Beijing hotly denies accusations of official involvement in massive cyberattacks against foreign targets, insinuating such activity is the work of rogues. However, at least one piece of evidence cited by experts points to professional cyberspies: China’s hackers do not work weekends.
Accusations of state-sanctioned hacking took center stage this past week following a detailed report by US-based Internet security firm Mandiant. It added to growing suspicion that the Chinese military is not only stealing national defense secrets and harassing dissidents, but also pilfering information from foreign companies that could be worth millions or even billions of US dollars.
Experts say Chinese hacking attacks are characterized not only by their brazenness, but by their persistence.
“China conducts at least an order of magnitude more than the next country,” said Martin Libicki, a specialist on cyberwarfare at the Rand Corp, based in Santa Monica, California.
The fact that hackers take weekends off suggests they are paid, and that would belie “the notion that the hackers are private,” he said.
Libicki and other cyberwarfare experts have long noted a Monday-through-Friday pattern in the intensity of attacks believed to come from Chinese sources, though there has been little evidence released publicly directly linking the Chinese military to the attacks.
Mandiant went a step further in its report on Tuesday saying that it had traced hacking activities against 141 foreign entities in the US, Canada, Britain and elsewhere to a group of operators known as the “Comment Crew” or “APT1,” for “Advanced Persistent Threat 1,” which it traced back to the People’s Liberation Army (PLA) Unit 61398. The unit is headquartered in a nondescript 12-story building inside a military compound in a crowded suburb of China’s financial hub of Shanghai.
Attackers stole information about pricing, contract negotiations, manufacturing, product testing and corporate acquisitions, the company said.
Hacker teams regularly began work, for the most part, at 8am Beijing time. Usually they continued for a standard work day, but sometimes the hacking persisted until midnight. Occasionally, the attacks stopped for two-week periods, Mandiant said, though the reason was not clear.
China denies any official involvement, calling such accusations “groundless” and insisting that Beijing is itself a major victim of hacking attacks, the largest number of which originate in the US.
While not denying hacking attacks originated in China, Chinese Ministry of Foreign Affairs spokesman Hong Lei (洪磊) said on Thursday that it was flat out wrong to accuse the Chinese government or military of being behind them.
Mandiant and other experts believe Unit 61398 to be a branch of the PLA General Staff’s Third Department responsible for collection and analysis of electronic signals such as e-mails and phone calls. It and the Fourth Department, responsible for electronic warfare, are believed to be the PLA units mainly responsible for infiltrating and manipulating computer networks.
China acknowledges pursuing these strategies as a key to delivering an initial blow to an opponent’s communications and other infrastructure during wartime — but the techniques are often the same as those used to steal information for commercial use.
China has consistently denied state-sponsored hacking, but experts say the office hours that the cyberspies keep point to a professional army rather than mere hobbyists or so-called “hacktivists” inspired by patriotic passions.
Mandiant noticed this same pattern while monitoring attacks on the New York Times last year, blamed on another Chinese hacking group it labeled APT12..
Libicki said he was not aware of any comprehensive studies, but that in such cases most activity between malware embedded in a compromised system and the malware’s controllers takes place during business hours in Beijing’s time zone.
Richard Forno, director of the University of Maryland Baltimore County’s graduate cybersecurity program, and David Clemente, a cybersecurity expert with independent analysis center Chatham House in London, said that this observation has been widely noted among cybersecurity specialists.
“It would reflect the idea that this is becoming a more routine activity and that they are quite methodical,” Clemente said.
The PLA’s Third Department is brimming with resources, according to studies commissioned by the US government, with 12 operation bureaus, three research institutes and an estimated 13,000 linguists, technicians and researchers as staff. It is further reinforced by technical teams from China’s seven military regions spread across the country and by the military’s vast academic resources, especially the PLA University of Information Engineering and the Academy of Military Sciences.
The PLA is believed to have made cyberwarfare a key priority in its capabilities more than a decade ago. Among the few public announcements of its development came in a May 25, 2011, news conference by Chinese Ministry of National Defense spokesman Geng Yansheng (耿雁生), in which he talked of developing China’s “online” army.
