Saturday, March 2, 2013

Tom Phillips

APT1cIt looks like any other Shanghai office block but a nondescript tower has been identified as the nerve centre of one of the world’s most dangerous military cyber-hacking operations.
American computer analysts have traced more than 100 attacks on government departments, companies and journalists to the site of the 12-storey building about 40 minutes outside Shanghai’s city centre.
‘Hundreds, and perhaps thousands of people’ were working inside to breach the security of global corporations, as well as foreign power grids, gas lines and waterworks
A 60-page report by Mandiant, a computer security company, said the headquarters of People’s Liberation Army Unit 61398 was located in the compound.
APT1bLondon’s The Daily Telegraph confirmed that a woman who questioned a reporter’s purpose in visiting the area was a member of Unit 61398. While she admitted her affiliation, she refused to produce any identification.
The Mandiant report said a hacking network named the Comment Crew or the ‘Shanghai Group’ operated from the compound. It said “hundreds, and perhaps thousands of people” were working inside to breach the security of global corporations, as well as foreign power grids, gas lines and waterworks.
While the Shanghai PLA base is off-limits to outsiders, the existence of the military compound is no secret in what is a bustling residential neighbourhood.

1 comment:

  1. Unit 61398 – the featureless 12-storey building which houses one of the world’s most dangerous and secretive cyber-hacking operations

    by Tom Phillips in Shanghai

    The Sydney Morning Herald

    (The Telegraph, London)

    http://www.smh.com.au/it-pro/security-it/unit-61398–the-featureless-12storey-building-which-houses-one-of-the-worlds-most-dangerous-and-secretive-cyberhacking-operations-20130220-2eqj4.html

    There is no sign identifying the base by name but clear orders have been placed outside in Chinese and English: “Restricted military area. No photographing or filming”. Men in PLA uniform guard the entrance. Large propaganda posters are pinned to walls around the base. Next door, a residential compound for military families greets visitors with a plaque reading: “Be faithful and loyal to the Party. Love the people. Dedicate yourself to the cause.”

    While Mandiant could not trace the hacking attacks to inside the building, its chief executive, Kevin Mandia, told the New York Times: “Either they are coming from inside Unit 61398 or the people who run the most controlled, most monitored internet networks in the world are clueless about thousands of people generating attacks from this one neighbourhood.”

    A succession of media groups, including the New York Times, the Washington Post and the Wall Street Journal have reported in recent months that hackers, with alleged ties to the PLA, had invaded or attempted to compromise their systems.

    The Mandiant report claimed that hackers who appeared to be working out of the Shanghai PLA unit had launched more than 140 attacks since 2006, stealing “hundreds of terabytes of data”.

    Most of the targets were in the United States although some were in Britain.

    The report is the most concrete confirmation yet that the wave of cyber attacks emanating from China is sponsored, at least in part, by the Chinese government. However, a spokesman for the Chinese foreign ministry dismissed the allegations as “groundless”.

    In the past, the People’s Daily, the mouthpiece of the Communist Party, has accused the US of sensationalising China’s cyber threat as an excuse to expand its own “internet army”.

    In his recent State of the Union address, US President Barack Obama warned: “Our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing.”

    ReplyDelete