China says most cyberattacks against its infrastructure come from the U.S.

By LUIS MIRANDA | THE REAL AGENDA | MARCH 20, 2013

China also has its own proof that the United States is the main threat to its infrastructure, or so they say.

A Chinese official report states that many of the cyber attacks against China come from the United States and that the threat to the cyber security of its websites is “growing”.

According to the report, which echoes the official report cited by Xinhua news agency last year, says that hackers attacked 16,388 Chinese websites, including 1802 pages that belong to the government. This numbers, says the report, represent an increase of 21.5 and 6.1 percent year on year, respectively.

The research, conducted by the National Coordination Center for Emergency Response (CNCERT), also states that in 2012 nearly 73,000 foreign IP addresses attacked about 14.2 million Chinese servers with computer viruses like “Trojan” or “botnet”, and that these activities came, in large part from the U.S..

The same agency said it detected 22,308 phishing sites, the majority (96.2%) from foreign servers, especially the U.S. (83.2%).

CNCERT further indicates that the cyber security risks increase with the application of new technologies such as computer services in the cloud, that as they stress, complicate the fight against cyber attacks.

Therefore, the report urged Chinese institutions to increase research efforts to improve cybersecurity protection for nearly 600 million Chinese Internet users, the world’s largest community.

China and the U.S. spent months locked in a campaign of mutual accusations of cyber espionage.

Last February, a report by a U.S. company specializing in Internet security reported that many of the cyber attacks against the U.S. have their origin in a Chinese army unit.

Beijing categorically denied the charge adding that it is also the victim of numerous attacks, which have increased over the years and most of them are from the North American country.

In his first press conference as Prime Minister of China, Li Keqiang, argued that the government “does not support the hacking” and described as “baseless” U.S. allegations that the Chinese government had any involvement in the attempts to hack into American infrastructure.

On 19 February, a report by the U.S.-based company Mandiant accused the Chinese military of being behind a series of cyber attacks against businesses, institutions and infrastructure in the U.S.. That was not the first time that China received accusations of this type, although the novelty at that time was that the report localized in detail the origins of the attacks. According to Mandiant, a Chinese army building in a suburb of Shanghai was responsible for most if not all of the attacks.

Is the U.S. stepping up Internet control push over unproven hacking allegations?

By BARRY GREY | WSW | FEBRUARY 21, 2013

The Obama administration is utilizing unsubstantiated charges of Chinese government cyber-attacks to escalate its threats against China. The past two days have seen allegations of hacking into US corporate and government web sites, hyped by the US media without any examination of their validity, employed to disorient the American public and justify an expansion of the Obama administration’s drive to isolate China and prepare for an eventual military attack.

The accusations of hacking against China will also be used to justify increased domestic surveillance of computer and Internet communications, as well as an expanded use of cyber warfare methods internationally.

The New York Times, functioning once again as a conduit for the Pentagon and the CIA, has taken the lead in the latest provocation against Beijing. On Tuesday it published a bellicose front-page article headlined “China’s Army Seen as Tied to Hacking Against US,” and carrying the ominous subhead “Power Grid is a Target.”

The article drips with cynicism and hypocrisy. It is well known that the United States is the world’s most ruthless practitioner of cyber warfare. The article itself acknowledged that the US worked with Israel to disrupt the Iranian nuclear program by introducing the Stuxnet virus into Iran’s computer systems. That bit of sabotage—itself an illegal act of aggression—was accompanied by a series of assassinations of Iranian scientists carried out by Israel with Washington’s support.

The sprawling front-page article, which continued on an entire inside page of the newspaper, was based on a 60-page report released that day by a private computer security firm with close ties to the Times, as well as to the US military and intelligence agencies. The report by Mandiant—founded by a retired Air Force officer and based in Alexandria, Virginia—provides no real evidence to substantiate its claim that a unit of China’s People’s Liberation Army based in Shanghai is directing hacking attacks on US corporations, organizations and government institutions.

In its report, Mandiant claims to have tracked 141 cyber attacks by the same Chinese hacker group since 2006, 115 of which targeted US corporations. On the basis of Internet footprints, including Internet provider addresses, Mandiant concludes that 90 percent of the hacking attacks come from the same neighborhood in Shanghai. It then notes that the headquarters of Unit 61398 of the People’s Liberation Army is located in that neighborhood. From this coincidence, Mandiant draws the entirely unwarranted inference that the cyber-attacks are coming from the PLA building.