“Currently, China’s network protection is comparatively weak,” Geng said, adding that enhancing information technology and “strengthening network security protection are important components of military training for an army.”
Unit 61398 is considered just one of many such units under the Third Department responsible for hacking, according to experts.
Greg Walton, a cybersecurity researcher who has tracked Chinese hacking campaigns, said he has observed the “Comment Crew” at work, but cites another Third Department unit operating out of the southwestern city of Chengdu as equally active. It is tasked with stealing secrets from Indian government security agencies and think tanks, together with the India-based Tibetan government-in-exile, Walton said.
Another hacking outfit believed by some to have PLA links, the “Elderwood Group,” has targeted defense contractors, human rights groups, non-governmental organizations and service providers, according to computer security company Symantec.
It is believed to have compromised Amnesty International’s Hong Kong Web site in May last year, although other attacks have gone after targets as diverse as the US Council on Foreign Relations and Capstone Turbine Corp, which makes gas microturbines for power plants.
Civilian departments believed to be involved in hacking include those under China’s Ministry of Public Security, which commands the police, and the Ministry of State Security, one of the leading clandestine intelligence agencies.
The Ministry of State Security is especially suspected in attacks on foreign academics studying Chinese social issues and unrest in the western regions of Tibet and Xinjiang.
Below them on the hacking hierarchy are private actors, including civilian universities and research institutes, state industries in key sectors such as information technology and resources, and college students and other individuals acting alone or in groups, according to analysts, Forno said.
China’s government is not alone in being accused of cyberespionage, but observers say it has outpaced its rivals in using military assets to steal commercial secrets.
“Stealing secrets is stealing secrets regardless of the medium...the key difference is that you can’t easily arrest such electronic thieves since they’re most likely not even in the country, which differs from how the game was played during the Cold War,” Farno said.
Taiwan faces complex challenges like other Asia-Pacific nations, including demographic decline, income inequality and climate change. In fact, its challenges might be even more pressing. The nation struggles with rising income inequality, declining birthrates and soaring housing costs while simultaneously navigating intensifying global competition among major powers. To remain competitive in the global talent market, Taiwan has been working to create a more welcoming environment and legal framework for foreign professionals. One of the most significant steps in this direction was the enactment of the Act for the Recruitment and Employment of Foreign Professionals (外國專業人才延攬及僱用法) in 2018. Subsequent amendments in
The recent passing of Taiwanese actress Barbie Hsu (徐熙媛), known to many as “Big S,” due to influenza-induced pneumonia at just 48 years old is a devastating reminder that the flu is not just a seasonal nuisance — it is a serious and potentially fatal illness. Hsu, a beloved actress and cultural icon who shaped the memories of many growing up in Taiwan, should not have died from a preventable disease. Yet her death is part of a larger trend that Taiwan has ignored for too long — our collective underestimation of the flu and our low uptake of the
US President Donald Trump on Saturday signed orders to impose tariffs on Canada, Mexico and China effective from today. Trump decided to slap 25 percent tariffs on goods from Mexico and Canada as well as 10 percent on those coming from China, but would only impose a 10 percent tariff on Canadian energy products, including oil and electricity. Canada and Mexico on Sunday quickly responded with retaliatory tariffs against the US, while countermeasures from China are expected soon. Nevertheless, Trump announced yesterday to delay tariffs on Mexico and Canada for a month and said he would hold further talks with
Taiwan’s undersea cables connecting it to the world were allegedly severed several times by a Chinese ship registered under a flag of convenience. As the vessel sailed, it used several different automatic identification systems (AIS) to create fake routes. That type of “shadow fleet” and “gray zone” tactics could create a security crisis in Taiwan and warrants response measures. The concept of a shadow fleet originates from the research of Elisabeth Braw, senior fellow at the Washington-based Atlantic Council. The phenomenon was initiated by authoritarian countries such as Iran, North Korea and Russia, which have been hit by international economic
RSS