Sunday, February 24, 2013

The Cyberdragon

Unit 61398 and Chinese Cyber Belligerence 

In certain ways, this whole cyber craze isn't exactly new--though it may certainly seem that way to the average individual watching the news over the past year or so. For years, security experts (both public and private) and western intelligence agencies have indicated that Chinese hackers have been trying to steal Western corporate secrets.  Recently, evidence of Chinese hacking has outraged American politicians and has lead to backlash against Chinese firms. 

Outside the building alleged to be the home of Chinese military Unit 61398 by 
American cyber security firm Mandiant. 

The Chinese government has always vehemently denied these accusations. In January of 2013 the Chinese Defense Ministry asserted that "it is unprofessional and groundless to accuse the Chinese military of launching cyber attacks without any conclusive evidence."  That all changed on Feb 19th when Mandiant, an American cyber-security firm, released a report detailing the activities of a particular group of hackers. That group of hackers was a Chinese military outfit known as Unit 61398 and they, according to the Mandiant report, were probably behind attacks launched against more than one hundred companies and government agencies the world over.The Mandiant report itself is the result of nearly six years of investigation and tracks individual members of one Chinese hacker group (with charming aliases like "Ugly Gorilla" and "SuperHard") to what the Economist describes as a "nondescript district in residential Shanghai that is home to Unit 61398) f the People's Liberation Army."

 The report (which dubs the Unit as APT1) indicates that the Chinese did not employ particularly ground-breaking methods in their endeavors. What makes them unique is the "duration of the attacks and the range of the group's "ecosystem" of remote-control software." These factors combined allowed the hackers to steal terabytes of data from their victims. For the the less than tech savvy among us, that is literally trillions of bytes of information from the hapless, hacked organizations they targeted. And as for duration of the attacks, some have dates imprinted on them which suggests that they were initially programmed as early as 2004. What we are seeing now is clearly the fruition of what might be nearly a decade of planning and premeditation. They've been at this for some time. So no, this cyber thing isn't remotely new. Not at all.  The report indicates that most of the companies and organizations hacked were in fact American, and while it does not name victims, a relates New York Times investigation (Mandiant was also the company NYT hired to look into their own cyber-attacks) sheds some light: including that the hackers managed to gain access to an American defense contractor as well as the networks of a company that helps run American pipelines and power grids. Needless to say, that in itself is cause for alarm. 

The day after this report was released,  February 20th, the United States government announced plans to combat the theft of trade secrets. Cybercrime costs businesses billions upon billions of dollars. No one seems to be able to put a firm number on it--but one thing is apparent: China is easily the most outrageous offender. 

Now, stones and glass houses taken into account, America is by no means innocent in our current world of cyber-spying. But what's unique to the Chinese, at least in comparison to America, is that the Mandiant report shows that China's definition of national security pretty much includes outright theft. This, of course, highlights the need for America as a government and a conglomeration of private companies to get itself in gear to deal with cyber threats. Barack Obama has recently announced measures to ensure greater cooperation between American firms and government agencies--especially in the realms of sharing information. He's supplicating Congress to take similar, more permanent steps. Hopefully this will put America on the path of greater cyber security. That aside--America (and the rest of the world) need to show the Chinese that state sponsored crime is unacceptable. It's time to move the complaints out from behind closed door discussion with Chinese officials and onto the world stage, or at least into the world media.

China should consider this too. How long will brazen cyber belligerence continue to work in their favor? China's new leader, Xi Jinping, came into power suggesting that China "must embrace reform and show more respect for the rule of law." This is a perfect opportunity, which may be missed in light of Chinese hot protests against the Mandiant report. Chinese economic benefits of cyber-theft are obvious, but what do they risk by persisting? Chinese companies will be regarded with consistent suspicion while seeking business abroad. Within the United States they already are, and those attitudes will only persist. China will also not be taken seriously when it protests to the West's talk of a "China threat." Chinese cyber belligerence will not be able to proceed unchallenged for long, and it will be interesting to see how the Chinese will handle the inevitable increasing resistance.



No comments: