back to article Chinese PLA soldiers 'mastermind cyber-espionage Cold War'

Chinese military spies, holed up in ho-hum Shanghai tower blocks surrounded by restaurants and massage parlours, have siphoned hundreds of terabytes of data from computers at scores of US corporations. We're assured that, rather than being a work of fiction, this is the conclusion of a new study by Mandiant that claims a unit …


This topic is closed for new posts.
  1. Coolbehr
    Black Helicopters

    Sounds like a Tom Clancy Novel

    Oh wait... it already is.

    Seems "Threat Vector" may have been fairly well researched then...

  2. Anonymous Coward
    Anonymous Coward

    Computer insecurity ...

    If the US security services hadn't enthused the 'computer' makers to dilute security on the desktop, then you wouldn't be facing the current security debacle ...

    "We're assured that, rather than being a work of fiction, this is the conclusion of a new study by Mandiant", most probably a front for the US security apparatus ...

    1. Dave 126 Silver badge

      Re: Computer insecurity ...

      >If the US security services hadn't enthused the 'computer' makers to dilute security on the desktop, then you wouldn't be facing the current security debacle ...

      When I as school in the nineties, we were shown videos about Phil Zimmerman and his PGP... all the arguments were in terms of private individuals and the US Government not liking encryption. I guess that at the time, far less data was kept online, the Cold War was over, music was good, and obviously nobody was worrying about the threat of foreign states stealing sensitive data.

      1. Destroy All Monsters Silver badge

        Re: Computer insecurity ...

        far less data was kept online

        Of course, but....

        You really need to read Clifford Stoll's "Stalking the Wily Hacker", available online, with hacks emanating from East Germany. Those were good times. Uni networks were open to all and sundry and led directly to peripheral databases of military contractors, or to mainframes of research groups with interesting subjects. Kevin Mitnick was making a name etc. And that was even before Gulf War I. It was clear what was coming. Cyberpunk was exploring the subject, for what it's worth. Anyone remember Thierry Breton's "Softwar" thriller about a logic bomb in a Cray sold to the URSS btw?

        I still remember "Computers Under Attack: intruders, worms, and viruses", 1990.

        A review notes:

        "Although prescriptive in how to deal with particular instances of computer insecurity, such as viruses and worms, the book does not make specific recommendations or predictions for the future. The view implied to the reader here is that most types of illicit activities are fairly well understood by the computing community. These are given treatment in some detail in the book. What new twists might be added to the cracker's bag of tricks, or what entirely new types of mischief might yet be invented, are left to the reader's imagination."


        After Gulf War I, US security consisted in endless discussion whether it would be appropriate to shove Clipper Chips up everyone's arse so one could eavesdrop at leisure. Appaling. Nowadays we have secret unconstitutional investigations, torture, extrajudicial killings and quite possibly disappearances, but alt least the crypto is hard. But I digress...

        It was not so much that US security services hadn't enthused the 'computer' makers to dilute security as that really nobody gave a f*ck, as consumer-level operating systems were hitting the market and network cards were plugged in enthusiastically. People where happy when connection worked at all! Open dialins where everywhere! X.25 was dying. VPNs? Nope. Firewalls were unknown.

        Note that the classic "Firewalls and Internet Security: Repelling the Wily Hacker." by Chesvick and Bellovin came out only in 1994.

  3. Anomalous Cowshed


    China, 1.3 billion people, an economy of around 11 trillion USD, an army of 2-3 million personnel, and...oh, they have hackers working for them; all their hackers operate from one crummy building in the suburbs of Shanghai; they are so powerful and unstoppable, they can do whatever they want and they're a massive threat to the whole of the USA. All that coming from just one little building in the sticks. Imagine what would happen if the Chinese decided to think big and rented out 2, 3 or even 100 buildings like that, or even bigger buildings. They could take over the world.

    1. phuzz Silver badge

      Re: China

      From TFA:

      "Mandiant claimed APT1 is just one of 20 computer spying crews in operation in China, and is among dozens it is tracking worldwide."

      Lets face it each different branch of the Chinese military probably has it's own more or less competent crew of hackers, probably all working at odds with each other.

      Bureaucracy and military incompetence are universal.

      1. NumptyScrub

        Re: China

        quote: "Bureaucracy and military incompetence are universal."

        They already missed a trick, instead of "PLA unit 61398" I'd have demanded Unit 31337 for a start ;)

    2. Christoph

      Re: China

      I can't find the article now - apparently the US security agencies have been building some ridiculously high number of offices all over the USA over the last few years.

      1. Destroy All Monsters Silver badge

        Re: China

        > Unit 31337

        That would blow the cover. It's prime!

  4. Anomalous Cowshed


    Something else: the greatest threat faced by the USA nowadays is? Computer hacking. Compare that with the greatest threat faced by places like...Afghanistan, Iraq, Libya, soon maybe Iran...These guys don't know how lucky they are, still living in the era of physical and military threats.

  5. ChasL

    Do you guys still remember two years ago NYT accused a Chinese vocational school, Lanxiang Vocational, being a military hacker central? If you recall that school churned out cooks and hair dressers, and the Chinese netter made a "Lanxiang is more awesome than Harvard" meme in response.

    Well guess what, try searching "61398部隊" on Baidu, you‘ll see Unit 61398 is well known for running a montessori school in Pudong, Shanghai's east side where rich locals and expats flock to, for quality pre-school education.

    I guess if hair dressers can hack Google, above average pre-schoolers can certainly hack the US government.

