On the outskirts of Shanghai, in a run-down neighbourhood, a People’s Liberation Army base has been built for China’s growing corps of cyber warriors.
According to the New York Times, a number of digital forensic evidence has been confirmed by American intelligence officials, who said that they have tapped into the activity of the army unit for years.
A detailed 60-page study, released by Mandiant, an American computer security firm, for the first time has tracked individual members of the most sophisticated of the Chinese hacking groups, known to many of its victims in the United States as ‘Comment Crew’ or ‘Shanghai Group’, to the doorstep of the military unit’s headquarters.
The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.
According to the report, some security firms that have tracked Comment Crew said that they also believe the group is state-sponsored.
A recent classified National Intelligence Estimate, issued as a consensus document for all 16 of the United States intelligence agencies, makes a strong case that many of these hacking groups are either run by army officers or are contractors working for commands like Unit 61398, according to officials with knowledge of its classified content, the report said.
While Comment Crew has hacked terabytes of data from companies like Coca-Cola, its focus is increasingly on companies involved in the critical infrastructure of the United States, which includes electrical power grid, gas lines and waterworks.
According to the security researchers, one target was a company with remote access to more than 60 percent of oil and gas pipelines in North America.
The unit was also among those that attacked the computer security firm RSA, whose computer codes protect confidential corporate and government databases.
Contacted on Monday, Chinese officials at its embassy in Washington again insisted that its government does not engage in computer hacking, and that such activity is illegal. They describe China itself as being a victim of computer hacking, and point out, accurately, that there are many hacking groups inside the United States. But in recent years the Chinese attacks have grown significantly, security researchers said.
Mandiant has detected more than 140 Comment Crew intrusions since 2006.
American intelligence agencies and private security firms that track many of the 20 or so other Chinese groups every day said that those groups appeared to be contractors with links to the unit.
According to the report, the White House said it was “aware” of the Mandiant report.
The US government is planning to begin a more aggressive defense against Chinese hacking groups, starting on Tuesday.
Under a directive signed by US President Barack Obama last week, the government plans to share with American Internet providers information it has gathered about the unique digital signatures of the largest of the groups, including Comment Crew and others emanating from near where Unit 61398 is based.
But the government warnings will not explicitly link those groups, or the giant computer servers they use, to the Chinese army. The question of whether to publicly name the unit and accuse it of widespread theft is the subject of ongoing debate, it added.