As the Times admits in its article, “The firm was not able to place the hackers inside the 12-story [PLA Unit 61398 headquarters] building…” The newspaper goes on to report that “Mandiant also discovered an internal China Telecom memo discussing the state-owned telecom company’s decision to install high-speed fiber-optic lines for Unit 61398’s headquarters.” One can only assume that Mandiant “discovered” this memo by carrying out its own hacking of Chinese computers.

Chinese spokesmen have denied any involvement by the government or the military in hacking attacks and dismissed the Mandiant report as lacking any proof of its charges. The Chinese Ministry of Defense released a statement Wednesday pointing out that Internet provider addresses do not provide a reliable indication of the origin of hacking attacks, since hackers routinely usurp IP addresses. A Foreign Ministry spokesman pointed out that China is constantly being targeted by hackers, most of which originate in the US.

The Chinese position was echoed by Dell Secureworks cyber-security expert Joe Stewart, who told the Christian Science Monitor: “We still don’t have any hard proof that [the hacker group] is coming out of that [PLA Unit 61398’s] building, other than a lot of weird coincidence pointing in that direction. To me, it’s not hard evidence.”

The Obama administration followed up the Times article, which sparked a wave of frenzied media reports of Chinese cyber-attacks, by announcing on Wednesday that it would step up diplomatic pressure and consider more punitive laws to counter what it described as a wave of trade secret theft by China and other countries. The Associated Press reported that the administration was discussing “fines, penalties and tougher trade restrictions” directed against China.

The latest propaganda attack points to an escalation of the US offensive against China that went by the name “pivot to Asia” in Obama’s first term. That policy included whipping up territorial disputes in the East China and South China seas between China and a series of countries in East Asia, including Japan, Vietnam and the Philippines.

It has also included the establishment of closer military ties and new US installations in a number of countries, including India and Australia, to militarily encircle China.

The Times concluded its article by reporting that “The mounting evidence of state sponsorship… and the growing threat to American infrastructure are leading officials to conclude that a far stronger response is necessary.” It cited Rep. Mike Rogers, the Republican chairman of the House Intelligence Committee, as saying that Washington must “create a high price” to force the Chinese to back down.

In an editorial published Wednesday, the Times noted that the administration has decided to give US Internet providers and anti-virus vendors information on the signatures of Chinese hacker groups, leading to a denial of access to US networks for these groups. It also reported that President Obama last week signed an executive order authorizing increased sharing of information on cyber threats between the government and private companies that oversee critical infrastructure, such as the electrical grid.

The Wall Street Journal in its editorial called for “targeted sanctions” against Chinese individuals and institutions.

The background to this new salvo of anti-China propaganda underscores that it is part of an aggressive expansion of US military capabilities, both conventional and cyber-based. Obama raised the issue of cyber war in his February 12 State of the Union address, accusing US “enemies” of seeking to “sabotage our power grid, our financial institutions, our air traffic control systems,” and insisting that action be taken against such attacks.

In the same speech, he defended his drone assassination program, which is based on the claim that the president has the unlimited and unilateral power to order the murder of anyone anywhere in the world, including US citizens.

Last October, Obama signed an executive order expanding military authority to carry out cyber-attacks and redefine as “defensive” actions that would previously have been considered acts of aggression—such as the cutting off of computer networks. Around the same time, Defense Secretary Leon Panetta gave a bellicose speech in which he warned of a “cyber Pearl Harbor.” Panetta told Time magazine: “The three potential adversaries out there that are developing the greatest capabilities are Russia, China and Iran.”

At the end of January, the New York Times accused Chinese authorities of hacking into its news operations, a charge that was quickly seconded by the Washington Post and the Wall Street Journal. That same week, the Washington Post reported that the US military had approved a five-fold increase of personnel in its Cyber Command. Days later, the Times reported on its front page that the Obama administration had concluded that the president had the power to authorize pre-emptive cyber war attacks.

This bellicose posture toward China and expansion of cyber warfare methods goes hand in hand with growing threats to democratic rights at home. The cyber war plans include options for military action within the US. The Times reported earlier this month that the military “would become involved in cases of a major cyber-attack within the United States” under certain vaguely defined conditions.

