Mandiant Report Exposes China-Based Cyber Attacks, Highlights Trends in Cybersecurity
NAMIBIA – (MintPress) – As the world’s leading information security conferences and expositions, RSA Conference, wrapped up its annual show Friday in San Francisco, notable information security professionals emerged with strategies to address cyber security trends, highlighting talks about U.S. cyber warfare activities following the release of a new report exposing one of China’s cyber espionage groups and several presidential executive orders expanding cyber capabilities domestically.
“As cyber attacks continue to grow in strength and numbers, information security has continued to rise to the top of IT agendas around the world,” said Sandra Toms LaPedis, area vice president and general manager of RSA Conference.
“It’s now crucial for businesses, vendors and government agencies to band together to confront today’s vulnerabilities,” added LaPedis. “RSA Conference has become the No. 1 place for industry luminaries and emerging and established companies to collaborate and drive innovation within information security. Together, we can arm ourselves with the best resources and strategies to combat threats.”
The conference came just one week after advanced threat detection and response solutions company, Mandiant, released a detailed report exposing a multi-year espionage campaign linked to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Unit Cover Designator 61398).
Exposing China’s cyber espionage units
According to the Mandiant report released in February, there is strong evidence connecting the PLA’s Shanghai Unit 61398 to the Chinese hacking group, known as APT1, that has systematically stolen confidential information from 141 organizations across multiple industries.
“APT1 is among dozens of threat groups Mandiant tracks around the world, and one of more than 20 attributed to China that are engaged in computer intrusion activities,” said Kevin Mandia, Mandiant’s chief executive officer. “Given the sheer amount of data this particular group has stolen, we decided it was necessary to arm and prepare as many organizations as possible to prevent additional losses.”
Mandiant believes that APT1 is able to wage such long-running and extensive cyber espionage campaigns — the longest of which lasted 1,764 consecutive days (over four years) — because it receives direct support from the government. The report places the origin of APT1’s cyber attacks in close proximity to the location of PLA Unit 61398.
The security consultancy first released details about APT1 in a January 2010 M-Trends report, stating then that “the Chinese government may authorize this activity, but there’s no way to determine the extent of its involvement.”
“Now, three years later, we have the evidence required to change our assessment,” Mandiant stated in its report last week. “The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them.”
U.S. involvement in cyber warfare
Canadian-based Centre for Research on Globalization (CRG) is skeptical of Mandiant’s claims, saying, “It is well known that the United States is the world’s most ruthless practitioner of cyber warfare.” CRG believes Mandiant’s claims are based on coincidence instead of fact and refers to the report as “the latest propaganda attack” in driving the escalation of the U.S. offensive against China.
According to Reuters, China’s Defense Ministry flatly denied the accusations and called them “unprofessional.” In a retaliatory move, Chinese officials accused the United States of involvement in two-thirds of the 144,000 hacking attempts against Chinese military websites that occurred each month last year.
Reuters reported that China’s Defense Ministry spokesman Geng Yansheng said U.S. plans to expand cyber warfare capabilities would negatively impact international collaboration. According to Geng, an analysis of the IP addresses involved in the hacking schemes showed that attacks based in the United States accounted for 62.9 percent of total cyber attacks against the Defense Ministry and China Military Online websites in 2012.
The U.S. government has also been accused of launching a cyber attack against the French government, targeting former President Nicolas Sarkozy’s advisers ahead of elections last May.
American tech-media company, CNET, reported claims by French news outlet, L’Express, alleging the U.S. government possibly infiltrated French documents in order to make friends with the incoming administration as Sarkozy made his way out of office; no official motive was given. The U.S. government adamantly denies any involvement in a cyber attack against its close European ally.
The most notable act of U.S.-sponsored cyber warfare dates back to the 2010 discovery of the Stuxnet virus that infiltrated Iranian nuclear facilities and is believed to have taken out one-fifth of Iran’s centrifuges. The Stuxnet virus is widely believed to be linked to the governments of Israel and the United States.
A series of cyber attacks have occurred between Iran and the United States in subsequent years, including recent speculation by U.S. officials that Iran’s government may be behind 2012 attacks against the U.S. banking industry and a series of viruses that struck oil companies in the Middle East.
Iran denied any involvement in the attack on the oil industry, which affected more than 30,000 computers in Saudi Arabia and Qatar. According to a report broadcasted last October on PRESS TV, a government-run news agency, Mehdi Ahkavan Bahabadi, the director of the Iran Cyberspace Center, said, “One of the main aims of the United States is to make itself look like the victim.”
While the U.S. government has not publicly made accusations connecting Iran to the attacks, CNN, as well as The New York Times reported several statements by officials who are concerned with Iran’s improved capabilities in the cyber field, including the creation of an Iranian military unit, “cybercorps,” which emerged shortly after the discovery of the cyber attacks on the Iranian enrichment plant at Natanz back in 2010.
Cyber hacktivists cause concerns for U.S. government
Domestically, the United States is also battling a series of cyber attacks from online hacktivist group, Anonymous. Last month, Anonymous launched a cyber attack on the State Department website while also publishing a captured database online.
