

Edited by CBSNews.com foreign editor Tucker Reals

© 2013 CBS Interactive Inc. All Rights Reserved.
80 Comments Add a Comment
linkicon reporticon emailicon
zionistwarcrimes says:
The USA, and Israel, started cyber attacks on Iran, and now we reap what we've sown, in order to maintain the Israeli Welfare State as the only country in the Middle East with WMD'S.

Did our military industrial complex think we wouldn't face retaliation????
reply
Toledo_Bill replies:
linkicon reporticon emailicon
Most likely not, considering we are on the top of the food chain!
notheocracy replies:
linkicon reporticon emailicon
Insect food chain????????
linkicon reporticon emailicon
Toledo_Bill says:
notheocracy replies:

Better solution....have the U.N. produce a treaty banning cyber warfare, which every nation except North Korea, Israel, India, and Pakistan, will sign.
_________________________-

The UN?

They may have done alot of good work in the forties thru the sixties, but they no longer have any power or influence in the modern day.

Basically the UN is a powerless joke!
reply
notheocracy replies:
linkicon reporticon emailicon
The U.N. is a powerless joke;
Because of morally corrupt, and intellectually bankrupt, USA allowing the Imperialist, Apartheid, Israeli Welfare State to violate international laws when we want to bomb other countries for behaving the same way???????????????

"When plunder becomes a way of life for a group of men living together in society, they create for themselves, in the course of time, a legal system that authorizes it and a moral code that justifies it."
Frederic Bastiat
Toledo_Bill replies:
linkicon reporticon emailicon
Your hatred for America is duly noted!

You have achieved the status of TRUE SCUM BAG!!

I hate America haters!!!!!!!!!!!!!!!!!!
linkicon reporticon emailicon
modernj says:
Just make a truce. The U.S. stops cyberattacks, the worlds most destructive cyberviruses, drones along China's shore and China does the same just in case in the future.
reply
notheocracy replies:
linkicon reporticon emailicon
Did China copy the U.S./Israeli Stuxnet, and send it back to us???

Soon to be on sale at Wal-Mart????
Toledo_Bill replies:
linkicon reporticon emailicon
Notheo

Why do you despise America so much?
linkicon reporticon emailicon
GrumpiGramp says:
"Chinese law forbids hacking and any other actions that damage Internet security," a statement from the Defense Ministry said early this year. "The Chinese military has never supported any hacking activities. Cyberattacks are characterized by being cross-national and anonymous. To accuse the Chinese military of launching cyberattacks without firm evidence is not professional and also groundless."

Then I guess it would be fine with China if we just blew that building up right?
reply
notheocracy replies:
linkicon reporticon emailicon
1.7 BILLION Chinese vs. 350 MILLION Americans?????????

You can't kill them all before they have you chained to a water buffalo in their rice paddies.

Better solution....have the U.N. produce a treaty banning cyber warfare, which every nation except North Korea, Israel, India, and Pakistan, will sign.
linkicon reporticon emailicon
tevj99` says:
The REAL cost of exporting most of our manufacturing and jobs to China is beginning to become apparent. Fatter bottom lines for US corporations and their investors are not without consequence. We will now begin the work of demonizing China in a hopeful attempt to bring back at least some of our manufacturing and the jobs that go with it, to the US. Cyber attacks can come from anywhere in the world, and the Chinese aren't the only ones we need to worry about.
reply
linkicon reporticon emailicon
FP1970 says:
Chinese spies also infiltrate the actual American homeland every day thanks to America's habit of blindly admitting immigrants on the basis of their technical skills--and never daring to ask if someone might have ulterior motives in wanting to come to America.
reply
zionistwarcrimes replies:
linkicon reporticon emailicon
Not to mention the spies who are born here and turn treasonous.

Jonathan Jay Pollard (born August 7, 1954, Galveston, Texas) worked as an American civilian intelligence analyst before being convicted of spying for Israel. He received a life sentence in 1987.
Israel granted Pollard citizenship in 1995, but denied until 1998 that it had bought classified information from him.[1] Israeli activist groups, as well as high-profile Israeli politicians, have lobbied for his release.[2] Israeli Prime Minister Benjamin Netanyahu has voiced particularly strong support for Pollard, visiting the convicted spy in prison in 2002.[3][4] His case was later linked to that of Ben-ami Kadish, another U.S. national who pleaded guilty to charges of passing classified information to Israel in the same period.[5][6] He renounced his United States citizenship and is now solely an Israeli citizen. He would be deported to Israel if he were released from prison.[7]
Toledo_Bill replies:
linkicon reporticon emailicon
Who cares about Pollard?

Not only is he old news, but he has no relevance to the article at all.
linkicon reporticon emailicon
guirkymondo says:
Meanwhile, our children are being sent to voucher & religious schools in the USA, falling farther and farther behind the world of technologically advanced, math-proficient and science-proficient countries...like CHINA. It's disgraceful how we can teach these kids climate change denial, while the world is passing the U.S.A behind.
reply
Toledo_Bill replies:
linkicon reporticon emailicon
Nobody is denying the climate is changing. It's been in a constant cycle of change forever, moving from one ice age to the next.

The denial is that the use of fossil fuels is what is causing the change.

There were no cars or factories around before the last ice age.
linkicon reporticon emailicon
LaurettaEWilson says:
The power of the internet. Very concerning.

Lauretta
<a href=http://www.real-changes.com>Real Changes, Hypnotherapy London
T:447570046862 W:www.real-changes.com</a>
reply
linkicon reporticon emailicon
Martha12345 says:
Perhaps if we skip a few loan payments they'll consider stopping .
reply
notheocracy replies:
linkicon reporticon emailicon
Or, they might repossess your trailer.
linkicon reporticon emailicon
littlebuddyd says:
I don't care what anyone says, all these cyber attacks equate to a act of war on our country. If China had people physically breaking in to buildings, military and civilian, and stealing documents and technology all over our country it would be an act of war. Why is this any different than that. We should take our evidence to the UN and demand in front of the world that China stop or we will break them finacially and wipe clean debt to them. But we will never do that because either Obama wants them to suceed of the CIA or NSA is already doing the same back to them.
reply
historicalaccuracy1 replies:
linkicon reporticon emailicon
1.7 BILLION Chinese vs. 350 MILLION Americans????????

You can't kill them all, before they have you shackled to a water buffalo.

LOL!!!!!!!!!!!!!!!!!!!!!!!!!!!!
hypnotoad72 replies:
linkicon reporticon emailicon
It can start by our ceasing that country MFN status.

For YEARS, if not DECADES, a case can be built to the international community about China. Nixon, Reagan, Bush, Clinton, Bush, Obama, and 2016 presumable candidate Clinton all blindly act like lapdogs, saying how China is oh-so-important. When China puts out toxic or deadly products, ignores environmental and human labor concerns, and a whole slew of issues that shows they are nobody's friend yet the politicians and corporations continue to ignore them, the moment China turns on them like they have everyone else, what will happen then?

I'm taking my tinfoil hat off now. This is getting ridiculous.
See all 80 Comments