China says US hacking accusations lack technical proof

Reuters, BEIJING

Thu, Feb 21, 2013 - Page 1

Accusations by a US computer security company that a secretive Chinese military unit is likely behind a series of hacking attacks are scientifically flawed and hence unreliable, the Chinse Ministry of National Defense said yesterday.

The statement came after the White House said that US President Barack Obama’s administration has repeatedly taken up its concerns about cybertheft at the highest levels of the Chinese government, including with Chinese military officials.

The security company, Mandiant, identified the People’s Liberation Army’s (PLA) Shanghai-based Unit 61398 as the most likely driving force behind the hacking. Mandiant said it believed the unit had carried out “sustained” attacks on a wide range of industries.

The defense ministry, which has already denied the charges, went further in a new statement, slamming Mandiant for relying on spurious data.

“The report, in only relying on linking IP address to reach a conclusion the hacking attacks originated from China, lacks technical proof,” the ministry said in a statement on its Web site.

“Everyone knows that the use of usurped IP addresses to carry out hacking attacks happens on an almost daily basis,” it added.

“Second, there is still no internationally clear, unified definition of what consists of a ‘hacking attack.’ There is no legal evidence behind the report subjectively inducing that the everyday gathering of online [information] is online spying,” it said.

As hacking is a cross-border, anonymous and deceptive phenomenon, by its very nature it is hard to work out exactly where hacks originated, the statement said.

Chinese Ministry of Foreign Affairs spokesman Hong Lei (洪磊), asked about the US taking up its concerns about hacking with Beijing, said: “China and the US have maintained communication over the relevant issue.”

Unit 61398 is located in Shanghai and is staffed by perhaps thousands of people proficient in English, as well as computer programming and network operations, Mandiant said in its report.

The unit had stolen “hundreds of terabytes of data from at least 141 organizations across a diverse set of industries beginning as early as 2006,” it said.

However, the defense ministry said China’s own figures show that a “considerable” number of hacking attacks it is subjected to come from the US.

“But we don’t use this as a reason to criticize the United States,” the ministry said.

Meanwhile, the US is developing more aggressive responses to the theft of US government data and corporate trade secrets. A report scheduled for release yesterday considers fines and other trade actions against China or any other country guilty of cyberespionage.