view counter

China syndromeChinese government orchestrates cyberattacks on U.S.: experts

Published 19 February 2013

For more than a decade now, China has engaged in a sustained, systemic, and comprehensive campaign of cyber attacks against the United States. The Chinese government has enlisted China’s sprawling military and civilian intelligence services, with their armies of cyber-specialists, in a cyber-campaign aiming to achieve three goals: steal Western industrial secrets and give them to Chinese companies, so these companies could compete and weaken their Western rivals; hasten China’s march toward regional, then global, economic hegemony; achieve deep penetration of U.S. critical infrastructure in order to gain the ability to disrupt and manipulate American critical infrastructure – and paralyze it during times of crisis and conflict. A detailed 60-page study, to be released today , offers, for the first time, proof that the most sophisticated Chinese hacker groups, groups conducting the most threatening attacks on the United States, are affiliated with the headquarters of China’s military intelligence lead unit — PLA Unit 61398.

For more than a decade now, China has engaged in a sustained, systemic, and comprehensive campaign of cyber attacks against the United States. The Chinese government has enlisted China’s sprawling military and civilian intelligence services, with their armies of cyber-specialists, in a cyber-campaign aiming to achieve three goals:

  • The immediate goal is to steal the engineering and industrial secrets developed by American scientists and engineers working for American corporations, and give these secrets to Chinese companies. These companies, in many cases owned by or affiliated with the Peoples’ Liberation Army (PLA), then turn around and compete with the very companies whose secrets the Chinese intelligence services had stolen. The Chinese companies more often than not succeed in stealing business away from Western companies because the Chinese products offer the same benefits the products of the Western companies do (these Chinese products, after all, are based on technologies stolen from Western technology) – but are cheaper, because often these Chinese companies are subsidized, directly or indirectly, by the Chinese government.
  • China’s intermediate goal is to erode the U.S. economic advantage over China, and achieve regional, then global, economic hegemony. China is taking several other steps to hasten its march toward hegemony – it invests billions of dollars in improving its own science education and research, builds up its military, and flexes its muscles in an effort to intimidate its regional rivals. These measures take time, however. Stealing Western industrial secrets, and then using the stolen technologies to strengthen Chinese companies so they can better compete against and weaken Western companies, is an attractive short-cut.
  • China’s longer-term goal is to achieve deep penetration of U.S. critical infrastructure which would allow China to do two things: first, engage in subtle disruptions of, say, U.S. financial institutions or the U.S. power generation and distribution system in order to create confusion, difficulties, and mayhem in the United States during times of U.S.-Chinese tensions. The second goal is to gain the ability to paralyze the United States outright during times of crisis and open conflict by shutting down U.S. critical infrastructure – or taking control of it. Thus, Chinese sleeper malware may be activated to turn off power generation stations and plunge cities into darkness, or remotely open dam gates to release reservoir water and cause massive floods.

The New York Time reports that a detailed 60-page study, to be released today by U.S. computer-security firm Tuesday by Mandiant, offers, for the first time, proof that individual hackers belonging to the most sophisticated Chinese hacking groups — known in the United States as “Comment Crew” or “Shanghai Group” — are affiliated with the headquarters of PLA Unit 61398.

“Either they are coming from inside Unit 61398,” Kevin Mandia, the founder and chief executive of Mandiant, told the Times last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”

The Times notes that other security firms tracking Comment Crew have concluded the group is state-sponsored. A recent classified National Intelligence Estimate (NIE), representing the views if all U.S. sixteen intelligence agencies, asserts that many of these hacking groups are either run by army officers or are contractors working for commands like Unit 61398.

The Times notes that for U.S. intelligence and security agencies, the most worrisome aspect of the latest series of attacks launched by Unit 61398, is that these attacks focus not merely on stealing information, but on gaining the ability to disrupt and manipulate American critical infrastructure.

One recent example is the successful Chinese hacking of the Canadian arm of Telvent. The company, now owned by Schneider Electric, designs software that gives oil and gas pipeline companies and power grid operators remote access to valves, switches, and security systems.

In his State of the Union address, president Barack Obama gave expression to this growing U.S. concern about the scope, sophistication, and goals of China’s cyber warfare campaign against the United States. Without mentioning China by name, Obama said: “We know foreign countries and companies swipe our corporate secrets…. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing.”

view counter
view counter