Remember that scary Wall Street Journal column Obama wrote last year, describing the nightmarish scenario of a crippling cyber attack that shut down our power grid and poisoned our water? It just got real. According to a new report from cybersecurity firm Mandiant, that's exactly the kind of thing that hackers for China's People’s Liberation Army have been working on for the past few years. Calling on nearly a decade worth of data, Mandiant traced a sustained series of cyber attacks on the companies that maintain critical United States infrastructure, from our gas lines to our waterworks to a group of hackers affliciated with the Chinese Army. According to the report, the group is part of the PLA's Unit 61398, and Mandiant even knows the location of their headquarters on the outskirts of Shangai. (That's it below, nondescript but guarded by soldiers.) A couple years ago, cybersecurity experts described this unit as the "premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence." Apparently, they're living up to their name.
The level of detail in Mandiant's 60-page report is intimidating if you're an interested citizen — it must be horrifying for the hackers implicated in the operation who may or may not have just gotten busted (by way of Facebook and Twitter, no less). Mandiant knows not only the location of P.L.A. Unit 61398's headquarters but also the various levels of hacking expertise on staff, its spot in the hierarchy of the Army, and the companies it's targeted in recent years. The unit's more commonly known as the "Comment Crew" or the "Shanghai Group." It even made an appearance in a diplomatic cable released by WikiLeaks in 2010 that detailed the group's activity. It was later revealed that the government called the unit "Byzantine Candor," and it's not unimaginable that Obama was referring to Unit 61398's capabilities in his WSJ column as well as his State of the Union Address, when he warned of "enemies … seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems."
There's little doubt that the U.S. is the target of Unit 61398's attacks. Mandiant analyzed 141 attacks the group mounted against international targets — "Those are only the ones we could easily identify," said Mandiant's chief — and 90 percent of the attacks could be traced back to that white building in Shanghai, the headquarters of P.L.A. Unit 61398. The numbers paint a stark picture:
In its coverage of the report, The New York Times puts into perspective the level of damage the P.L.A. unit could do to U.S. infrastructure. Well, first The Times explains that this is not the group of Chinese hackers that hackers broke into its servers over the course of the past four months, although it also suspects that the attack came from a group with ties to the Chinese military. Meanwhile, Mandiant, the company The Times hired to investigate the intrusion, came across this string of activities not because of the Times attack but as as part of a separate investigation. In a way, that almost makes the whole situation worse, since now we know not only that a group of military-grade hackers are going after our infrastructure but also that a separate group military-grade hackers are going after our media outlets.
The Chinese government argues otherwise. In the Times hack as well as the recent Mandiant bombshell, Beijing denies any involvement with the hacker group. They deny any involvement in any hacking whatsoever, in fact, despite the National Intelligence Estimate that spooked pretty much every major American organization now being linked in some part to Unit 61398. But at this point, it seems impossible not to include China on the list of suspects. Mandiant says that there's only one other possibility: "A secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multi-year, enterprise scale computer espionage campaign right outside of Unit 61398's gates, performing tasks similar to Unit 61398's known mission." In other words, it would either have to be an extremely well planned cover up or a wild coincidence.
We know all this news sounds kind of scary, but there's a terrific bright side. If indeed Mandiant's report is correct and we've identified a node of potentially destructive Chinese hackers, we know exactly where to direct our counter attack! And that's exactly what the powers that be are talking about. "Right now there is no incentive for the Chinese to stop doing this," said House intelligence chairman Mike Rogers told told The Times. "If we don't create a high price, it's only going to keep accelerating."
This seems like a good time to point you towards James Fallows horrifying yet helpful piece about getting hacked.
This article is from the archive of our partner The Wire.