BEIJING/SAN FRANCISCO — A secretive Chinese military unit is believed to be behind a series of hacking attacks, a US computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of US hacking. The company, Mandiant, identified the People's Liberation Army's Shanghai-based Unit 61398 as the most likely driving force behind the hacking. Mandiant said it believed the unit had carried out “sustained” attacks on a wide range of industries. “The nature of ‘Unit 61398's' work is considered by China to be a state secret; however, we believe it engages in harmful ‘Computer Network Operations',” Mandiant said in a report released in the United States on Monday. “It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively,” it said. The Chinese Foreign Ministry said the government firmly opposed hacking, adding that it doubted the evidence provided in the report. Unit 61398 is located in Shanghai's Pudong district, China's financial and banking hub, and is staffed by perhaps thousands of people proficient in English as well as computer programming and network operations, Mandiant said in its report. The unit had stolen “hundreds of terabytes of data from at least 141 organizations across a diverse set of industries beginning as early as 2006”, it said. Most of the victims were located in the United States, with smaller numbers in Canada and Britain. The information stolen ranged from details on mergers and acquisitions to the emails of senior employees, the company said. Some experts said they doubted Chinese government denials of military involvement in the hacking. “The PLA plays a key role in China's mulch-faceted security strategy, so it makes sense that its resources would be used to facilitate economic cyber espionage that helps the Chinese economy,” said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike, one of Mandiant's competitors. Mandiant has never before given the apparent proper names of suspected hackers or directly tied them to a military branch of the Chinese government, giving the new report special resonance. The company published details of the attack programs and dummy websites used to infiltrate US companies, typically via deceptive emails. US officials have complained in the past to China about sanctioned trade-secret theft, but have had a limited public record to point to. Mandiant traced Unit 61398's presence on the Internet — including registration data for a question-and-answer session with a Chinese professor and numeric Internet addresses within a block assigned to the PLA unit — and concluded that it was a major contributor to operations against the US companies. Members of Congress and intelligence authorities in the United States have publicized the same general conclusions: that economic espionage is an official mission of the PLA and other elements of the Chinese government, and that hacking is a primary method. In November 2011, the US National Counterintelligence Executive publicly decried China in particular as the biggest known thief of US trade secrets. The Mandiant report comes a week after President Barack Obama issued a long-awaited executive order aimed at getting the private owners of power plants and other critical infrastructure to share data on attacks with officials and to begin to follow consensus best practices on security. Both US Democrats and Republicans have said more powerful legislation is needed, citing Chinese penetration not just of the largest companies but of operations essential to a functioning country, including those comprising the electric grid. — Reuters
