"We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."The American Internet-security company Mandiant has issued a detailed, definitive report resulting from their close scrutiny of the activities of hackers making their way into critical websites in the United States, Britain and Canada. Their report highlights a group of hackers collectively identified as APT1, representing "one of the most prolific cyber-espionage groups", and relating their existence to a Shanghai-based Unit 61398, of the People's Liberation Army of China.
U.S. President Barack Obama
It is largely industries that have been targeted by APT1. Calgary-based Telvent Canada specializing in IT systems for critical infrastructures has been one of their targets. The purpose appears to be pure espionage based on an illegal, covert search for industry secrets. At the present time that seems to identify as purpose enough; malevolent plans to disrupt vital industry or government infrastructure doesn't appear the motivating factor. Not quite yet, in any event. Major news organizations have also been targets.
There is nothing new about well-enough-founded suspicions that China has engaged by any means possible in systemic attempts to gain illegal access to government and industry blueprints and plans, schedules and infrastructure vital to security and manufacturing of the targeted countries. And whenever those accusations surface China has huffily assured the international community that it does not engage in such manifestly immoral and illegal subterfuges to gain intelligence not of their own making.
And of this latest investigation and resulting report by Mandiant, China's Foreign Ministry dismisses it too as "groundless". "It can't be anything but Chinese government-sponsored", avers David Skillicorn, computing professor and cyber-hacking expert at Queen's University, characterizing the evidence presented in the Mandiant report as "damning". "This is a huge pile of evidence."
Moreover, the end result could potentially have "disastrous" consequences if the purpose eventually is revealed to become the purposeful targeting of critical infrastructure. Devastating chaos could result. Telvent Canada, for example, creates software to assist with the monitoring of energy-related infrastructure like power grids, oil and gas pipelines. It was forced, when the breach of its sites was revealed, to notify its clients of security vulnerabilities.
At that time the computer security blog KrebsOnSecurity.com reported that the security breach was wide-ranging, affecting operations within the United States, Canada and Spain. They reported also that a Chinese hacking group was in all probability the source of the security failures. Expert analysts employed by Mandiant have succeeded in linking the attacks to APT1 "based on the tools and infrastructure that the hackers used to exploit and gain access to the system."
Their mission has clearly been identified as the invading sites which would produce for them the technology blueprints of various organizations; proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, emails and contact lists. And four networks in Shanghai, two serving the Pudong New Area where the Chinese army's Unit 61398 is located have been identified as their working sites.
The Mandiant report has established that Unit 61398 has possibly thousands of people on staff, personnel trained in computer security and network operations. And because most of the targets are English-speaking sites, one of the primary requirements of the workers is that they be proficient in English. "The nature of APT1's targeted victims and the group's infrastructure and tactics align with the mission and infrastructure of PLA Unit 61398" reads the report's conclusion.
A spokeswoman for Public Safety Minister Vic Toews claims that, though Queen's professor Skillicorn feels Communications Security Establishment Canada could address this cyber-security problem, Public Safety Canada has the lead: "Our government takes cyber-security seriously and operates on the advice of security experts. Our government recently made significant investments ($245-million) in a Cyber-security Strategy designed to defend against electronic threats, hacking and cyber-espionage."
China's inexorable zeal to lead the world as the new super-power spurs it to whatever stealth actions it deems useful to allow it to capture secure data from worldwide sources, to accelerate its plans of supremacy in manufacturing of advanced consumer products, technological-industrial break-throughs and government secrets, including data that governments collect on China's activities, including those of its espionage tentacles.
What it lacks in innovative creativity in producing its own technological advances, it more than makes up for in the surveillance and capture capability of other technologically advanced countries' scientific finds and industrial techniques. And we can only hope that the data they access will not convince them at some point to wreak havoc to weaken those they consider their competitors.