Hints and rumors have long circulated that many hacking attacks against US businesses and government agencies originated in China. Many observers also suspected that the Chinese military was involved in these cyber-attacks.
Now the Chinese military connection has gone well beyond hints, rumors, and suspicions. According to the New York Times, a US cyber-security firm has traced some 90 percent of hacking attacks against US business and government to a single small neighborhood in Shanghai. And – almost certainly not by coincidence – this neighborhood includes a 12-story building that houses a Chinese military cyber operation.
NYT reporters David E. Sanger, David Barboza, and Nicole Perlroth identify the building's occupants as People's Liberation Army (PLA) Unit 61398. More officially, according to very rare Chinese military descriptions, it is the 2nd Bureau of the People’s Liberation Army’s General Staff Department’s 3rd Department.
To US cybersecury analysts, however, Unit 61398 is better known as "Comment Crew," also sometimes called "Shanghai Group."
Mandiant, the company that provided its 60-page report on Comment Crew to the NYT, was also hired to investigate a cyber attack on the paper. (The attack was traced to a different Chinese group, not Comment Crew.)
As early as 2011, however, Comment Crew was identified by another cybersecurity group, the Project 2049 Institute, as the "premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence."
Among Comment Crew's targets have been the Coca-Cola company, which was attacked in the course of ultimately-unsuccessful negotiations to buy a Chinese beverage firm. Most recently, however, Comment Crew has raised eyebrows in US security circles by targeting firms associated with infrastructure systems for oil, gas, and electricity.
For US officials, dealing with growing cyber-security worries about China involves a diplomatic thicket. The NYT piece quotes one US security official as saying, with apparent frustration, that "There are huge diplomatic sensitivities here."
The sensitivities are not just about the complicated US relationship with China. The US has its own active covert cyber-operations: Its security agencies are widely believed to have launched the Stuxnet worm that wrecked thousands of Iranian nuclear-enrichment centrifuges.
For its part, the Chinese government has unsurprisingly rejected the criticism, denouncing the accusations as unfounded. But President Obama's recent State Of The Union message made pointed references to cyber-threats, even if he did not mention China by name.
