News / Asia

    US Analysts Long Suspected China Hacking

    The building housing “Unit 61398” of the People’s Liberation Army is seen in the outskirts of Shanghai, Tuesday Feb. 19, 2013.
    The building housing “Unit 61398” of the People’s Liberation Army is seen in the outskirts of Shanghai, Tuesday Feb. 19, 2013.
    For Internet security analysts, the announcement this week that the U.S. Department of Justice was charging members of China’s military with cyber-espionage hardly comes as a surprise.
     
    Long before Washington began publicly complaining about hacking attacks coming from China, analysts have been tracking increasingly sophisticated efforts coming from somewhere in China to pry open and steal millions of secure data files from U.S. corporations, interest groups, media and even the government.

    Increasingly, those analysts have been connecting the hacks with specific elements of the Chinese government; most notably the People’s Liberation Army, or PLA.
     
    VOA spoke with four prominent cyber security analysts about the forensic examinations, techniques used by the Chinese hackers, and best suggestions to fight against the onslaught of Chinese hacking.

    Jonathan Katz is the director of the Cybersecurity Center at the University of Maryland, Christopher Burgess is CEO and director of the cyber security firm Prevendra, Marcus Ranum is a firewall engineer and chief of security for Tenable Security, Inc., and Bruce Schneier is a leading cryptographer and author of the book “Schneier on Security”.  
     
    VOA: How surprised are you that these attacks appear to be directed by or coming from the Chinese military, and how certain of that can we be?
     
    Jonathan Katz: That’s a good question. According to the Mandiant report* from last year, it’s alleged that these Chinese hackers are state-sponsored actors that are breaking into U.S. corporations. As to why the military is doing it, we can speculate. But it seems clear that by targeting U.S. corporations, they’re interested in seizing intellectual property which would potentially be of use for the Chinese economy, for innovation, and potentially for other purposes to bolster China. The Mandiant report pinpointed a specific location in China where these attacks were coming from and named specific individuals by their Internet handle, but not actual names. So I’m not sure how the Department of Justice was able to make the jump to specific names, although we’ll probably learn more in the coming weeks.
     
    Christopher Burgess: I’m not surprised the Chinese are purloining intellectual property from U.S. companies. They’ve been systematically stealing information since 1986. How certain can we be? I’d like to see the information coming out the indictment, and the subsequent trial, because it is difficult to trace back point-of-origin on cyber-attacks, but not impossible. The fact that the military was doing it isn’t surprising. All governments go with their ‘A-team’ when they’re going after information that is of national interest. In this case, they clearly were going after energy and natural resource information.
     
    Marcus Ranum: Usually nations authorize such activities under their military because they feel that the fundamentally offensive nature doesn't fall under the purview of civilian agencies. That appears to apply whether we're talking about the US, UK, Germany, France or China. Probably a certain amount of it is also that historically, the military has more experience (in theory) handling secrets.
     
    Bruce Schneier: It’s really no surprise at all. We’ve known for years there’s a lot of hacking coming from China and that much of it is either state-sponsored or state-approved. How you know about it is through investigation. It’s actually very hard to trace attacks. When we can, it’s often because hackers have made mistakes in hiding their tracks and it’s not something we can do quickly. In other cases, we’ve known with reasonable assurance the attacks came from certain buildings and offices in China and that the government knew about it and approved it.
     
    VOA: What are the hallmarks or signatures, if any, of a Chinese hack attack? How are they doing it?
     
    Jonathan Katz: They’re obviously very well-funded and they have a whole lot of resources. If you look at the techniques they’re using to get in, they’re using classical social engineering – malicious links in an email for example, or a spear phishing attack – in order to get a toe-hold into the system. After that, they seem to be very good at installing back doors into the compromised system that will allow them to have persistent access to the target. They’re also downloading huge amounts of data from the targets, which seems to be something unique to the Chinese. They do seem to be doing their background research, which makes the spear phishing emails look more legitimate, so getting names of people who work for the company to make it look as if they’re coming from someone inside, or crafting the emails in such a way as to convince people to click on it.
     
