Officials within the United States government say hackers from China have renewed their assault on US targets only three months after a highly-touted investigation linked the People’s Liberation Army to a series of cyberattacks waged at American entities.
According to the New York Times, computer security experts and US officials alike say the PLA’s sophisticated cyber squadron is attempting to hack American businesses after a brief hiatus.
Earlier this year, the Times cited a report by Northern Virginia security firm Mandiant when they alleged that Chinese hackers targeted businesses and government agencies inside the US, as well as a Canadian utility company and others. Mandiant said in the February report that the PLA “Unit 61398” group compromised 141 companies across 20 major industries during the last few years, infecting the computers at Coca-Cola, the Canadian arm of Telvent and others.
Earlier this month, the US Department of Defense threw its weight behind Mandiant’s claims, and for the first time ever the administration of President Barack Obama accused China of cybercrimes.
“In 2012, numerous computer systems around the world, including those owned by the US government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military,” the Pentagon wrote.
Now, the chief executive at Mandiant and a number of US officials admit that China relaxed its campaign after the February report was published — only to have already returned to its hacking ways weeks later.
“They dialed it back for a little while, though other groups that also wear uniforms didn’t even bother to do that,” CEO Kevin Mandia told the Times on Friday. “I think you have to view this as the new normal.”
Mandia told the Times that hackers halted their operations back in February and attempted to wipe clean their digital fingerprints by scrubbing away spyware and other espionage tools used to surveil US businesses. Only one month after pausing, though, the hackers have resorted to once again using sophisticated means to carefully and clandestinely pilfer intelligence from American computers.
According to Mandia, Unit 61398 is now operating at 60 to 70 percent of what their campaigns resembled before being exposed in the original New York Times article.
Obama administration officials, speaking on condition of anonymity, did not react in disbelief. One senior official that spoke to the Times said, “this is something we are going to have to come back at time and again with the Chinese leadership,” who, he added, “have to be convinced there is a real cost to this kind of activity.”
Mandiant declined to identify which computer systems have been allegedly targeted in the latest round of attacks, but claimed that many of the very same entities hit before their report was published are once again in trouble.
“The hackers now use the same malicious software they used to break into the same organizations in the past, only with minor modifications to the code,” wrote David Sanger and Nicole Perlroth for the paper. “[T]hey have gradually begun attacking the same victims from new servers and have reinserted many of the tools that enable them to seek out data without detection.”
So far, though, the Chinese have largely refused to buy into the claims that a top-secret PLA group is orchestrating some of the most serious cyberattacks ever waged at American entities. It was nearly one month after the February Mandiant report was released when Premier Li Keqiang called the claims “groundless accusations” and impractical.
Hacking is a “worldwide problem and in fact China itself is a main victim of such attacks,” Li said in March. “China does not support — in fact it is opposed to – – hacking attacks.”
At that meeting, a reporter asked Li, “Will China stop the cyber- hacking against the US since it has now become an issue of American national security?”
“In your question I sensed the presumption of guilt,” the premier responded.
Christopher Soghoian, a senior policy analyst at the American Civil Liberties Union, wrote on Twitter after this week’s Times article, “When the Chinese gov hacks into US computers, it is cyberwar. When the US gov does it, it is ‘installing software.’”
It doesn’t hurt the cases brought up by both Li and Soghoian that perhaps the most destructive tool of cyberwar used yet by any nation-state — the worm Stuxnet — is largely considered to be a tool developed by scientists working for the US and Israel. Although the White House has yet to admit to those claims on the record, Obama administration officials speaking on condition of anonymity have attested that Washington ordered Stuxnet and other malicious codes to be used against Iranian nuclear facilities.
Just days before Li’s remark, the head of the US Cyber Command told the Senate Armed Services Committee that his agency plans to have 13 separate units trained by 2015 specifically to launch offensive cyberattacks at foreign targets.
“The teams are analogous to battalions in the Army and Marine Corps — or squadrons in the Navy and Air Force,” Gen. Keith Alexander said at the hearing. “In short, they will soon be capable of operating on their own, with a range of operational and intelligence skill sets, as well as a mix of military and civilian personnel.”
“I would like to be clear that this team. . . is an offensive team,” he said.
Speaking to the Wall Street Journal a month later, Geng Shuang, a spokesman for the Chinese Embassy in Washington, accused the US of “using cybersecurity as an excuse to take inappropriate actions against Chinese companies and individuals” without providing “proof and evidence.”
“China stands ready to carry out constructive cooperation with all countries, including the US, to safeguard peace and security of the cyberspace on the basis of mutual respect,” he said.