Article Lead Image

China denies sponsoring hacking attacks against U.S. companies

The Chinese government flatly denies a U.S. security firm's claim that the Chinese military has been running a large-scale hacking attack against U.S. industries.


Kevin Collier

Internet Culture

Posted on Feb 20, 2013   Updated on Jun 2, 2021, 12:05 am CDT

A major cybersecurity contractor released a report Tuesday that traced an enormous hacking operation against U.S. companies to a single Chinese army building.

The report provided ammunition for U.S. lawmakers who believe the country needs new cybersecurity laws to deal with foreign threats, including the sponsors of the controversial Cyber Intelligence Security Protection Act (CISPA).

But Chinese officials deny that the attacks were government-sponsored.

China’s Department of Defense issued a reply to cybersecurity consultant Mandiant’s report on Wednesday, saying that while it’s possible some cyber attacks have come from China, they weren’t official; the Chinese army doesn’t do that sort of thing.

“Chinese law forbids hacker attacks, or any breach of Internet security,” according to the country’s release. “The Chinese government has always resolutely cracked down on criminal activities, and the Chinese army has never supported any hacking.”

Mandiant released a thorough, 60-page case that tracked cyberattacks on U.S. networks to a single, 12-story military building outside of Shanghai: PLA Unit 61398. The purpose of the building is a state secret, but Mandiant even put forth a serious estimation of what’s inside: 130,663 square feet, more than 1,000 servers, plus linguists, open-source software experts, and experts from various industries targeted by the hacking attacks.

For instance, 97% of attackers used Simplified Chinese as their keyboard setting, 98% of hackers were identified by their Internet protocol (IP) addresses as coming from China, and 99.8% of those were traced to Shanghai—Unit 61398’s neighborhood in particular. “The sheer scale and duration of sustained attacks against such a wide set of industries from a singularly identified group based in China leaves little doubt,” the report said.

But China dismissed that IP address argument, noting, as many Internet rights activists do, that it’s easy to fake IP addresses, and it’s unfair to use them to identify a person. “As we all know, hacker attacks almost always steal IP addresses. It is common practice online,” the release said. It even noted that China itself is a common victim of cyber attacks, and that “a considerable number of attack sources from the United States, but we did not as a pretext to accuse the U.S.”

Mandiant did acknowledge it was relying on Occam’s Razor, and that there’s a small possibility that the attacks were coming from somewhere else nearby. If they don’t originate from an army building, it’s possible they weren’t, actually, state-sponsored. Though that’s unlikely, Mandiant said, it conceded it’s possible that:

A secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multi-year, enterprise scale computer espionage campaign right outside of Unit 61398’s gates, performing tasks similar to Unit 61398’s known mission.

Immediately after Mandiant’s report, lawmakers who have pushed for CISPA—a bill privacy advocates strongly object to—cited it as justification for their longstanding claims that the U.S. is often cyber-attacked by the Chinese government.

But the Chinese Department of Defense seemed to object to that talk.

“China has always attached great importance to international cooperation in cyberspace, to jointly combat cybercrime,” the release said. “Unilateral public accusations in the media, is not only ineffective, it undermines the climate of cooperation.”

Photo of Chinese Defense Minister Gen. Liang Guanglie via Wikimedia Commons

Share this article
*First Published: Feb 20, 2013, 6:52 pm CST