China denies super-hacking raids on American firms

Feb 20, 2013

Shanghai tower block houses crack cyber-espionage unit, claims US report

Getty Images

CHINA has hit back at claims that a top-secret "cyber-espionage unit" operated by its military and housed in a Shanghai tower block has hacked the computer systems of hundreds of US companies.

The unit was identified in a report released yesterday by the US computer security group Mandient. It says the cyber-espionage unit, dubbed Advanced Persistent Threat One (APT1), is based in a white 12-storey building on the outskirts of Shanghai (above). Since 2006, APT1 has hacked into 141 US companies operating in 20 industries including IT, aerospace, public administration and telecoms, the report says, stealing blueprints, business plans, pricing documents, user credentials, emails and contact lists.

APT1, which is staffed by "hundreds" of proficient English speakers, is the most prolific espionage group in China in terms of the amount of data it has stolen. At least 20 more APTs are operating in the country, Mandient says.

The New York Times says the "unusually detailed" 60-page report leaves "little doubt that an overwhelming percentage of the attacks on American corporations, organisations and government agencies originate in and around the white tower".

But Chinese authorities said the report’s reliance on IP addresses – the unique label given to every device attached to a computer network – to prove Beijing's involvement in cyber-espionage was flawed, the BBC reports. A statement posted on China's Defence Ministry's website last night said it was well-known that hackers often used hijacked IP addresses. Cyber-espionage is a "cross-border, deceptive business", the statement said, so it is hard to pin down where attacks originate.

It claimed that China too is a target of cyber-espionage.

The BBC’s diplomatic correspondent Jonathan Marcus says Mandient's report identifies a "more sinister side" to Chinese cyber-espionage: a "growing interest in gaining access to key parts of the US infrastructure – gas lines, power grids and waterworks". Marcus says once hackers are "inside the digital perimeter" of these organisations there is the "possibility of causing real physical damage to the infrastructure that the computers control".

The Hacker News website says the report highlights that APT1 is a "persistent collector" of stolen data. Once it has broken into a foreign computer network it revisits the system many times. APT1's hackers typically maintained "access to a victim's networks" for an average of 356 days and stayed connected to one organisation's data networks for almost five years.

Sign up for our daily newsletter