COMENTARIO: No cabe duda que la ciberguerra ya es una realidad. Como tal, es un nuevo ámbito para la aplicación de la Estrategia, vale decir para emplearla como un medio militar para obtener un fin político. Algo que, al parecer, ha sido perfectamente entendido por la dirigencia china.
China military linked to hacking attacks
|Edificio del Ejército Popular Chino, en Shangaí, desde|
donde se dirige la ciberguerra china.
Mandiant, a Washington-based cyber security group, said APT1 – a group of hackers it observed attacking at least 141 companies in the US and 15 other countries over the past seven years – was in fact a PLA group called Unit 61398.
In a report, Mandiant said the Chinese military unit was “similar to APT1 in its mission, capabilities, and resources”. It added that the group was located in the same area where APT1 activity appears to originate.
The accusation follows a string of recent announcements by US media groups that they had been hacked from China. The most recent spate of incidents is part of a rise in reports of cyber attacks over the past few years.
In recent years, cyber warfare experts have repeatedly identified Chinese hackers as the most likely perpetrators of such attacks. They have cited evidence such as IP addresses in China and the detection of software strands or tools in malware common only in China. They have also highlighted signs that some code used in the attacks was made on systems running the kind of simplified characters used to write Chinese on the mainland.
Previous analyses have also claimed that the Chinese government or military was likely sponsoring many cyber attacks, a view shared by the US government. But past assessments have been more cautious in linking particular PLA units to specific attacks because the PLA’s secrecy makes it difficult to find evidence for how it conducts information warfare.
The Chinese government and military insist they do not hack. But last year, a PLA newspaper said a “Blue Team” had been created to defend against cyber attacks.
Information gathered from military publications, university websites, local state media and other public sources show that the PLA operates cyber militias and that several PLA units overseen by the general staff department perform tasks related to cyber warfare.
Cyber attacks are anonymous and transnational and it is hard to trace the origin of attacks- Chinese foreign ministry
However, the Mandiant report is the first to suggest that a particular group of hackers is part of that unit.
The 12-storey building identified in the report is located in a Shanghai suburb near one of the city’s main ports. On Tuesday, a uniformed soldier guarded the main gate to the building and the larger complex where it stands, which is surrounded by a wall decorated with posters depicting PLA soldiers helping members of the general public or engaged in peacekeeping activities.
The complex is marked with a sign that says “restricted military area – no photography” in both English and Chinese. When a foreign photographer attempted to snap a photo there on Tuesday afternoon, several unformed soldiers surrounded him and ushered him into the military area for questioning.
Across the street from the military complex is a kindergarten attached to Unit 61398, which is accused of conducting the hacking. A workman running electrical wire at the kindergarten said, when asked about the building, that he did not know anything about it, then added “are you a spy?” Mothers picking up children from the kindergarten declined to be interviewed.
The complex where the building stands is about the size of square city block and is surrounded by a fence about 8 feet high. Two large satellite dishes sit on top of the building.
Mandiant’s main argument for establishing the link is that the APT1 hacker group to which it traced the attacks operates predominantly on four large telecom networks in Shanghai, two of which serve the Pudong district where Unit 61398 is located.
Pudong is a huge district of Shanghai with a population of millions. Apart from Unit 61398, it is also home to the Shanghai branch of the Institute of Computing Technology at the Chinese Academy of Sciences.
In depthAs online threats race up national security agendas and governments look at ways of protecting their national infrastructures a cyber arms race is causing concern to the developed world
Mandiant said the scale of the attacks from one group in China left little doubt who was behind them, but said there could be “one other unlikely possibility”. It said that was the existence of a secret organisation of Chinese speakers with “direct access to Shanghai-based telecommunications infrastructure [that] is engaged in a multiyear, enterprise scale computer espionage campaign right outside of Unit 61398’s gates”.
The Chinese government rejected the allegations on Tuesday. “Cyber attacks are anonymous and transnational and it is hard to trace the origin of attacks, so I don’t know how the findings of the report are credible,” said Hong Lei, a foreign ministry spokesman.
Mr Hong added that China was frequently a victim of cyber attacks, most of which originated in the US.
China’s defence ministry repeated its default statement that hacking is illegal in China, that the country is one of the world’s main targets of cyber attacks and that the PLA had never supported hacking attacks.
“Allegations that the Chinese military engages in hacking are unprofessional and inaccurate,” it said on Tuesday.