Print 37 comment(s) - last by powerwerds.. on May 21 at 5:38 PM

Cyberattacks by Unit 61398 resume

In a strategy dubbed "naming and shaming" by the media, the Obama administration bet that confronting China over cyberattacks traced to the Asian superpowers military --- the People's Liberation Army (PLA) -- would cause the nation to stop its brazen cyberlooting.  Now evidence is mounting that the strategy is failing, and that China has returned to its old ways, with the U.S. left as the helpless victim.

I. China Bullies "Weak" American Cybersecurity

Chinese cyberattacks may have been ongoing for a decade or more, but began to intensify in 2008 when President Barack Obama took office.  Those attacks led military officials to begin to target China with accusations, accusations that China, of course, denied.  China admits to having a large "cyber army", but claims it only uses the highly skilled unit for "self defense".

Meanwhile attacks on the private sector from Chinese IPs began to rise.  Many of the attacks appeared politically motivated, while others appeared aimed at stealing intellectual property, financial secrets, and military information.

In 2008, CNN reported repelling a major attack from Chinese IPs in the wake of a story about Tibet.  In 2009, Lockheed Martin Corp. (LMTgrappled with sophisticated intrusions from Chinese cyberspies.  Lockheed claimed that the spies did not successfully steal secrets, but soon after in 2011 China shocked U.S. officials fielding a fully function stealth fighter; prior to the hacks U.S. officials believed China lacked this technology.

Red Daw
Chinese attacks intensified around 2008. [Image Source: ScreenRant]

2011 marked a marked intensification of attacks from China on both the U.S. private and government sectors. Chinese hackers struck at online petition site after a petition was launched to free an imprisoned Chinese artist.  That same year Chinese hackers struck Google Inc.'s (GOOG) Gmail service, looking to scoop the accounts of Tibetan dissidents.  China's state-run newspaper mouthpiece then proceeded to threaten Google for stating the obvious -- that the attacks originated from Chinese IPs.

The U.S. Chamber of Commerce was hacked with Chinese IPs communicating with infected thermostats and internet printers.  The U.S. National Aeronautics and Space Administration was been hacked multiple times.  U.S. Embassies were attacked. The U.S. Department of Defense (DoD) was targeted by persistent attacksagain traced to China.  The White House's own networks were even attacked.

In a pair of publications Intel Corp. (INTC) subsidiary McAfee, a security industry giant, accused China either directly or indirectly of a massive "cyberwar" campaign.

II. Obama Administration's Noisy Rhetoric Yields Short-Lived Truce

President Obama responded in early 2009 ordering a security review.  Then in June 2009 he created a new "cyber command" department in the DoD to handle cyber defense.  But as the Chinese threat grew, DoD and intelligence agencies in the U.S. continued to struggle.  U.S. Cyber Command was understaffed with only around 500 "cyber-soldiers".  And an April 2011 study suggested a third of cybersecurity "experts" at the U.S. Federal Bureau of Investigations (FBI) were incompetent.

Unable to defend itself with cyber-might, the Obama administration turned its focus to defense via rhetoric.  In May 2011 the DoD warned cyberattacks could be construed as acts of war.  In March 2012 U.S. National Security Agency director Gen. Keith Alexander testified to the Senate Armed Services Committee, that the Chinese were destroying the U.S. economy with hacks.

The Obama adminstrations vowed this year to no longer be week and submissive towards China after confirming the PLA was behind cyberattacks. [Image Source: Reuters]

But the President himself was mostly silent until this year, when a series of attacks on The New York TimesBloomberg, The WSJ, and the U.S. Federal Reserve.  Around that same time security officials with the research firm Mandiat finally pinned the attacks on an elite group of PLA hackers -- dubbed Unit 61398 -- which were based out of a government-guarded 12-story white high-rise in Shanghai.  That report was confirmed by government officials earlier this month, which led to China responding that the U.S. was "the real ‘hacking empire.'"

Amid the confirmations that the PLA was behind the victimization of the U.S., President Obama responded to these developments with his toughest rhetoric yet, which led to counter-accusations from China.  The tough rhetoric from the Commander-in-chief seemed to work, though; Unit 61398 fell silent for nearly three months from February into May.

Top PLA hackers with handles like “DOTA,” “SuperHard” and “UglyGorilla" disappeared as their online footprints were purged.  Chinese hackers even began to remotely unplug the intrusion toolkits they had installed on 3,000 identified systems in the U.S.

