China is adamantly denying a report
by a U.S.-based Internet security group that accuses Beijing's army of carrying out a "long-running and extensive cyber espionage campaign" against American government and business targets.
Beijing's Defense Ministry on Wednesday released a statement saying the Chinese army has never supported cyber attacks. It said the Tuesday report by Mandiant "is not based on facts" and "lacks technical proof."
Mandiant says its investigation revealed that a secretive division of the People's Liberation Army, Unit 61398, was behind a group that carried out nearly 150 attacks on a wide range of mostly U.S. targets since 2006.
The White House would not directly comment on the report, but promised that it is taking all necessary steps to protect U.S. networks from cyber crimes and said it has raised the issue with Chinese leaders.
The Chinese government had already denied it was behind the attacks. On Tuesday, the foreign ministry said Beijing was the victim, not perpetrator, of computer hacking, saying such activity is against Chinese law.
The Defense Ministry repeated that insistence on Wednesday, saying its own data suggested that a "considerable" number of hacking attempts against it originate from the United States.
It also questions Mandiant's methodology of using IP addresses, or computer identification codes, to trace dozens of the China-based attacks to a neighborhood surrounding a PLA building in Shanghai. It argues the codes could be re-routed to appear as if they came from a different location.
China has long been considered the source of many of the world's cyber attacks, and many suspect the involvement of China's government and military. But most computer scientists and foreign governments have refrained from making direct accusations against Beijing, since specific attacks are difficult to pinpoint.
Mounting evidence suggests Beijing's involvement
People walk past Unit 61398 in Shanghai February 19, 2013, the unit believed to be behind a series of hacking attacks.
A Chinese People's Liberation Army soldier stands guard in front of Unit 61398 in Shanghai. The Mandiant report says Chinese hackers have focused on stealing information like technology blueprints, manufacturing processes and other information from foreign companies.
Richard Bejtlich, Mandiant's Chief Security Officer: "The name of the game for this group is theft. From what we have seen they are there to take it and bring it back to China," he said of the group behind the cyber attacks.
Map of the APT1 hacking headquarters in Shanghai, China.
Part of the building of Unit 61398 in Shanghai.
Internet security groups like Mandiant rely on several techniques that can trace the origin of malicious software back to China with with reasonable certainty, according to Brad Glosserman with the Hawaii-based Pacific Forum.
"They have particular signatures on them that we can identify and tell who has written similar software. That's number one. Number two, we look at the type of information being taken. Certain people want certain types of information ... and number three, we look at where it's going. And, while we can't be sure that this is ultimately the final end destination, when IP addresses are used consistently, we get a pretty strong conclusion that's where the attacks are coming from," Glosserman says.
Faced with mounting public evidence that it is involved in or does not take steps to halt cyber attacks, the Chinese government has responded by insisting it cannot control everything that occurs within its borders. But Beijing has a lot of incentive to claim it cannot do anything about the hacking, says Gabe Collins of the analysis group China SignPost.
"It makes a lot of economic sense for them," says Collins. "(Even) if there's not state support, there's literally probably billions of dollars in savings that accrue to the different Chinese laboratories and state-owned enterprises that can reap the fruits of this industrial espionage."
Collins points out that Beijing's state-controlled companies stand to profit from recent attacks that have stolen information on U.S. oil and gas companies, the Department of Defense and even information on one of America's most advanced aircraft, the F-35 Joint Strike Fighter.
Problem intensifying; could threaten ties?
Even though the U.S. and China consistently raise the issue and pledge cooperation on cyber security at regular dialogue sessions, the problem still seems to be getting worse, and some say it could threaten U.S.-China relations.
The prospect of being hacked by the Chinese government is something that U.S. companies will take under consideration when contemplating operations in China, says Patrick Chovanec, a professor at Beijing's Tsinghua University.
"On the one hand they're being regulated by the Chinese government, and on the other hand they may find themselves on the receiving end of attacks coming from other parts of the Chinese government," says Chovanec.
Obama considering tougher stance?
The Obama administration is considering taking a more aggressive stance on Chinese hackers, according to recent U.S. media reports, which have quoted government officials as saying trade sanctions or fines are possible against those found guilty of cyber crimes.
In his recent State of the Union address, President Barack Obama did not mention China by name, but said America must face the "rapidly growing threat from cyber attacks" from foreign countries.
"We know hackers steal people's identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy," the president said.