    There are other issues with the story. The Madiant report makes some very dubious assertions: 1) geolocation using China Telecom IP blocks is completely unreliable; Pudong is a huge area and those IP blocks are known to host great many proxy servers (ref: hidemyass dot com); 2) Injecting meaning of letter "j" and "k" in order to make Chinese pattern is simply fabrication (J and K has meaning in the English world too, so?)

    Read more:

    1. Don Jefe

      Re: @ ChasL

      Ha! A spy in our midst. Sent to spread disinformation and propaganda!

  6. Anonymous Coward
    Anonymous Coward

    I can't imagine how dangerous it wil be when they reverse-engineer the technology from Coca-Cola.

    Perhaps that will lead to ICMBs that just kill one person, they fall over when someone pushes the casing to get their coin back ;)

  7. Local G

    "surrounded by diners, massage parlours and a wine importer.

    Bad Feng Shui

    1. Anonymous Coward
      Anonymous Coward

      Re: "surrounded by diners, massage parlours and a wine importer.

      Wow, that sounds like a great night out right there.

      How do they get the (alleged) spooks to stay in the office at all?

      How much is the RyanAir flight? :)

  8. Anonymous Coward
    Anonymous Coward

    "How much is the RyanAir flight? :)"

    £5.00 plus hidden extras


  9. Bucky 2

    Not sure I buy it, but...

    "Scans" of my servers are overrepresented by ip addresses in .ru and .cn.

    So what does one conclude?

    1) Server admins in .ru and .cn are significantly more incompetent than the rest of the world?

    2) People in .ru and .cn are more apt to be criminals than anywhere else?

    3) The governments of .ru and .cn have bones to pick with the .us, and sponsor these attacks in covert post-cold-war shenanegans?

    I'm not liking any of my choices.

    But in the absence of any other kind of explanation, one tends to gravitate toward one of these or another, with #3 being the very most exciting of all of them.

    1. Alistair 3

      Re: Not sure I buy it, but...

      How about:

      4) Based on the the total number of ip addresses in the world .ru and .cn are bigger numbers just due to population.

      Just because you only saw one scan from .ad doesn't mean that Andorrans are somehow cleaner than the rest of us

      1. Anonymous Coward
        Anonymous Coward

        Re: Not sure I buy it, but...

        Or option 5) CIA up to its old tricks again

  10. tonysmith

    They say it like as if the US doesn't do the same thing...most probably on a much larger scale...heck - the US just invades countries, forget the whole hacking business...

  11. Destroy All Monsters Silver badge

    What's Cantonese for "Muahahaha!"?

    "Either a secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multi-year, enterprise-scale computer espionage campaign right outside of Unit 61398’s gates, performing tasks similar to Unit 61398’s known mission, or APT1 is Unit 61398."

    Maybe it' just exploits of a massage parlor working mom?

  12. dssf

    em-yoo-aye ha-ha ha ha-ha


    무아 하, 하, 하

    Chinese Simplified:


    Chinese Traditional:


    Traditional to Japanese:

    MUAハッハッハ . The actual google translate app gives a hellatioously funny audio representation in Japanese, though... Listening to the Chin/Trad audio from Swahili is funny, too.

    Toggling that to Chinese to Chinese Simplified is literal letter pronounciation, but is funny nevertheless.

    I had to break up muahahaha to grouped syllables because gt could not parse it on its own.

    Sigh... There must be 15,000 Chinese of various nationalities working for google. With all that 12%-15% time google allows key employees to pursue personal endeavors, one'd think that SOMEone in there would clean up the colloquial glitches in gt...

    1. P_0

      Re: em-yoo-aye ha-ha ha ha-ha


      That would really be ムアッハッハッハ , but to do an "evil" laugh in Japanese you probably wouldn't put a "MUA" in front anyway.

  13. P_0

    I don't know how reliable this report is - Antivirus/security firms love to talk up the threats.

    But China would be stupid not to be doing this. The US almost certainly is infiltrating foreign networks (stuxnet almost certainly US/Israeli).

    Cyberspace is the one domain of future warfare where China is on a level playing field. They would be stupid not to take advantage of that. IIRC they almost certainly stole plans for the F-35 "Budget Buster", whether they can reverse it is another matter, but they can and almost certainly are leveraging their computer expertise to catch up technologically with the US.

  14. Marcel

    Not hard evidence

    I have read the report and I don't see much hard evidence. There are a lot of facts in the report, but how they are linked together or where the facts come from stays a mystery. Not much substance and some dubious assumptions, in my humble opinion.

    For example, how do they link the attacks to PLA's Unit 61398?

    - They found that all attacks come from 4 /16 IPv4 net blocks (a total of 262k addresses), all owned by China Unicom. China Unicom is the 3rd largest telco in the world, with 273 million (!) customers in 2008.

    - Then they link the netblocks to a city, Shanghai (the largest city in China, population of 23 million).

    - Next they conclude that because the office of the Unicom engineer listed as contact person for the netblock is in the Pudong area

    - The PLA Unit 61398 is also in the Pudong area

    - Hence the IP addresses must belong to the PLA and is the source of the attack

    Let me translate this into English:

    - Suspect IP address belongs to a netblock owned by BT and is used in greater London area

    - The BT engineer's office is in the centre of London according to whois

    - MI6 is in the centre of London

    - Hence the attack came from MI6.

  15. Peter Clarke 1

    Obligatory Movie Quote

    'You know who ya gonna answer to? The Coca Cola company!'

    Major Bat Guano, Dr Strangelove

    Will we be seeing a soft drinks gap emerge with the commies????

This topic is closed for new posts.

Other stories you might like