The Coca-Cola Connection
A 2009 attack on Coca-Cola coincided with a failed attempt to acquire the China Huiyuan Juice Group for $2.4 billion. As Coca-Cola executives were negotiating what would have been the largest purchase of a Chinese company to leverage greater market share in Asia, the Comment Crew was busy rummaging through Coke’s computers in an apparent effort to learn more about the company’s negotiation strategy.
In 2011, a similar attack happened to RSA, the computer security company best known for its SecurID token carried by employees at United States intelligence agencies, military contractors, and many major financial companies.
Other victims have included the Chertoff Group, headed by the former secretary of the Department of Homeland Security, Michael Chertoff. Attacks have been made on a contractor for the National Geospatial-Intelligence Agency and the National Electrical Manufacturers Association, a lobbying group that represents companies that make components for power grids.
One potentially messy target was the Canadian arm of Telvent, who designs software that gives oil and gas pipeline companies and power grid operators remote access to valves, switches, and security systems. Telvent keeps detailed blueprints on more than 60 percent of the oil and gas pipelines in North and South America, and the company has remote access to the systems.
“We have seen over the last years an increase in not only the hacking attempts on government institutions but also non-governmental ones,” said Hilary Clinton in response to this information. Clinton added that the Chinese “are not the only people who are hacking us.”
Where the magic happens.
Where?
On the outskirts of Shanghai, in Pudong, along the east side of the Huangpu River across from Puxi, off the Datong Road, sits a large, twelve-story white office building amidst a three-acre compound surrounded by small businesses and nondescript apartment complexes. Recently, a BBC news crew tried to film outside and were summarily arrested.
The Comment Crew has been tracked to an inauspicious apartment building located 600 meters away. One hacker was tracked back to the People’s Liberation Army’s Information Engineering University, described by American computer security researchers as one of the Chinese military’s top training schools for computer hacking. Recruitment notices have also been found for Unit 61398.
P.L.A. Unit 61398, That’s My Number
You can see my house from here.
Unit 61398 — formally, the second Bureau of the People’s Liberation Army’s General Staff Department’s third department — exists almost nowhere in official Chinese military descriptions. Yet intelligence analysts who have studied the group say it’s the central element of Chinese computer espionage. The unit was described in 2011 as the “premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence” by the Project 2049 Institute, a non-governmental organization in Virginia that studies security and policy issues in Asia.
Set up around 2002, the unit started recruiting heavily in 2003 from universities around China.
Worst Craigslist hookup – ever.
Translation:
The Graduate School has received notice that Unit 61398 of China’s People’s Liberation Army (located in Pudong District, Shanghai) seeks to recruit 2003-class computer science graduate students. Students who sign the service contract will receive a 5,000 yuan per year National Defense Scholarship. After graduation, students will work in the unit.
Interested Zhejiang University 2003-class graduate students should please contact Teacher Peng in the Graduate Division before May 20. (Cao Guangbiao room 108; phone: 87952168)
Graduate Division
May 13, 2004
The first suspicious activities were detected around 2006 by Symantec. Attacks often involved spear-phishing emails with such subject lines as “U.S. Stocks Reverse Loss as Consumer Staples, Energy Gain.zip” and “New contact sheet of the AN-UYQ-100 contractors.pdf.”
The Mandiant report, however, didn’t break any new ground in the Comment Crew discussion.
“There really wasn’t much new that came out of that Mandiant report, except for them identifying a specific building and putting all these details on that in there,” said former Gartner Group analyst John Pescatore.
While the Obama administration has never publicly discussed the Chinese unit’s activities, a secret State Department cable written the day before Barack Obama was elected president in November 2008 described at length American concerns about the group’s attacks on government sites. (At the time, American intelligence agencies called the unit “Byzantine Candor”, a code word dropped after the cable was published by WikiLeaks.)
Comments are closed.