    Christopher Burgess: The Chinese are doing what they’re doing by using what we call Advanced Persistent Threat technologies. It appears that this was on-going from 2006, so over eight years it indicates they were doing this in a very professional manner, with the intent to collect and not be detected. That’s different than organized crime where they’re trying to monetize something immediately. This was straight-up intelligence collection.

    Marcus Ranum: The Chinese appear to be doing the same sorts of stuff that everyone else is/has been doing: attempting to collect economic and strategic information that will give them an edge over their competition. At the level of states, there is really not much of a line between economic activity and any other strategic area of conflict. War is a continuation of state-craft, which is a continuation of economics.
     
    Bruce Schneier: There’s absolutely nothing unique about a Chinese hack, and this is one of the problems. It’s not just the Chinese; there’s nothing unique about government attacks. You used to be able to tell who it was by the weaponry. But governments, researchers, criminals; everybody’s using the same techniques. So there’s nothing unique about a Chinese attack except that it comes from China.
     
    VOA: What are the best suggestions to U.S. corporations to protect themselves from these kinds of attacks?
     
    Jonathan Katz: One of the things you can point to right away is the need for better user education. What you see with these phishing attacks is the need to train your workers to not be susceptible. Specifically, to be very careful when they see an email that doesn’t look legitimate, to be very careful when clicking on any links embedded in emails, or to use only their own passwords. These are the kinds of things that can go a very long way to preventing these hacks.
     
    Christopher Burgess: First and foremost, you identify the location of your most sensitive data, and you isolate that away from where it can be access by anyone coming in through the Internet or social engineering. Far too many companies just don’t know where their information is, and thus they don’t know where they’re vulnerable.
     
    Marcus Ranum:
    They should be securing their systems and sharing information with their peers about how to maintain and improve their security. As we have seen, it really doesn't matter if it's the NSA hacking you or the Chinese – these activities maintain security weaknesses in the infrastructure that also make organizations more vulnerable to other criminals. Yes, this activity is criminal even when governments do it. It is a tremendous shame that some governments – most notably the U.S. lately – go on the offense, rather than defense.
     
    Bruce Schneier: Against these sorts of attacks, the sad answer is there’s not much that can be done. Directed attacks tend to be extremely sophisticated – it’s what we call “advanced persistent threats” – and most companies are not equipped to defend themselves. The best most can do is to detect the attacks after they’ve occurred and mitigate the best they can. After that, good security hygiene is the best you can do, but if the attacker is tenacious enough, it’s not going to be enough.
     
    VOA: How aware are you of any attacks or espionage going the other way, from the U.S. to China?
     
    Jonathan Katz: I’m not aware of anything of this nature – U.S.-sponsored entities attacking Chinese corporations to steal intellectual property. There surely may be individuals in the U.S. or elsewhere doing that, but I haven’t seen it be state-sponsored from anywhere else other than China.  
     
    Christopher Burgess: I would have no comment as I have no knowledge of such activity. That said, China has in the past made that accusation. Most recently they attributed the crash of .cn to foreign hands when it was actually domestic hackers. They have uncovered other countries hacking or trying to purloin information from Chinese government entities. There are lots of rumors. I would look to those nations that are publicly advertising that they’re creating offensive cyber-warfare capacity.
     
    Marcus Ranum: What!?  Have you been asleep? Snowden's disclosure that the US has been back-dooring systems all around the world is far from new. Also, the U.S. has been compromising devices that are being exported – just as the U.S. was accusing Chinese router-maker Huawei of having back-doored routers, we now know the U.S. has been back-dooring Cisco gear. I think this is all a tremendous waste of time. If you invest your effort in defending your systems you are defending against all comers. If you simply attack a single target, you are only gaining inroads against one target. The logistics of war favor defense for its ubiquity.
     
    Bruce Schneier: Oh, of course we’re doing this. The odds are zero that we’re not. We know that from the Snowden documents, we know that from U.S. policy, we know that from what the NSA does. The difference is, we don’t actually attack foreign companies and pass that information on to U.S. companies. That kind of industrial espionage is something the U.S. does not do. But when it’s government vs. government, we both do it. Everybody does.
     
