解放軍 61398 部隊：MANDIANT 發表解放軍從事駭客行動

揭秘中國網絡戰部隊◎紐約時報（2013.02.19）
http://cn.nytimes.com/article/china/2013/02/19/c19hack/zh-hk/  

Report: Chinese military engaged in 'extensive cyber espionage campaign'◎CNN（2013.02.19）http://money.cnn.com/2013/02/19/technology/china-military-cybercrime/index.html?iid=Lead

An American cybersecurity firm has linked one of the world's most prolific groups of computer hackers to the Chinese government, saying in a new report that an extensive cyber-espionage campaign is being waged from a location near Shanghai.

The security firm, Mandiant, detailed the allegations in a 60-page report published Tuesday that describes the group's tactics over a six-year period.

The Virginia-based Mandiant, which helps companies detect and respond to cyber threats, said it has observed the group of hackers -- called the "comment crew" -- systematically steal hundreds of terabytes of data from at least 141 organizations across 20 industries worldwide since 2006.

Mandiant claims the activity can be traced to four networks near Shanghai -- with some operations taking place in a location that is also the headquarters of Unit 61398, a secret division of China's military.

"The sheer scale and duration of sustained attacks against such a wide set of industries from a singularly identified group based in China leaves little doubt about the organization behind [the group]," Mandiant said.  "We believe the totality of the evidence we provide in this document bolsters the claim that [the group] is Unit 61398."

Chinese foreign ministry spokesman Hong Lei dismissed the hacking charges on Tuesday, insisting that China is the victim of many cyberattacks -- most originating in the United States.

"Making baseless accusations based on premature analysis is irresponsible and unprofessional," he said. "China resolutely oppose any form of hacking activities."

Last month, the Chinese defense ministry said the country's military "has never supported any hacker activities."

The latest accusation against Beijing comes amid concerns about the breadth and depth of cyberattacks originating in China.  Recently, several leading U.S. news organizations reported their computer systems had been attacked by China-based hackers.

Mandiant estimates that hundreds, and perhaps thousands, of people work within Unit 61398, which is housed in a 12-story, 130,663 square-foot facility.

Organizations in English-speaking countries are the primary victims of the comment crew -- making up 87% of the 141 attacks observed by Mandiant.  One hundred and fifteen attacks targeted organizations in the United States.

The hackers have a "well-defined attack methodology," and Mandiant said the group has stolen large volumes of intellectual property, including technology blueprints, proprietary manufacturing processes and business plans.

Related: Burger King Twitter gets McHacked

The report did not list companies or agencies that have been attacked.

Mandiant was able to pinpoint the identities of three individuals working with the group.  The report identifies the hackers who use the monikers "Ugly Gorilla," "dota" and "SuperHard."  It tracks their activities in an unusually detailed manner, including information on their e-mail accounts, cell phones and hacking techniques.

Related: Watching porn is bad for your smartphone

Government and intelligence officials in the United States are increasingly concerned about the threats posed by cybercrime, especially from government actors.

Outgoing Defense Secretary Leon Panetta said last year that a cyberattack could be crippling, citing risks to the power grid, Wall Street and the financial system.

"We are literally getting hundreds of thousands of attacks everyday that try to exploit information in various agencies and departments and frankly throughout this country," Panetta said.

Earlier this month, President Obama signed an executive order designed to address the country's most basic cybersecurity needs -- and highlighted the effort in his State of the Union address.

The order will make it easier for private companies in control of the nation's critical infrastructure to share information about cyberattacks with the government.  The order also directs the government to work with the private sector on standards that will help protect companies from cybercrime.

Related: Your antivirus software probably won't prevent a cyberattack

In recent weeks, The New York Times, Washington Post and Wall Street Journal have disclosed that their computer networks had been targeted by hackers in China.

The New York Times, which hired Mandiant to help mitigate the threat, reported Tuesday that the comment crew was not the source of the attack on its network.

Of course, China is not the only country thought to be involved in cyberattacks.  The existence of several other state-sponsored cyberweapons have been reported in recent years, with names like Stuxnet, Duqu and Flame.  The U.S. government is widely believed to have played a role in developing some of those viruses, with an eye toward containing Iran.  

中國外交部回應（2013.02.19） http://www.fmprc.gov.cn/mfa_chn/fyrbt_602243/t1014798.shtml

　　問：美國網路安全公司MANDIANT日前發佈報告稱，與中國軍方有關的駭客多次攻擊了美國網站，中方對此有何評論？

　　答：網路攻擊是一個全球性問題，應在相互信任和尊重的基礎上通過建設性的國際合作加以解決。出於各種目的，就駭客攻擊進行無端猜測和指責，既不專業，也不負責，無助於解決該問題。

　　中國政府一貫堅決反對並依法打擊網路攻擊行為。事實上，中國是網路攻擊的主要受害國之一。針對中國的網路攻擊、網路犯罪呈快速、逐年上升之勢。根據中國國家互聯網應急中心發表的報告，2012年，7.3萬個境外IP位址作為木馬或僵屍網路控制伺服器參與控制中國境內1400余萬台主機，3.2萬個IP通過植入後門對中國境內近3.8萬個網站實施遠端控制。在上述網路攻擊中，源自美國的網路攻擊數量名列第一。

　　為推動解決網路安全問題，2011年9月，中國與俄羅斯等國向聯合國共同提交了“資訊安全國際行為準則”草案。中方呼籲國際社會以此為基礎，制定網路空間的負責任國家行為準則，共同構建一個和平、安全、開放、合作的網路空間，維護國際社會共同利益。

。