U.S. Security Firm Alleges Massive Chinese Hacking
Byline: Associated Press
BEIJING Cyberattacks that stole massive amounts of information from military contractors, energy companies and other key industries in the U.S. and elsewhere have been traced to the doorstep of a Chinese military unit, a U.S. security firm alleged Tuesday.
Chinas Foreign Ministry dismissed the report as "groundless," and the Defense Ministry denied involvement in hacking attacks.
China has frequently been accused of hacking, but the report by Mandiant Corp. contains some of the most extensive and detailed accusations to date linking its military to a wave of cyberspying against U.S. and other foreign companies and government agencies.
Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a drab, white 12-story office building run by "Unit 61398" of the Peoples Liberation Army.
The unit "has systematically stolen hundreds of terabytes of data from at least 141 organizations," Mandiant wrote. The U.S. Library of Congress 2006-2010 Twitter archive of about 170 billion tweets totals 133.2 terabytes.
"From our observations, it is one of the most prolific cyberespionage groups in terms of the sheer quantity of information stolen," the company said. It added the unit has operated since at least 2006.
Mandiant said it decided revealing the results of its investigation was worth the risk of the hackers changing their tactics and becoming even more difficult to trace.
"It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively," it said.
Graham Cluley, a British cybersecurity expert, said people in the computer industry believe Chinas government is behind such attacks but have been unable to confirm the source.
"None of us would be very surprised or be uncomfortable saying we strongly suspect the Chinese authorities are involved in spying this way," said Cluley, a senior technology consultant for security firm Sophos in Britain.
In a statement faxed to The Associated Press, the Defense Ministry firmly rejected any involvement in hacking, saying Chinese law forbids all activities harming Internet security.
"The Chinese government has always firmly combated such activities and the Chinese military has never supported any form of hacking activity," the ministry said. "Statements to the effect that the Chinese military takes part in Internet attacks are unprofessional and are not in accordance with the facts."
Chinese Foreign Ministry spokesman Hong Lei did not directly address the claims, but when questioned on the report Tuesday, he said he doubted the evidence would withstand scrutiny. …