III. Chinese are Back at It

But according to a report in The New York Times, that quiet armistice is over, and China has returned to its old ways, marking the failure of the administration's "naming and shaming" strategy.  With the U.S. unable to offer up any real consequences, the report suggests that the PLA sees no compelling reason to bow to its foe's hollow rhetoric, instead gleefully returning to battering the "helpless" U.S.

PLA hackers resumed their attacks on the U.S. this month after a three month armistice.
[Image Source: Unknown]

Kevin Mandia, the chief executive of Mandiant, warns, "They dialed it back for a little while, though other groups that also wear uniforms didn’t even bother to do that.  I think you have to view this as the new normal."

A source in the Obama administration is quoted in the report as expressing grim resignation that a resumption would occur, commenting, "This is something we are going to have to come back at time and again with the Chinese leadership have to be convinced there is a real cost to this kind of activity."

IV. How Can the Administration Respond?

The question is what kind of consequences the administration can really muster.  

The U.S. economy remains deeply dependent on China, to the extent that any sort of serious trade sanctions could plunge the nation's fragile economy into recession. At the same time, the military and intelligence community, having alienated most of the nation's skilled hackers with belligerent prosecution policies (versus China who actively recruits black hats), appears helpless to mount any substantial offense or defense.

And to boot, the administration is struggling over a deluge of domestic scandals ranging from drones, to U.S. Internal Revenue Service (IRS), to seizures of Associated Press phone records.

Still the administration's security advisor, Thomas Donilon, is expected to work what little leverage he has in a visit to China this month.

President Obama and Attorney General Eric Holder
Jon M. Huntsman Jr., a former ambassador to China, and President Obama's former director of national intelligence, Dennis C. Blair are reportedly drawing up a series of executive orders the President could use to attempt to "punish" China for continued hacking.  Mr. Blair is quoted as saying, "Jawboning alone won’t work.  Something has to change China’s calculus."

About the only positive development, thus far, has been independent efforts on apparently putting a face to the handle of some of the PLA hackers.  A blog was traced to UglyGorilla -- real name Wang Dong -- who between 2006 and 2009 wrote about his experiences with the PLA, bemoaning low pay, long hours and instant ramen meals.

Such positive identifications could allow the U.S. to step up international pressure on China, even as its own efforts continue to struggle.

Source: The New York Times

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Privatize the datacenters.
By quiksilvr on 5/20/2013 11:28:16 AM , Rating: 2
Amazon. Google. Microsoft. Use already well established and secure datacenters from private companies entirely and stop trying to waste time building it. It's a waste of time, money and resources and we simply don't have the experience (yet) in the government to build up such a robust and secure network.

RE: Privatize the datacenters.
By Argon18 on 5/20/13, Rating: -1
RE: Privatize the datacenters.
By Camikazi on 5/20/2013 12:39:25 PM , Rating: 5
When was the last time MS got hacked and got all their information and code stolen? Windows might have problems (and not as many as you seem to believe) but MS data centers are rock solid and damn near impossible to break into, now when did you get into IT stuff?

RE: Privatize the datacenters.
By Argon18 on 5/20/13, Rating: -1
RE: Privatize the datacenters.
By JasonMick on 5/20/2013 2:17:27 PM , Rating: 5
When's the last time? Um. Last week? IE flaw that allows remote total takeover of the machine.
Thought I'd chime in here.

The flaws (I assume) you're referring to lie in IE6 and certain unpatched versions of IE 7/8. IE is currently on IE 10.

Microsoft has end-of-lifed IE 6 and practically begged customers to stop using it:

But some users defiantly insist on persisting to use it.

IE 6 came out in 2001 -- twelve years ago. It's hardly Microsoft's fault that it no longer is patching it. Maybe you should go complain to Apple that your first generation iPhone is no longer supporting the latest security updates and OS versions from Apple -- after all, it's only HALF AS OLD.
I've been in IT since 1977. And I know enough about Microsoft products, to know they are the Happy Meal of the IT world; cheap, crappy, and only a child chooses it.
Doubtful... most IT people I know wouldn't make such ignorant statements.

While it's true nothing beats a hardened distribution of Linux, Microsoft's security has dramatically improved over the last decade or so as they've woken up to security risks.

Today they have a relatively good track record and generally patch quicker, even if they struggled in the late 90s and early 2000s.

Today most security flaws in Windows come from the same place they do on other platforms (like OS X and iOS) -- third party software like Oracle's Java and Adobe's PDFs.

