Beyond the Bubble

By Danny Zhang

In late February, a high-profile report from cyber security company Mandiant documented in detail what appears to be a coordinated hacking campaign from the Chinese military, which has long targeted not only U.S. government networks but those of large corporations and media outlets.

The New York Times published an article in January detailing security compromises in the company’s computer system from Chinese hackers in recent months. In particular, after the Times published an investigative article probing the family wealth of outgoing Premier Wen Jiabao, hackers successfully gained entry into the company’s network, including the email accounts of the two reporters who worked on the Wen story.

In early November, the company hired security firm Mandiant to expunge the hackers. Mandiant determined that the attacks were diverted through compromised networks within the United States. In the days following the Times story, The Wall Street Journal, The Washington Post and Bloomberg also reported that their networks had been infiltrated on and off since 2008.

The Mandiant report traces the origins of these and other recent cyber-attacks to an office building in Shanghai, which serves as the headquarters of Unit 61398 of China’s People’s Liberation Army. American intelligence officials working in both the executive branch and Congress concur with the findings and have reportedly been aware of the origin of these attacks for years.

The group of hackers is commonly known in national security circles and their corporation victims as “Comment Crew” or “Shanghai Group.” Comment Crew uses spearphishing techniques in most of their attacks, sending emails to targets with links that once clicked on, gives system access to the hackers. In addition to major media outlets, they have persistently aimed to infiltrate networks at the Departments of Defense and State, the Coca-Cola Company, as it negotiated the acquisition of a huge Chinese juice company, and military contractor giant Lockheed Martin.

Overall, Comment Crew has gained access to companies from 20 industries since 2006. It has stolen all kinds of documents ranging from technology blueprints to business secrets to oil pipeline project files.

Government officials and industry experts are especially concerned about Comment Crew’s ability to wreak havoc by infiltrating major infrastructure networks like electricity and gas line grids. President Barack Obama even addressed the issue in his State of the Union Address on Feb. 12, without specifically calling out China or other perpetrators.

Last week, China’s Defense Ministry stated that it too was the victim of repeated cyber attacks, 140,000 of them per month, most of which originate from the United States.

“China resolutely opposes hacking actions and has established relevant laws and regulations and taken strict law enforcement measures to defend against online hacking activities,” responded a Chinese government spokesperson to the recent public accusations.

The escalation of cyber attacks traded between the two countries threatens a delicate bilateral relationship between the United States and China. White House officials insist that they have repeatedly brought up the issue in meetings with Chinese leaders, but are considering more serious action if the Chinese do not relent. However, former Secretary of State Hillary Clinton stressed that China is not the only nation that is directing attacks at the U.S.

In recent months, lawyers and intelligence officials in the U.S. government have been working to establish rules and plans for defense against cyber warfare. Due to the potency of these weapons to severely paralyze a country’s infrastructure networks, Obama is expected to have sole authority over their use. In 2011, President Obama ordered an attack on computers in Iran to disrupt that country’s nuclear program without affecting other civilian networks.