China Hits Out at Cyber Attack Claims

Email story
Comment on this story
Print story
A person walks past a building in Shanghai alleged to be the home of a Chinese military-led hacking group, Feb. 19, 2013.
A person walks past a building in Shanghai alleged to be the home of a Chinese military-led hacking group, Feb. 19, 2013.

China's defense ministry on Wednesday rejected claims that the People's Liberation Army (PLA) was behind a series of hacker attacks on U.S. corporate networks described in a report this week by the security firm Mandiant.

In a statement published on its website, the Ministry of National Defense denied claims made in a 74-page report by U.S.-based Mandiant which said it had traced a large number of transnational cyber-attacks to IP addresses assigned to a building it said belonged to the PLA in Shanghai.

Mandiant said the building was the home of the PLA's cyber-espionage "Unit 61398," which it said had stolen data, including intellectual property, from at least 141 companies since 2006.

"In relying only on linking IP addresses for its conclusion that hacking attacks originated in China, the report lacks technical proof," the ministry said.

It said transnational cyber-attacks were notoriously hard to pinpoint: "The use of usurped IP addresses to carry out hacking attacks happens every day."

The statement said there was no clear definition of what was meant by the term 'hacking attack,' nor was there any legal evidence to support Mandiant's claims.

It said that China had also been the target of cyber attacks from IP addresses originating in the U.S., adding: "We have not blamed the U.S. government for this."

Possible support

However, Mandiant's report said it was "highly unlikely" the Chinese government was unaware of the hacking attacks, and was possibly supporting the cyber-espionage.

Professor Wang Weizheng of the University of Richmond said the allegations that the PLA was behind cyber-attacks on U.S. companies hadn't come as a surprise.

"China is at the forefront of using cyber-attacks on other countries," he said. "A lot of research from different countries is showing the same thing."

Earlier this month, The New York Times newspaper accused hackers traced to China of "persistently" infiltrating its computer networks over the last four months, also sparking an angry denial from Beijing.

The paper had hired a team of computer security experts to trace the attacks and block any back doors through which they were gaining access to the system, it said.

Cyber security experts said, however, that the report should be taken in the context of widespread cyber-espionage carried out by a large number of countries.

Security expert Jeffrey Carr wrote in a recent blog post: "My problem is that Mandiant refuses to consider what everyone that I know in the Intelligence Community acknowledges—that there are multiple states engaging in this activity; not just China."

Sichuan-based technology expert Pu Fei, who works for the Tianwang rights website, agreed.

"There are special units dedicated to cyber-espionage in every country, not just China," Pu said. "This is entirely normal."

"I think it's understandable, if a country is trying to protect national security, or obtain intelligence reports of a military and political nature," he said. "But if a government starts using this sort of facility to procure commercial secrets, then that's immoral and unacceptable."

Repeated denial

The Chinese government has repeatedly denied any involvement in hacking activities, saying it is opposed to them.

The Global Times newspaper, a tabloid with strong ties to the ruling Communist Party, hit out at the U.S. over the report, and previously reported allegations by media organizations and security firm McAfee.

"We have every reason to suspect the true intentions of the U.S. and its major allies in repeatedly hyping up a China cyber-hacking threat," the paper said in an editorial on Wednesday.

It called for details of similar allegations of attacks made on Chinese networks to be made public.

"As a long-term counter-measure, China needs to encourage those institutions and individuals who have been subject to cyber-attacks from U.S. IP addresses to stand up and tell the world what happened to them," it said.

Reported by Tang Qiwei for RFA's Mandarin service and by Wei Ling for the Cantonese service. Translated and written in English by Luisetta Mudie.

Comments (1)


Mandiant's report did not claim that the PRC is unique in harboring hacker attack centers such as PLA Unit 61398. It was merely focusing on the group of cyber-espionage hackers called APT1 who were targeting overseas corporations, mainly US but also including other "capitalist" nations, in industries considered strategic to the PRC's Five-Year Plan. Most of APT1's targets were corporations and their proprietary technology and other business secrets.

Feb 26, 2013 01:26 PM





More Listening Options

View Full Site