But unlike some totalitarian companies (like Apple) who insist on (sluggishly) pushing out patches first hand, Microsoft allows third parties to directly deliver patches; hence you could argue that Linux and Microsoft share this advantage security-wise while Apple is by far the worst (as the only major PC OS maker who refuses to allow third parties to directly deliver patches).

RE: Privatize the datacenters.
By bug77 on 5/20/2013 3:50:35 PM , Rating: 2
The flaws (I assume) you're referring to lie in IE6 and certain unpatched versions of IE 7/8. IE is currently on IE 10.

Care to wager a bet on which version do government agencies mandate? :D

RE: Privatize the datacenters.
By drycrust3 on 5/20/2013 5:29:06 PM , Rating: 2
IE 6 came out in 2001 -- twelve years ago. It's hardly Microsoft's fault that it no longer is patching it.

Part of the problem is that in China there is a huge amount of legacy "bootleg" software installed on computers, and when purchasing a new computer it is very easy to obtain a computer with bootlegged Microsoft software installed on it.
There are two problems this creates:
1) Microsoft only does the most critical security updates on these computers; and
2) As I understand it (I haven't used Windows for since 2008), Microsoft won't allow downloads to non Windows Genuine Advantage computers.
While Microsoft is perfectly entitled to do these things, there is another problem which needs to be pointed out, which is that the Chinese antivirus software isn't very good.
Thus the average Chinese computer is far less secure than the average American computer.
The consequence is that if anyone in the world wanted to find an insecure computer somewhere to do a denial of service attack on a wealthy country, e.g. America, it isn't hard to imagine that ones in China are the ones that would be used.
The question, then, is would it be in America's best interests for Microsoft to do non-critical security updates, allow downloads of better browsers than IE6, and provide better antivirus software than currently used in China?

RE: Privatize the datacenters.
By Samus on 5/20/2013 11:26:10 PM , Rating: 2
The Linux or OSX arguments don't apply. Running IE6 is the equivalent of Linux Kernel pre-v2.x or OSX 10.1

I'm sure those "alternatives" would be far more secure, especially with their open-source nature.

RE: Privatize the datacenters.
By drycrust3 on 5/21/2013 3:43:49 PM , Rating: 2
This still doesn't answer the question of whether Microsoft's approach to updates for non-Windows Genuine Advantage computers has actually been to the detriment of US national security.

RE: Privatize the datacenters.
By Flunk on 5/21/2013 10:16:42 AM , Rating: 5
Doubtful... most IT people I know wouldn't make such ignorant statements.

You're be surprised how many ignorant dinosaurs are still around in IT. Most of them support small companies and talking to them makes you want to smash your head into a wall.

Doing something for a long time doesn't mean you do it well.

RE: Privatize the datacenters.
By BRB29 on 5/20/2013 2:49:36 PM , Rating: 4
When's the last time? Um. Last week? IE flaw that allows remote total takeover of the machine. I've been in IT since 1977. And I know enough about Microsoft products, to know they are the Happy Meal of the IT world; cheap, crappy, and only a child chooses it.

i was going to say you were a dinosaur that's stuck in his way until I saw your previous post.

Did you just use 'Microsoft' and 'secure' in the same sentence? LMAO. Let me guess, you're new to this IT stuff?

You sure don't sound like someone who's that old.

I can't confirm but you are probably exaggerating your IT experience or you are very immature.

I don't think anyone can ever say MS products are cheap. A lot of people will agree it's crappy. But when comparing to other solutions, it may be crappy but still better. Unless you want to nitpick and say win8 is a failure, winME is a failure, etc... they were but there's more success in other fronts.

I still can't find an alternative to replace Office. Google docs can only do so much.

RE: Privatize the datacenters.
By Labotomizer on 5/20/2013 5:03:43 PM , Rating: 3
So, you've been in the IT field since 1977 but you're still just a systems admin? And the best you can do is advise a CIO at a relatively small company? Your skills must be out of this world.

Linux isn't as secure as everyone makes it out to be. Sure, you can harden it if you invest the time and effort and want to cause yourself serious inconvenience every time you go to use it. But the majority of distros aren't like that out of the box. There are also more critical vulnerabilities per year in your average distro than in Windows.