    *In February 2013, the Virginia-based Internet security firm Mandiant issued a comprehensive 76-page report titled “Exposing One of China’s Cyber Espionage Units.”

    The report outlines over 150 instances of cyber espionage or hacking against 141 private targets that they conclude originated from the same source, which the report calls “APT1.”

    The report authors detail where they attacks came from, the Internet handles of some of those behind them, and eventually conclude that “APT1” is, in fact, a Chinese military unit responsible for cyber intelligence known as 61398.

    While the Department of Justice indictment goes further, and is much more detailed, much of its summary specifically tracks with the Mandiant report.

    Doug Bernard

    dbjohnson+voanews.com

    Doug Bernard covers cyber-issues for VOA, focusing on Internet privacy, security and censorship circumvention. Previously he edited VOA’s “Digital Frontiers” blog, produced the “Daily Download” webcast and hosted “Talk to America”, for which he won the International Presenter of the Year award from the Association for International Broadcasting. He began his career at Michigan Public Radio, and has contributed to "The New York Times," the "Christian Science Monitor," SPIN and NPR, among others. You can follow him @dfrontiers.

    You May Like

    Turkey, US Splits Deepen Over Support for Kurdish Militants

    Ankara summons American ambassador to protest remarks by State Department spokesman who said Washington does not consider Syria's Kurdish Democracy Union Party (PYD) a terrorist organization

    Obama Seeking $19 Billion for National Cybersecurity

    Move, touted as attempt to build broad, cohesive federal response to cyberthreats, calls for increase in cybersecurity spending across all government agencies

    Video Foreign Policy Weighs Heavy for Some US Voters

    VOA talks to protesters in Manchester, New Hampshire, who sound off on foreign policy issues such as the Guantanamo Bay prison, the Israeli-Palestinian conflict and the wars in Iraq, Syria and Yemen

    This forum has been closed.
    Comment Sorting
    Comments
         
    by: eggerist from: USA
    May 20, 2014 7:27 AM
    Since time began appears to be the norm. Security has always been a thorn for any innovating company/ person.Stealing information by ALL countries,

    by: Stephen Real from: Columbia USA
    May 20, 2014 7:24 AM
    China's PLA hacking unit "61398" is so famous in the USA. I wonder if the PLA offers tourist a chance to meet the rock star hackers? Since the whole world knows now who the team is by name.

    by: rab from: Toronto
    May 20, 2014 7:02 AM
    How did VOA end up in Google as "news"? There are other articles that show China presenting evidence that US snooping is just as bad and likely worse. This article is poorly written propaganda.

    In Response

    by: Doug Bernard
    May 20, 2014 8:38 AM
    Rab, I think you'll see several of the analysts we spoke with said exactly as much. How is this propaganda?

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Valentine's Day Stinks for Lebanese Clownsi
    X
    February 09, 2016 8:04 PM
    This weekend, on Valentine's Day in Lebanon, love is not the only thing in the air. More than half a year after the country's trash crisis began, the stink of uncollected garbage remains on the streets. Step forward "Clown Me In," a group of clowns who use their skills for activism. Before the most romantic day of the year the clowns have released their unusual take on love in Lebanon -- in a bid to keep the pressure up and get the trash off the streets. John Owens reports from Beirut.
    Video

    Video Valentine's Day Stinks for Lebanese Clowns

    This weekend, on Valentine's Day in Lebanon, love is not the only thing in the air. More than half a year after the country's trash crisis began, the stink of uncollected garbage remains on the streets. Step forward "Clown Me In," a group of clowns who use their skills for activism. Before the most romantic day of the year the clowns have released their unusual take on love in Lebanon -- in a bid to keep the pressure up and get the trash off the streets. John Owens reports from Beirut.
    Video

    Video Rocky Year Ahead for Nigeria Amid Oil Price Crash

    The global fall in the price of oil has rattled the economies of many petroleum exporters, and Africa’s oil king Nigeria is no exception. As Chris Stein reports from Lagos, analysts are predicting a rough year ahead for the continent’s top producer of crude.
    Video

