Tech companies, healthcare giants, defense contractors, top universities, the US government—you name it, Chinese cyber-spies have probably hacked it. And now, it seems likely, we can add one of the world’s preeminent marine research groups to the list.
Woods Hole Oceanographic Institution sustained a “sophisticated, targeted attack” that looks to have originated from China, according to Christopher Land, the organization’s general counsel and leader of its internal investigation. Continue reading
Washington (CNN) — China and “probably one or two other” countries have the capacity to shut down the nation’s power grid and other critical infrastructure through a cyber attack, the head of the National Security Agency told a Congressional panel Thursday.
Admiral Michael Rogers, who also serves the dual role as head of U.S. Cyber Command, said the United States has detected malware from China and elsewhere on U.S. computers systems that affect the daily lives of every American.
“It enables you to shut down very segmented, very tailored parts of our infrastructure that forestall the ability to provide that service to us as citizens,” Rogers said in testimony before the House Intelligence Committee. Continue reading
Secret military cyber unit masked activities after exposure
The recent exposure of a secret Chinese military cyber warfare unit has not led to a decrease in cyber espionage against U.S. government and private networks, according a draft congressional China commission report.
Instead, the Chinese military group temporarily limited its large-scale cyber espionage campaign and took steps to mask its activities, according to a forthcoming report by the U.S.-China Economic and Security Review Commission.
The report concludes that the Chinese government is engaged in a concerted campaign of cyber attacks led by a Shanghai-based unit. Continue reading
The clandestine army unit, known as Unit 61398, “went quiet for a while — they changed the nature of their activities, they removed some of the tools that they had been using inside of different companies,” said Richard Bejtlich of Mandiant, which specializes in defending companies from cyber attacks and purging malware from computer networks that have been breached. Continue reading
For further information on SCADAs, please see the following Global Geopolitics entries that were ahead of the curve:
- Security backdoor found in China-made US military chip
- UPDATE 3: U.S. probes cyber attack on water system
“Red Dragon Rising: Communist China’s Military Threat to America” from 1999 is a highly recommended read. The United States is in more vulnerable than most people know, and longer than most people would have thought.
Cyberspies linked to China’s military targeted nearly two dozen US natural gas pipeline operators over a recent six-month period, stealing information that could be used to sabotage US gas pipelines, according to a restricted US government report and a source familiar with the government investigation.
From December 2011 through June 2012, cyberspies targeted 23 gas pipeline companies with e-mails crafted to deceive key personnel into clicking on malicious links or file attachments that let the attackers slip into company networks, says the Department of Homeland Security (DHS) report.
The report does not mention China, but the digital signatures of the attacks have been identified by independent cybersecurity researchers as belonging to a particular espionage group recently linked to China’s military.
The confluence of these factors – along with the sensitive operational and technical details that were stolen – make the cyberbreaches perhaps among the most serious so far, some experts say. The stolen information could give an adversary all the insider knowledge necessary to blow up not just a few compressor stations but perhaps many of them simultaneously, effectively holding the nation’s gas infrastructure hostage. Nearly 30 percent of the nation’s power grid now relies on natural gas generation.
“This theft of key information is about hearing the footsteps get closer and closer,” says William Rush, a retired scientist formerly with the Gas Technology Institute who chaired the effort to create a cybersecurity standard applicable to the gas pipeline industry.
“Anyone can blow up a gas pipeline with dynamite. But with this stolen information, if I wanted to blow up not one, but 1,000 compressor stations, I could,” he adds. “I could put the attack vectors in place, let them sit there for years, and set them all off at the same time. I don’t have to worry about getting people physically in place to do the job, I just pull the trigger with one mouse click.” Continue reading
The Obama administration plan to counter massive cyber espionage from China will not focus on a single country, a White House official said.
The administration is set to release its “Strategy to Mitigate the Theft of U.S. Trade Secrets” at a press conference of senior officials, including Attorney General Eric Holder.
“This strategy is not focused on any one country nor is it focused on cybersecurity exclusively, though cyber does play an important role in the strategy,” the official said. Continue reading
On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.
The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.
An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area. Continue reading