Ramblings of an old Doc

 

The Intelligence Center of computer security firm Mandiant has identified the majority of highly sophisticated attacks on the U.S. to have originated by 4 networks in a bland, twelve story building in Shanghai which houses (allegedly) a super secret cyber warfare unit of China’s Army.

“Highlights of the report include:

  • Evidence linking APT1 to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Cover Designator 61398).
  • A timeline of APT1 economic espionage conducted since 2006 against 141 victims across multiple industries.
  • APT1′s modus operandi (tools, tactics, procedures) including a compilation of videos showing actual APT1 activity.
  • The timeline and details of over 40 APT1 malware families.
  • The timeline and details of APT1′s extensive attack infrastructure.

Mandiant is also releasing a digital appendix with more than 3,000 indicators to bolster defenses against APT1 operations. This appendix includes:

  • Digital delivery of over 3,000 APT1 indicators, such as domain names, IP addresses, and MD5 hashes of malware.
  • Thirteen (13) X.509 encryption certificates used by APT1.
  • A set of APT1 Indicators of Compromise (IOCs) and detailed descriptions of over 40 malware families in APT1′s arsenal of digital weapons.
  • IOCs that can be used in conjunction with Redline™, Mandiant’s free host-based investigative tool, or with Mandiant Intelligent Response® (MIR), Mandiant’s commercial enterprise investigative tool.”

- https://www.mandiant.com/blog/mandiant-exposes-apt1-chinas-cyber-espionage-units-releases-3000-indicators/?utm_source=rss&utm_medium=rss&utm_campaign=mandiant-exposes-apt1-chinas-cyber-espionage-units-releases-3000-indicators

Mandiant went on to say how the decision to publish outweighed and possibly impaired their own discovery methods for the public good.

You can read the report here:  http://intelreport.mandiant.com/

The Foreign Ministry of the PRC has denied the charge:

"To make groundless accusations based on some rough material is neither responsible nor professional," Hong told reporters at a regularly scheduled news conference. In a reiteration of China's standard response to such accusations, Hong said China strictly outlaws hacking and said the country itself was a major victim of such crimes, including attacks originating in the United States. "As of now, the cyberattacks and cybercrimes China has suffered are rising rapidly every year," Hong said.” – http://www.google.com/hostednews/ap/article/ALeqM5gqGzo86yXzI9q8-HN1zYXx7QVgog?docId=03e227bd185041cd95972d4dc26f2e20

Mandiant provided an advance copy of its report to The New York Times, saying it hoped to “bring visibility to the issues addressed in the report.” Times reporters then tested the conclusions with other experts, both inside and outside government, who have examined links between the hacking groups and the army (Mandiant was hired by The New York Times Company to investigate a sophisticated Chinese-origin attack on its news operations, but concluded it was not the work of Comment Crew, but another Chinese group. The firm is not currently working for the Times Company but it is in discussions about a business relationship.) - http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?smid=tw-nytimestech&seid=auto&_r=1&

President Obama signed an Executive Order last week which is essentially the most disputed part of CISPA, enabling companies to share threat related security information with the government.

“Under a directive signed by President Obama last week, the government plans to share with American Internet providers information it has gathered about the unique digital signatures of the largest of the groups, including Comment Crew and others emanating from near where Unit 61398 is based … There are huge diplomatic sensitivities here,” said one intelligence official, with frustration in his voice.

But Obama administration officials say they are planning to tell China’s new leaders in coming weeks that the volume and sophistication of the attacks have become so intense that they threaten the fundamental relationship between Washington and Beijing.” – ibid

To me this all means, “China holds too much American paper, the trade balance, the manufacturing capability, and basically has pwned us.”

In my opinion, this needs to stop. It needs to stop NOW. It’s time to protect our I.P., and our companies. Either grow a pair, or just give up and let China roll over us. Make it clear. Draw the line.

Sources:

http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?pagewanted=2&_r=1&seid=auto&smid=tw-nytimestech

http://intelreport.mandiant.com/

https://www.mandiant.com/blog/mandiant-exposes-apt1-chinas-cyber-espionage-units-releases-3000-indicators/?utm_source=rss&utm_medium=rss&utm_campaign=mandiant-exposes-apt1-chinas-cyber-espionage-units-releases-3000-indicators

http://www.theverge.com/2013/2/18/4003732/chinese-cyber-attacks-on-us-corporations-tied-to-army-base


Comments (Page 1)
2 Pages1 2 
on Feb 19, 2013

 

 As steve jobs once said: " Thermal Nuclear War" against the copyright infringement and cyber crime trying to steal their secrets.

on Feb 19, 2013

Yep, China.... seems like everything is made there, including a lot of criminals that should be drawn and quartered in a public square. I'd even watch and applaud!

on Feb 19, 2013

Here's a video of one of the thieves in action:

on Feb 19, 2013

To me this all means, “China holds too much American paper, the trade balance, the manufacturing capability, and basically has pwned us.”

This threat is always way overestimated. If China attempted to sell their American reserves it would have to be to someone and the market for US debt is such that it is highly unlikely to raise the interest rate on American bonds. In fact china is already attempting to sell American Bonds because they hate the fact that they are considered so safe they pay next to nothing. As a result China is investing a lot in some rather dubious places, but that's another story.

