A special hacker's unit of the People's Liberation Army occupies a nondescript twelve story building in Shanghai, China and U.S. The hacking was reported in a Feb. 19 article in the New York Times, and the hacker's unit is APT1, which is a part of P.L.A. Unit 61398. China took umbrage with the accusations, claiming that the U.S. has hacked into its systems.
Now it is revealed that one of China's elite universities, Shanghai Jiaotong University, collaborated with the Army with cyber security research. The university published several papers online, including a paper that described an "intrusion monitoring system" and another paper on "attack graphs" to show how an adversary can break into a computer system. According to a March 24 Yahoo article, concerns center on the collaboration between China's Army and its most elite university. The published papers do not describe any real plans for breaking into foreign systems.
Here is how the hackers were caught: Over the years, a private cyber security firm has gathered a massive amount of forensic evidence to prove that this unit has stolen a massive amount of data from corporations, organizations and government agencies in the U.S. The private security firm, Mandiant Intelligence Center, has released a shocking report.
This is alarming news because the stolen data could allow a foreign government to shut down or interfere with commerce, banking, trade and other major U.S. corporate, civil and economic functions.
Mandiant Intelligence Center published a 60 page report on Feb. 19, leading with this statement: "This report is focused on the most prolific cyber espionage group Mandiant tracks: APT1. This single organization has conducted a cyber espionage campaign against a broad range of victims since at least 2006."
The Mandiant report claims that APT1 maintains a huge infrastructure of computers around the world and focuses on compromising organizations in English speaking countries. Hundreds of people are also involved, with three specific identities showing up in a “name and shame” reaction to the Chinese government’s hacking.
Over the years, the APT1 unit systematically stole hundreds of terabytes of data from at least 141 organizations.
The hackers demonstrated a high level of knowledge about computer security and network operations, but also used old-school hacking tricks like spoof emails. Spoof emails look exactly like official internal correspondence and they trick people into signing in to fake websites. This gives the hackers passwords and user IDs for easy access to internal servers. Once hackers gain access to the servers, they can get past server defenses to grab any data they desire.
While the Chinese government has either ignored or denied the alarming news, Twitter exploded with comments. The Chinese government does not allow Twitter, meaning there was little or no input or reaction from the Chinese people.
According to a Feb. 19 CBS News article, President Obama signed an executive order on Feb. 12 that makes it easier to share information with private firms. The order also requires government agencies to report security threats to at-risk U.S. corporations. Meanwhile, Congress has yet to agree on a more permanent and comprehensive set of laws to improve cyber security.
With the news about APT1, many are calling for much stronger action against China and other foreign governments that target the U.S. with highly sophisticated and extremely capable hacking operations. One of the strongest actions is to "name and shame" government sponsored hacking units and to release individual identities as the Mandiant Intelligence Center has done.