US group takes aim at China's role in cyber wars

The report identifies a number of individual hackers, including “UglyGorilla”, who has registered domains associated with APT1 and written malware, who expressed his interest in China’s “cyber troops” in January 2004. Another hacker called “DOTA” has registered dozens of email accounts used to conduct social engineering and “phishing” attacks.

Once the hackers establish access, they periodically revisit the victim’s network over several months or years and steal broad categories of intellectual property, including blueprints, manufacturing processes, test results, business plans, pricing documents, partnership agreements, as well as emails and contact lists from the victim organisation’s leadership.

Sceptical eyebrow

Beijing denies the reports, and says that it is a victim of hacking and denies that it is involved in cyber warfare. China’s foreign ministry raised a sceptical eyebrow about the evidence in the report. Beijing’s line is that cyber attacks are global, anonymous and deceptive, and their true sources are not easy to identify. “Hacking attacks are transnational and anonymous. Determining their origins is extremely difficult. We don’t know how the evidence in this so-called report can be tenable,” spokesman Hong Lei told a regular news briefing.

Computer security experts say the key to the success of the cyber wars is deniability. The cyber spies use third-party computers in other countries as a way of covering their tracks. It’s not just the Chinese government that is sceptical, and analysts have criticised what they see as over-reliance on Mandiant as a source, and also failure to recognise that everyone is at it.

Around 60 per cent of attacks on US national defence systems are said to emanate from within America. That leaves 40 per cent for the rest of the world, which means that it can’t all be China. “My problem with this report is not that I don’t believe that China engages in massive amounts of cyber espionage,” Jeffrey Carr, founder and CEO of Taia Global Inc and the author of Inside Cyber Warfare, wrote on his blog.

“I know that they do – especially when an executive that we worked with travelled to Beijing to meet with government officials with a clean laptop and came back with one that had been breached while he was asleep in his hotel room. My problem is that Mandiant refuses to consider what everyone that I know in the intelligence community acknowledges – that there are multiple states engaging in this activity; not just China,” he said. “Mandiant simply did not succeed in proving that Unit 61398 is their designated APT1 aka Comment Crew.”

The Chinese blame the US, saying Washington is talking up threats from cyberspace to help stop plans by the Obama administration to cut defence spending. IP addresses alone do not provide proof of hackers’ origins, or whether the government is behind them. To deal with cyber attack allegations, there should be more dialogue, cooperation and regulation, rather than focusing on an imaginary enemy and demonising it, said Yuan Peng, an expert on US studies at the China Institute of Contemporary International Relations.