The attacks are said to be “round five” of “Operation Last Resort” — an Anonymous-led anti-U.S. campaign that was launched after the suicide of Internet activist Aaron Swartz, who was facing state breaking-and-entering charges with connection to systematic downloading of online academic journals at the time of his death.
“Our reasons for this attack are very simple. You’ve imprisoned or either censored our people. We will not tolerate things as such. You don’t see us going around censoring everything that is inappropriate or we do not like. Basically, you tried to put an end to us and you got owned, there’s nothing more you can say or do,” wrote Anonymous.
“We are only growing stronger because of the fact that you are forcing us to revolt. When the lions roar you will hear them. And when it’s feeding time you’ll be our dinner. Aaron Swartz this is for you, this is for Operation Last Resort,” the group said next to the leaked text.
Over the past years, Anonymous has also launched “war” on various government and private entities including governments in Syria, Israel and Uganda, as well as pornographic sites and the International Federation of the Phonographic Industry in defense of human rights with a particular focus on ending corruption and promoting freedom of information.
Many of Anonymous’ past activities revolved around support for WikiLeaks through campaigns to support of Bradley Manning, who pleaded guilty in a military hearing last week of leaking classified war documents to the online document disclosure group in 2009 and 2010.
The two groups encountered a falling out last fall after WikiLeaks, which some believe should be labeled a “cyber terrorist organization,” published a donation overlay requiring viewers to make a donation or share the site via social media before proceeding to the Global Intelligence Files.
“We have been worried about the direction WikiLeaks is going for sometime now. In the past year the focus has moved away from actual leaks and the fight for freedom of information and concentrated more and more on Julian Assange and a rabid scrounging for money,” Anonymous said in a statement.
“The conclusion for us is that Anonymous cannot support anymore what WikiLeaks has become … what we will do is cease from this day all support of any kind for WikiLeaks or Julian Assange.”
WikiLeaks founder Julian Assange remains under asylum in Ecuador’s London embassy while seeking a parliamentary bid in Australia to avoid sexual assault charges in Sweden, as well as possible extradition to the United States for publishing leaked documents online.
Despite the disagreements, both WikiLeaks and Anonymous are responsible for exposure of hidden human rights atrocities, and torture performed by U.S. military under the sanction of the U.S. president.Their actions has caused the U.S. intelligence to set up their policy to discredit and stop these groups.
President Obama continues his assault against cyber breaches of U.S. information, announcing in his State of the Union address that he had signed an executive order on cyber security. The president said the country must face the rapidly “growing threat from cyber-attacks.”
According to the order, “cyber threats” will be defined as “website defacement, espionage, theft of intellectual property, denial of service attacks and destructive malware,” the White House told The Verge. The latest executive order directly affects many of Anonymous’ and WikiLeaks’ attempts to disclose information to the public or conduct cyber attacks in defense of civilian rights.
National security trends shift toward cybersecurity
Global security think tanks and research companies are monitoring the developments following the most recent string of cyber attacks, including Mandiant’s cyber espionage report, as it highlights the importance of cybersecurity in terms of 21st century national security.
“It’s beyond dispute that such a publication contributed to increase the importance of cybersecurity on the political and military agenda of western states,” said Vincent Boulanin, Associated Research Fellow at the Stockholm International Peace Research Institute (SIPRI). “It fuels the demand for cybersecurity goods and services, in particular the demand from private sector as it stresses the risk of cyber industrial espionage.”
Over the past years, SIPRI has noticed through financial data collection and shifts in mergers and acquisitions activity that major arms producing companies and military services have shown increased interest in cyber security companies as part of their strategy to address the growing political and budgetary importance of cyber security to national security.
According to Boulanin, the framing of cyber security as a national security issue dates back to the late 1980s, when military and security experts started to fear that cyber attacks would lead to the loss of highly strategic information and could paralyze military arsenals. Fears of cyber attacks continued in the 1990s, as cyberspace became the center of social and economic activity with the increased use of Internet and network technologies on every societal level.
“In a nutshell, cyber security has become a national security issue because the society, the economy and the military have become increasingly dependent on computer and networked technologies,” explained Boulanin, who has been working with SIPRI’s Arms Production Program since 2008.
“Accumulated, small and simple attacks targeting companies or individuals (e.g. fishing, industrial espionage) may cause major loss to national economies while advance cyber attacks targeting critical infrastructure (e.g. targeting a power plant) may disrupt society’s functioning,” he added.
Despite President Obama’s announcement this weekend of sweeping budget cuts, the Department of Defense has requested $3.4 billion in cyber defense spending for FY 2013 — $0.2 billion more than in 2012. Under the guise of defense, the Obama administration also is accused of signing a classified executive order last October that expands military authority to carry out certain cyber attacks such as cutting off computer networks.
Current and upcoming regulations in cybersecurity are likely to expand the government’s already broad powers to carry out pre-emptive cyber attacks in the name of defense.
Boulanin said that other Western countries are also trying to increase their cyber defense capabilities, telling MintPress that Sweden revealed a special and secret unit to deal with cyber threats in 2012.
Military as well as private investments in cyber security will further expand as organizations like Mandiant continue to expose state-sponsored cyber attacks worldwide. SIPRI and other global security watchdog groups will continue to closely monitor these developments.
Print This Story