Officials within the United States government say hackers from China have renewed their assault on US targets only three months after a highly-touted investigation linked the People’s Liberation Army to a series of cyberattacks waged at American entities.
According to the New York Times, computer security experts and
US officials alike say the PLA’s sophisticated cyber squadron is
attempting to hack American businesses after a brief hiatus.
Earlier this year, the Times cited a report by
Northern Virginia security firm Mandiant when they alleged that
Chinese hackers targeted businesses and government agencies inside
the US, as well as a Canadian utility company and others. Mandiant
said in the February report that the PLA “Unit 61398” group
compromised 141 companies across 20 major industries during the
last few years, infecting the computers at Coca-Cola, the Canadian
arm of Telvent and others.
Earlier this month, the US Department of Defense threw its
weight behind Mandiant’s claims, and for the first time ever the
administration of President Barack Obama accused China of
cybercrimes.
“In 2012, numerous computer systems around the world,
including those owned by the US government, continued to be
targeted for intrusions, some of which appear to be attributable
directly to the Chinese government and military,” the Pentagon
wrote.
Now, the chief executive at Mandiant and a number of US
officials admit that China relaxed its campaign after the February
report was published – only to have already returned to its hacking
ways weeks later.
“They dialed it back for a little while, though other groups
that also wear uniforms didn’t even bother to do that,” CEO
Kevin Mandia told the Times on Friday. “I think you have to view
this as the new normal.”
Mandia told the Times that hackers halted their operations back
in February and attempted to wipe clean their digital fingerprints
by scrubbing away spyware and other espionage tools used to surveil
US businesses. Only one month after pausing, though, the hackers
have resorted to once again using sophisticated means to carefully
and clandestinely pilfer intelligence from American computers.
According to Mandia, Unit 61398 is now operating at 60 to 70
percent of what their campaigns resembled before being exposed in
the original New York Times article.
Obama administration officials, speaking on condition of
anonymity, did not react in disbelief. One senior official that
spoke to the Times said, “this is something we are going to have
to come back at time and again with the Chinese leadership,”
who, he added, “have to be convinced there is a real cost to
this kind of activity.”
Mandiant declined to identify which computer systems have been
allegedly targeted in the latest round of attacks, but claimed that
many of the very same entities hit before their report was
published are once again in trouble.
“The hackers now use the same malicious software they used to
break into the same organizations in the past, only with minor
modifications to the code,” wrote David Sanger and Nicole
Perlroth for the paper. “[T]hey have gradually begun attacking
the same victims from new servers and have reinserted many of the
tools that enable them to seek out data without detection.”
So far, though, the Chinese have largely refused to buy into the
claims that a top-secret PLA group is orchestrating some of the
most serious cyberattacks ever waged at American entities. It was
nearly one month after the February Mandiant report was released
when Premier Li Keqiang called the claims “groundless
accusations” and impractical.
Hacking is a “worldwide problem and in fact China itself is a
main victim of such attacks,” Li said in March. “China does
not support — in fact it is opposed to – – hacking
attacks.”
At that meeting, a reporter asked Li, “Will China stop the
cyber- hacking against the US since it has now become an issue of
American national security?”
“In your question I sensed the presumption of guilt,” the
premier responded.
Christopher Soghoian, a senior policy analyst at the American
Civil Liberties Union, wrote on Twitter after this week’s Times
article, “When the Chinese gov hacks into US computers, it is
cyberwar. When the US gov does it, it is ‘installing
software.’”
It doesn’t hurt the cases brought up by both Li and Soghoian
that perhaps the most destructive tool of cyberwar used yet by any
nation-state – the worm Stuxnet – is largely considered to be a
tool developed by scientists working for the US and Israel.
Although the White House has yet to admit to those claims on the
record, Obama administration officials speaking on condition of
anonymity have attested that Washington ordered Stuxnet and other
malicious codes to be used against Iranian nuclear facilities.
Just days before Li’s remark, the head of the US Cyber Command
told the Senate Armed Services Committee that his agency plans to
have 13 separate units trained by 2015 specifically to launch offensive cyberattacks at
foreign targets.
“The teams are analogous to battalions in the Army and Marine
Corps – or squadrons in the Navy and Air Force,” Gen. Keith
Alexander said at the hearing. “In short, they will soon be
capable of operating on their own, with a range of operational and
intelligence skill sets, as well as a mix of military and civilian
personnel.”
“I would like to be clear that this team. . . is an offensive
team,” he said.
Speaking to the Wall Street Journal a month later, Geng Shuang,
a spokesman for the Chinese Embassy in Washington, accused the US
of “using cybersecurity as an excuse to take inappropriate
actions against Chinese companies and individuals” without
providing “proof and evidence.”
“China stands ready to carry out constructive cooperation
with all countries, including the US, to safeguard peace and
security of the cyberspace on the basis of mutual respect,” he
said.
This article originally appeared on : RT