Industrial Hacking Isn’t Just Made In China

Suddenly, everybody's doing it. And if Google executive Eric Schmidt is right, honest companies don't stand a chance.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

Posted February 20, 2013

Mike Elgan

(Page 1 of 2)

'UglyGorilla' represents the latest trend in global business.

Mr. Gorilla, who also goes by the name Wang Dong, is one of the three Chinese hackersnamed by a US security firm this week as being involved in a massive cybertheft operation. The other two are "Superhard" (Mei Qiang) and "Raith." ("Raith"? What kind of a boring hacker name is that?)

The security company Mandiant this week published a 74-page reportthat revealed previously unknown details about alleged Chinese government hacking. Specifically, the report claims to have learned that a specific unit of China's Army has stolen information from 141 companies (most of them American companies) since 2006.

Chinese officials deny the allegations.

If the Mandiant report is accurate, the three hackers work for an organization called APT1, which is really a unit of China's People's Liberation Army (PLA) called Unit 61398. (Another possibility is that APT1 is an outside hacker group directed by the Chinese Army unit.)

Either way, Mandiant claims to have traced massive hack attacks involving terabytes of stolen data back to an unfashionable district of Shanghai where PLA Unit 61398 operates from this shabby, heavily fortified 12-story building.

(BBC reporters trying to video footage of the building yesterday were detained by guards and forced to hand over their videos.)

That building, according to top notch guesswork by Mandiant, employs not just UglyGorilla, Superhard and Raith, but hundreds or thousands of other English-speaking computer, security and hacking experts whose full-time job is to break into the networks of foreign companies, US defense contractors and foreign government agencies in order to steal whatever they can and use it for whatever purposes help the rise of China as an economic and military power.

Presumably, stolen trade secrets are handed over to Chinese companies to give them an advantage over their foreign rivals.

For example, when Google was hacked by the Chinese government (allegedly) nearly four years ago, presumably the "trade secrets" alleged by Google to have been compromised in the attack were handed over to the Chinese alternative to Google Search, called Baidu.

(We can also fear that China is trying to hack KFC to learn exactly what those 11 herbs and spices are and also gain unfair access to Victoria's secret.)

It's not clear what the connection is between the ongoing hack attacks alleged by Mandiant and past Chinese programs for stealing secrets, including Operation Shady Rat, Operation Night Dragon and Operation Aurora. (Aurora? What kind of boring hacker operation name is that?)

The Mandiant report didn't provide new Big Picture information. There is widespread suspicion that the Chinese government is deeply involved in not only cyber espionage, but also industrial espionage in order to use the intellectual property of foreign companies against those very companies to give Chinese companies and economy an unfair advantage. But the Mandiant report did provide a slew of new details, including who, where and how they do it. Allegedly.

In recent weeks, news reports of hacks originating in China have been numerous.

Major newspapers in the United States, including The New York Times, The Wall Street Journal, The Washington Post and BloomBerg report being hacked, and information and internal communication focusing on stories about China have been stolen.

China isn't alone in hacking and cyber industrial espionage, of course.

Tech companies have been hacked recently. Twitter reported recently that the personal profiles of about 250,000 Twitter users were compromised. Facebook and Apple were hacked. Both claim employee laptops were compromised but no data stolen.

A controversy is brewing as to whether the Facebook and Apple hacks originated in China or from Eastern European organized crime syndicates, but it's probably the latter.

All these attacks appear to have originated with malware spread on the site iPhoneDevSDK, an iPhone developer message board.

And Burger King's and Jeep's Twitter feeds were allegedly taken over this week for more than an hour by a hacker named Tony "iThug" Cunha, according to Gizmodo.

Page 1 of 2

1 2
Next Page

Tags: security, Twitter, hacking

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.