Efforts to increase government control of the Internet and surveillance of Internet communications are being stepped up. Just last week, Rep. Rogers of Michigan and Democratic Senator Dutch Ruppersberger of California reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA). The bill died in the Senate last year in the midst of protests over provisions allowing the government to spy on emails and other Internet-based communications.

U.S. says it’s ready to strike back at Chinese cyber attackers

By LUIS MIRANDA | THE REAL AGENDA | FEBRUARY 20, 2013

As The Real Agenda informed yesterday, a new report issued by internet security company Mandiant has concluded that some of the most visible cyber attacks on U.S. based companies and government entities are coming from China. This wasn’t a secret at all, since much of the equipment used in American companies and institutions are either manufactured in China or have Chinese-made components. According to experts, it is precisely through this components that the Chinese hackers may be entering sensible systems in government and large corporations such as banks and media outlets.

The accusation made by Mandiant established that the Chinese military is responsible for hacking into government and private computer systems to steal data in an attempt to get its hands on trade secrets and information about infrastructure. Today, the Obama administration is said to be weighing a list of fines and commercial punishment to stop the Chinese and any other government-sponsored cyber attack.

Research conducted by Mandiant in the last three years, shows that attacks on American government agencies, and private companies are coming directly from a Chinese-based operation in Shanghai. The existence of this entity and the purpose of its operations are well-known by the Asian government, says Mandiant.

The Associated Press reports today that American officials familiar with the U.S. plans, the White House will present a report with preliminary proposals to address the Chinese threat. It is not clear whether this proposals are real actions that the U.S. government will take, has taken already or if it is only a way to publicly show concern about the attacks while privately maneuvering in a different direction. The U.S. report will speak again about the imminent cyber threat previously described by people like Leon Panetta, who earlier this year and late in 2012 spoke about the possibility of a possible ‘cyber Pearl Harbor’.

Mandiant’s report, which apparently was requested by a group of private companies reveal that more than 140 enterprises were attacked by the People’s Liberation Army’s Unit 61398. The attacks were carried out after the hackers breached security protocols in those companies which supposedly enabled them to steal sensible information about their operations as well as private data about their customers. Along with Mandiant’s report, military experts believe that the hackers are part of China’s cyber command which works directly under orders from the Joint Chiefs of Staff. This would mean that the cyber attacks are authorized by people in important positions who work for China’s military.

“If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three or four times, the president would be on the phone and there would be threats of retaliation,” said former FBI executive assistant director Shawn Henry to AP. Both Mandiant’s report and the U.S. government’s recognition of the alleged Chinese threat, puts even more pressure on the Americans to show firmness in their actions. Simply talking about the threat will not solve anything. The Americans will have to retaliate strongly against the hackers and / or begin direct public talks with the Chinese military in order to sort out the details of the attacks.

According to Mandiant, this division of the Chinese Army employs thousands of people modern programming techniques and network management, which means that it counts with the support of important people and government organizations. The alleged Chinese military unit has stolen hundreds of terabytes of data since its activities were first registered in 2006″.

Although many of the alleged corporate victims are based in the United States, Canadian and British companies have also been attacked. In the case of the Canadians and British, hackers have accessed and stolen information about business transactions, mergers, acquisitions, and emails from senior managers.

“We believe APT1 can continue a campaign of cyber espionage in large part because it receives direct support from the Chinese government,” says Mandiant, identifying APT1 with Unit 61398. The same way that APT1 seems to be conducting cyber espionage activities on American, Canadian and British companies and government agencies, it is clear that American intelligence and spying agencies also conduct operations to learn about what other countries are up to.

“In a state that rigorously monitors Internet use, it is highly unlikely that the Chinese government is unaware of an attack group that operates from the Pudong New Area of Shanghai,” says the Mandiant report. APT1 “systematically stole hundreds of terabytes of data from at least 141 organizations,” Mandiant said.

A report by the U.S. Congress last year said that increasingly dexterous entities backed by the Chinese government are trying to enter the U.S. systems, and called China “the most threatening player in cyberspace.” This means that the U.S. did not learn about the threat by reading Mandiant’s report, so it would be interesting to know why the Americans haven’t publicly demanded answers from the Chinese, if the threat is do evident.

The Real Agenda encourages the sharing of its original content ONLY through the tools provided at the bottom of every article. Please DON’T copy articles from The Real Agenda and redistribute by email or post to the web.