Linux has plenty of uses. But the statement "Linux is better than Windows" is incredibly stupid and short-sighted. Of course, "Windows is better than Linux" is equally stupid. They both have their uses. As does OS X, BSD, Unix and every other OS out there. The difference between people like you, who have managed to progress to an "admin" in 35 years, and people like me who is a Sr. Systems Engineer in 14 years is knowing what is the right answer and when. And not being so narrow-minded. The world isn't black and white. But it sounds like it's too late for you to learn that.

Let me know if you need me to take you to school some more. I'm always happy to help.

RE: Privatize the datacenters.
By Strunf on 5/21/2013 10:52:12 AM , Rating: 2
Worst one of their Cloud servers broke down a couple times, on one of those data was lost, as for being near impossible to break into, it depends on the manpower what is impossible to you may be quite easy to someone else, and maybe the MS servers didn't got data stolen cause they don't hold sensitive data yet.

Besides with the MS services you are just moving the problem and I'm not sure it will help anyways, if the users have to access the server to get the data (as a normal procedure) then the hacker will just have to infect the user PC, but wait isn't this how they normally operate anyways?...

RE: Privatize the datacenters.
By inighthawki on 5/20/2013 3:37:16 PM , Rating: 1
I'm guessing you, like many other who seem to hate Windows and call it insecure probably haven't used it since say... Windows 98?

RE: Privatize the datacenters.
By superflex on 5/20/2013 3:58:06 PM , Rating: 1
Nerd fight!

Typo In Caption
By ebakke on 5/20/2013 1:12:05 PM , Rating: 2
The Obama adminstrations vowed this year to no longer be week and submissive towards China after confirming the PLA was behind cyberattacks. [Image Source: Reuters]


RE: Typo In Caption
By Argon18 on 5/20/13, Rating: 0
RE: Typo In Caption
By chrnochime on 5/20/2013 1:55:26 PM , Rating: 2
But he did keep the TSA around which thus far has nabbed how many terrorists for you? It did made several ex-gov't employees very happy for buying their great scanners so there's the bright side:D

RE: Typo In Caption
By BRB29 on 5/20/2013 2:12:09 PM , Rating: 2
That's a surprising statement. The general trend on DT is that Obama is a tyrant.

RE: Typo In Caption
By Reclaimer77 on 5/21/2013 9:42:26 AM , Rating: 1
Only to his own people. To everyone else he's bowing, literally.

Seeing the President of the United States publicly lowering his head and bowing to every foreign leader and representative is, well, the perfect illustration to his foreign policy agenda:

Make America weaker at home and abroad.

RE: Typo In Caption
By Ammohunt on 5/20/2013 1:53:00 PM , Rating: 3
Just another "Red Line" that might change his "Calculus". Which means he won't do anything because he is a pantie waist.

RE: Typo In Caption
By ebakke on 5/21/2013 12:27:27 PM , Rating: 2
No, seriously though - there's still a typo.

easy solution
By invidious on 5/20/2013 12:31:04 PM , Rating: 2
This is something we are going to have to come back at time and again with the Chinese leadership have to be convinced there is a real cost to this kind of activity."
Slap them with temporary import tariffs until they stop attacking us, it's not like there aren't a dozen other asian countries eager to sell us cheap plastic stuff.

RE: easy solution
By BRB29 on 5/20/2013 1:22:00 PM , Rating: 2
and cause inflation? We have more invested in China than China have invested in us.

On the other hand, we can beef up security like we were supposed to years ago.

RE: easy solution
By NA1NSXR on 5/20/2013 10:24:49 PM , Rating: 1
If you think all we import from China is "cheap plastic stuff" you really need to catch up with the developments of the last 15 years.

RE: easy solution
By powerwerds on 5/21/2013 5:38:42 PM , Rating: 1
It's not a bad idea you suggest, and is a valid recourse for diplomacy for relationships in which our upper hand can confidently be disentangled from some others without our hand losing its "upper" stature.

But for some complex diplomacies such as this one by the US and China where each holds a noose around the others neck and each ready with a razor for the others wrist just in case, which side poised so would trigger such an inevitably suicidal cascade.

Briefly, here are a few reasons why we might be loathe to play your import tariff hand. A good place to begin considering the inseparable web of economic exchange between these leviathans is currency. The yuan does not float but is instead pegged at a certain value dictated by the Chinese government. Because the yuan exchanges in the real world against other real assets whose values do float, the Chinese government has to periodically adjust what the value of the yuan actually is. They choose to weight it against the US dollar. They choose the value of the yuan so that no matter what direction world economies may have drifted, the yuan retains its fixed distance below the value of the US dollar.

