Commercial Cyberspying Offers Rich Payoff
For state-backed cyberspies such as a Chinese military unit implicated by a U.S. security firm in a computer crime wave, hacking foreign companies can produce high-value secrets ranging from details on oil fields to advanced manufacturing technology.
This week’s report by Mandiant Inc. adds to mounting suspicion that Chinese military experts are helping state industry by stealing secrets from Western companies possibly worth hundreds of millions of dollars. The Chinese military has denied involvement in the attacks.
"This is really the new era of cybercrime," said Graham Cluley, a British security expert. "We’ve moved from kids in their bedroom and financially motivated crime to state-sponsored cybercrime, which is interested in stealing secrets and getting military or commercial advantage."
Instead of credit card numbers and other consumer data sought by crime gangs, security experts say cyberspies with resources that suggest they work for governments aim at better-guarded but more valuable information.
Companies in fields from petrochemicals to software can cut costs by receiving stolen secrets. An energy company bidding for access to an oil field abroad can save money if spies can tell it what foreign rivals might pay. Suppliers can press customers to pay more if they know details of their finances. For China, advanced technology and other information from the West could help speed the rise of giant state-owned companies seen as national champions.
"It’s like an ongoing war," said Ryusuke Masuoka, a cybersecurity expert at Tokyo’s Center for International Public Policy Studies, a private think tank. "It is going to spread and get deeper and deeper."
Mandiant, headquartered in Alexandria, Virginia, said it found attacks on 141 entities, mostly in the United States but also in Canada, Britain and elsewhere.
Attackers stole information about pricing, contract negotiations, manufacturing, product testing and corporate acquisitions, the company said. It said multiple details indicated the attackers, dubbed APT1 in its report, were from a military unit in Shanghai, though there was a small chance others might be responsible.
Target companies were in four of the seven strategic industries identified in the Communist Party’s latest five-year development plan, it said.
"We do believe that this stolen information can be used to obvious advantage" by China’s government and state enterprises, Mandiant said.
China’s military is a leader in cyberwarfare research, along with its counterparts in the United States and Russia. The People’s Liberation Army supports hacker hobby clubs with as many as 100,000 members to develop a pool of possible recruits, according to security consultants.
Mandiant said it traced attacks to a neighborhood in Shanghai’s Pudong district where the PLA’s Unit 61398 is housed in a 12-story building. The unit has advertised online for recruits with computer skills. Mandiant estimated its personnel at anywhere from hundreds to several thousand.
On Wednesday, the PLA rejected Mandiant’s findings and said computer addresses linked to the attacks could have been hijacked by attackers elsewhere. A military statement complained that "one-sided attacks in the media" destroy the atmosphere for cooperation in fighting online crime.
Many experts are not swayed by the denials.
"There are a lot of hackers that are sponsored by the Chinese government who conduct cyberattacks," said Lim Jong-in, dean of Korea University’s Graduate School of Information Security.