China can't even use money from selling those bonds at home. If they attempted to sell those American dollars to buy yuan it would cause their currency to rise because they keep it artificially low. This in turn would hurt their exporters in a time where domestic inflation and rising wages is already driving out a lot of manufacturing companies.

The real reason for the reluctance of the US in dealing with China has to do with fears of starting a trade war, which could lead to political tension, which could lead to a cold or even hot war. Since the US imports so much from China a trade war would cause significant inflation. Also all those American companies in China would get kicked out or get tariff-ed and lose a ton of money. A world where China goes rogue would be a much scarier place then the world we live in today. They have a lot of nukes. Don't forget China is ruled by a very secretive bureaucracy, and the recent Japanase situation has shown that they are willing to use nationalism in order to distract their citizens from domestic problems.  

The recent fascination with China as a rising power is pretty funny. For every problem the US has China has 10. China has massive poverty, environmental damage, social unrest, massive corruption, a huge underground banking system, and border disputes with all it's neighbors including Russia, and India. The US is well on its way to energy independence and will be able to largely withdraw from the Middle East. China on the other hand has a desperate need for more and more oil and produces next to nothing domestically. The US just likes building up bogeymen. They did it with the Soviets and the Japanese and now it's China's turn. The same people who think China is going to soon surpass the US economically and militarily are the same people who didn't see their rise a decade ago. You can't just look at current growth rates and say they will last forever and not change.

on Feb 19, 2013

Meh, our own country will be our demise, not China...

on Feb 19, 2013

nationalism is such a misused cliche. take your average person in hong kong. born and bred under british rule for all those decades, so you can't say they were brain washed by the commies. yet the sentiments over those islands or japan's past are basically the same, if not more vocal and visible. (note... as in they can march and protest and what fairly much at will, rather than having someone turning on the tap) difference is that they are not a bunch of morons going around bashing up their own shops and restaurants.

unfortunately other people just latch onto the nationalism aspect and conveniently put any and everything down to that instead.

the us currencies they hold are not much more than a load of scrap paper. they buy, they sell. holdings is almost always on the increase. nukes are all fairly immaterial. by nature they are defensive weapons, those who use it 1st are dead meat. matter of fact, the only country that would get away from using it has already done so. yes, you could get a nutter who wants to blow the whole world up, but hey.. they can be anywhere.

every country (with a few bucks and people) deals in cyber espionage. the question is not who's doing it but who gets caught doing it and who goes around telling people they got done. no different from your average espionage. you know, like bugging practically the whole of the un building?

on Feb 19, 2013

DsRaider
This threat is always way overestimated.

Possibly. I've done some research and found that 3% of our debt is in China's hands. That's fine. What isn't overestimated is China's trade power now and going into the future.

America and the west need really good cyber security. I doubt CISPA will do that. I think individual freedoms will be sacrificed in that exercise. People and companies have to start listening to responsible IT people and acting accordingly.

alaknebs
nukes are all fairly immaterial. by nature they are defensive weapons, those who use it 1st are dead meat.

You're assuming rationality and logic/common sense. You fail to comprehend the nature of hatred.

There is a place for logical thinking: Preventing countries/governments like Iran from obtaining nuclear weapons is extremely logical. It is also essential.

That again is not the subject of the OP.

on Feb 19, 2013

That video is kinda strange. Did they crack and hack a Chinese computer? Is that not like a cop using b&e tools, going into your house to look for b&e tools and show you on video how bad the guy is that the cop broke into?

I have to agree that they all do it, just more BS to take away more freedoms.

on Feb 19, 2013

DrJBHL
There is a place for logical thinking: Preventing countries/governments like Iran from obtaining nuclear weapons is extremely logical. It is also essential.

Please leave your politics out of your computing threads, you cant just harp that stuff and expect not to be harped back at.

on Feb 21, 2013

Odd you don't mention it was a response to another reply, also has nothing to do with politics per se: It has to do with cyber attacks.

I'm not clear about the "harping" reference.

 

on Feb 23, 2013

http://nation.time.com/2013/02/22/putting-chinas-hacking-army-into-perspective/

A good article that basically states a lot of the same points as I did but more professionally.

on Apr 26, 2013

Meh ... all countries collect data through illegal means. China get more press because the US are getting their butt hurt. The US has been doing it for a long time, they are not about to complain about themselves.

on May 06, 2013

Perhaps its time for many of these 'sensitive' It networks to be placed in a separate 'internet' with dedicated gateways that are not always 'on/open.'  Many of these military / sci /research entities could be kept separate from the world wide web.  Is constant access really needed? 

on May 06, 2013

ElanaAhova

Perhaps its time for many of these 'sensitive' It networks to be placed in a separate 'internet' with dedicated gateways that are not always 'on/open.'  Many of these military / sci /research entities could be kept separate from the world wide web.  Is constant access really needed? 

What I've been saying for years. If it's separate from the www, the machines to access it must be dedicated as well. What a boondoggle. One web must be totally isolated from the other, and no information shared between the two. Where's the infrastructure for that?

on May 07, 2013

Agree with you Doc.  Our proposal is 'too simple' a solution, Doc.  And simple doesn't seem, well, modern... 

2 Pages1 2