    Video Foreign Policy Weighs Heavy for Some US Voters

    VOA talks to protesters in Manchester, New Hampshire who sound off on foreign policy issues such as the Guantanamo Bay Prison, the Israeli-Palestinian conflict, Middle East Affairs and national security.
    Video

    Video 'No Means No' Program Targets Sexual Violence in Kenya

    The organizers of an initiative to reduce and stop rape in the informal settlements around Kenya's capital say their program is having marked success. Girls are taking self-defense classes while the boys are learning how to protect the girls and respect them. Lenny Ruvaga reports from Nairobi.
    Video

    Video New Hampshire Voters Are Independent, Mindful of History

    Once every four years, the northeastern state of New Hampshire becomes the center of the U.S. political universe with its first-in-the-nation presidential primary. What's unusual about New Hampshire is how seriously the voters take their role and the responsibility of being among the first to weigh in on the candidates.
    Video

    Video Chocolate Lovers Get a Sweet History Lesson

    Observed in many countries around the world, Valentine’s Day is sometimes celebrated with chocolate festivals. But at a festival near Washington, the visitors experience a bit more than a sugar rush. They go on a sweet journey through history. VOA’s June Soh takes us to the festival.
    Video

    Video 'Smart' Bandages Could Heal Wounds More Quickly

    Simple bandages are usually seen as the first line of attack in healing small to moderate wounds and burns. But scientists say new synthetic materials with embedded microsensors could turn bandages into a much more valuable tool for emergency physicians. VOA’s George Putic reports.
    Video

    Video Bhutanese Refugees in New Hampshire Closely Watching Primary Election

    They fled their country and lived in refugee camps in neighboring Nepal for decades before being resettled in the northeastern U.S. state of New Hampshire -- now the focus of the U.S. presidential contest. VOA correspondent Aru Pande spoke with members of the Bhutanese community, including new American citizens, about the campaign and the strong anti-immigrant rhetoric of some of the candidates.
    Video

    Video Researchers Use 3-D Printer to Produce Transplantable Body Parts

    Human organ transplants have become fairly common around the world in the past few decades. Researchers at various universities are coordinating their efforts to find solutions -- including teams at the University of Pennsylvania and Rice University in Houston that are experimenting with a 3-D printer -- to make blood vessels and other structures for implant. As VOA’s Greg Flakus reports from Houston, they are also using these artificial body parts to seek ways of defeating cancerous tumors.
    Video

    Video Helping the Blind 'See' Great Art

    There are 285 million blind and visually impaired people in the world who are unable to enjoy visual art at a museum. One New York photographer is trying to fix this situation by making tangible copies of the world’s masterpieces. VOA correspondent Victoria Kupchinetsky was there as visually impaired people got a feel for great art. Joy Wagner narrates her report.
    Video

    Video German Artists to Memorialize Refugees With Life Jacket Exhibit

    Sold in every kind of shop in some Turkish port towns, life jackets have become a symbol of the refugee crisis that brought a million people to Europe in 2015.  On the shores of Lesbos, Greece, German artists collect discarded life jackets as they prepare an art installation they plan to display in Germany.  For VOA, Hamada Elrasam has this report from Lesbos, Greece.
    Video

    Video E-readers Help Ease Africa's Book Shortage

    Millions of people in Africa can't read, and there's a chronic shortage of books. A non-profit organization called Worldreader is trying to help change all that one e-reader at a time. VOA’s Deborah Block tells us about a girls' school in Nairobi, Kenya where Worldreader is making a difference.
    Video

    Video Genius Lets World Share Its Knowledge

    Inspired by crowdsourcing companies like Wikipedia, Genius allows anyone to edit anything on the web, using its web annotation tool
    Video

    Video In Philippines, Mixed Feelings About Greater US Military Presence

    In the Philippines, some who will be directly affected by a recent Supreme Court decision clearing the way for more United States troop visits are having mixed reactions.  The increased rotations come at a time when the Philippines is trying to build up its military in the face of growing maritime assertiveness from China.  From Bahile, Palawan on the coast of the South China Sea, Simone Orendain has this story.