How do they do this? They fix any drift of the yuan by accumulating or distributing their positions in US bond markets. They own some of the debt that sadly our government depends on selling. They own 7-8 percent of the US Treasury's outstanding debt.

Yeah we could hike import tariffs and maybe send some of the 300 billion we send them every year through trade deficits to other competitors, and yeah they could call the Treasury on that 1.2 trillion debt position they own and buy something else instead. But why swing this debt knife of death on your own honey pot? And think of it what you may, but judging from the way our nation's wallet votes, its an untruth to say we don't love cheap shit from China.

What do you do when a crucial player doesn't want to play by the rules? Sometimes people like that ruin the game for everyone. Sometimes they change and adopt a common integrity that every healthy community has a right to expect from its denizens.

I have not the slightest clue as to which method we should employ to be efficaciously passive - aggressive. I cede I wasn't brief either. The lets just hike tariffs observation was just such a grossly incomplete consideration that even my own quite deficient sensibilities were affronted.

Some factual info herein is also more credibly represented at these links

By raphd on 5/20/2013 2:24:48 PM , Rating: 2
they are playing a game in that picture

RE: game
By inperfectdarkness on 5/20/2013 6:10:23 PM , Rating: 2
yep. looks like starcraft?

RE: game
By inighthawki on 5/21/2013 12:35:50 AM , Rating: 2
I hope you weren't expecting a real image of a lab of Chinese people hacking into US servers...

The article Jason copied was better written
By ceomrman on 5/21/2013 9:49:08 AM , Rating: 2
I appreciated this story more when I read it the first time in the form of an actual news article written by real reporters (David E. Sanger and Nicole Perlroth of The Times). Jason Mick's "Obama sucks" opinion applied over the top of someone else's work is not worth my time to read. In Mr. Mick's world, an administration led by the party he prefers would magically be in charge of a country where more than 2% of students studied computer programming, where programming would count towards high school graduation in more than 9 states, where science, math, and education were more highly valued, where there wouldn't be intense pressure to cut every every expenditure, no matter the medium or long term consequences. In this fantasy, China would be bullied into submission by America's elderly, white, wealthy president... it's not Mr. Mick's conservatism that gets under my skin, it's his ignorant preachiness. He doesn't have the humility to leave what he doesn't know off the table.

By 91TTZ on 5/21/2013 11:29:04 AM , Rating: 2
Your post is garbage. Also, why are you race-baiting? Nobody said anything about the color of the president except you. You're the only one who tried to cast a president in a bad light by bringing up their race. What's wrong with a white president? You say that like it's a bad thing.

What? Thought this was Dailytech?
By Belard on 5/20/2013 7:21:49 PM , Rating: 3
Just rename the site NeoconTech and call it a day.

Sure you have some goofy pics here and there, but you sure have some normal or serious pics for other things involving TECH and POLITICS.

Jason, just put the red arm-band on in public please.

Misunderstanding the World
By Rick Hendricks on 5/20/2013 11:51:44 AM , Rating: 2
It appears that we have a naiveté regarding national security matters. This does not surprise since this administration will not admit we are in a war of terror (among other things). We cannot continue to ignore reality and pretend that if we play nice, everybody else will do the same.

Don't worry
By BifurcatedBoat on 5/20/2013 1:26:44 PM , Rating: 2
Just keep tossing money in the campaign coffers of certain politicians, and you can take whatever you want.

privatise the datacenter
By msnadz on 5/21/2013 1:21:02 AM , Rating: 2
Care to wager a bet on which version do government agencies mandate?


The first thing we should do...
By lagomorpha on 5/21/2013 12:09:49 PM , Rating: 2
How about we start by making the change to IPv6 a matter of national security.

Thick Heads
By mike66 on 5/20/2013 5:38:43 PM , Rating: 1
Cyber security is about three things, Hardware, Software and People. Don't go blaming any particular one. I'll give you idiots one of the best home set ups to protect yourself. An Apple Mac G3 with Linux distro Smooth-wall will just about secure yourselves, now just don't click on that obvious phishing email but if you do at least you have the hardware and software to help save you. The old PowerPC infrastructure that IBM made had the best built in security measures however it was sacrificed in the Gigahertz wars. Blame Intel for building faster chips that appealed to the public who don't know shit apart from more speed.

"This is from the It's a science website." -- Rush Limbaugh

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki