From Mandiant, a US cyber-security consultancy, comes some damning accusations  on China’s corporate espionage:

The [Chinese Government] has demonstrated the capability and intent to steal from dozens of organizations across a wide range of industries virtually simultaneously. Figure below provides a view of the earliest known date of [government espionage] activity against all of the 141 victims we identified, organized by the 20 major industries they represent. The results suggest that APT1’s mission is extremely broad; the group does not target industries systematically but more likely steals from an enormous range of industries on a continuous basis. Since the organizations included in the figure represent only the fraction of APT1 victims that we confirmed directly, the range of industries that APT1 targets may be even broader than our findings suggest.



Attack Lifecycle Model


More charts after the jump





Category: Digital Media, War/Defense

Please use the comments to demonstrate your own ignorance, unfamiliarity with empirical data and lack of respect for scientific knowledge. Be sure to create straw men and argue against things I have neither said nor implied. If you could repeat previously discredited memes or steer the conversation into irrelevant, off topic discussions, it would be appreciated. Lastly, kindly forgo all civility in your discourse . . . you are, after all, anonymous.

10 Responses to “Timeline of Cyber-Attacks from China”

  1. VennData says:

    So American rolls out the Stux-net. People ask why would China attack the NY Times? The WSJ?

    The same reason they would do something “crazy” like explode a rocket in space…

    …to get us to make an agreement to limit the power we have.

  2. contrabandista13 says:

    Isn’t that illegal…? :-)

  3. oa92000 says:

    Every countries do that.. US, Russia, Israel..they all do cyber attack..

  4. DSS10 says:

    1) Unit 61398, as we know it now, has been around and active since ~2002. This is not news but the fact that the US is talking sanctions is big news.
    2) The PLA is not only an Army but is also a major commercial interest in china. They were for a while in the 90″s the number one partner to use under the 51% requirements for domestic investments.
    3) The only growth area right now for defense contractors is for Cyber security so epect to see a lot of press release driven news items (like this one) fostering Fear, Uncertainty, and Doubt for both government clients and the public at large.
    4) The real data breaches are driven not by phishing emails as is often mentioned but rather corrupt infrastructure (i.e. the java vulnerability from earlier this week) and “back dooring” applications.
    5: RE VennData: The use of Stux-net was not hacking in that the iranian system had “Air Gap” security (no connections to either the internet or other breachable system. The S-N code was either inserted at Siemens (The OEM) or manually inserted via a thumb drive on-site. The NYT intrusions was to find sources related to embarrassing articles about corruption and activities related to senior political officials.

  5. dsawy says:

    These are the inevitable results of trading with communists.

    When I worked in the defense sector in the 80′s, we had actual computer security, as well as physical security, in many high-tech plants. It started with requiring US citizenship, or even natural-born US citizenship, to work on sensitive (but unclassified) projects, and went up into compartmented clearances from there.

    Today, we can’t even get CEO’s to agree to exclude non-citizens from talks being given to corporations on computer security threats by the NSA. So the NSA comes out, gives a very generic dog-n-pony show that anyone who reads the computer industry tabloids could give you, and management thinks they’ve done their part for computer security.

    And here, we see the inevitable result.

    Industry and the government could have real computer security if they wished. It wouldn’t require some technology that has yet to be invented, or even much in the way of expense. It would require consistent effort and sound practices… and that’s what the US no longer seems to want to do.

    So you get what we have here.

  6. S Brennan says:

    “they all do it” is humorous. It’s easy to be nonchalant when the harm falls on some shlepp who lives on the other side of the tracks, or when you are ignorant of the implications.

    Han China was once the world’s most powerful empire and for better, or worse they feel entitled as a people to be so again. The US, on the other hand, for better, or worse is currently the world’s most powerful empire. Historically, when empires weaken from internal corruption and a nation with both the size and muscle to challenge the current hegemon rises..a war of great scale has been the result. That was what WWI/II was about, Germany wanted to replace the power of the British…if only those damn Americans hadn’t gone and screwed everything up!

    Today, the elite of the west force feed the populous feces of their corruption and the nation sickens from the diet. The Chinese are a smart, capable and patient people who understand the principles of all it’s forms. These are just cat-paws of what is to come if our controlling elite do not come to their senses. We beat the Soviets, not with weapons, but because US society of the time possessed a superior system. A well regulated, free economy is hard to fact, nobody has. Why we have turned our back on a system that took on all comers and then beat them senseless to the canvas is beyond my comprehension.

    …or are things are really different this time because…[insert lame reasoning here]?

  7. ilsm says:

    I do not see anyone will have much success “data mining” the US. Denial of service may be the biggest “threat”.

    The US has been slow to adopt open source protocols. Can’t get the ‘taxonomies’ straight. Look how hard it has been to get quality stuff from vendor manufacturers using assemblers’ designs.

    However, if the current groups do figure out how to overcome the lack of business rules and taxonomies, they could come here and make billions.

  8. Iamthe50percent says:

    Reportedly the hacking attacks are from a PLA group in Shanghai. All the attempts to break into my network have come from IP addresses near Beijing. Or are the IP addresses only registered with Beijing physical addresses? The real computers used could be physically in Shanghai (or Omaha!). Still, I wonder if this is just the nose of the camel.

  9. dsawy says:

    Things are different this time because in the 80′s and 90′s, the bulk of computer technology was in the hands of people who knew something about it.

    Today, any goddamn fool can own a computer with sensitive data on it. And in high levels of government and corporate management, most do.

    More and more IT people are beginning to think that the situation would be much better if we took data away from people, stored it on servers and mainframes (ie, under the management and care of IT professionals who know their computer security issues and care about said issues) and handed out nothing but tablets to the ignorant masses. Give them a secure VPN and a DES password card for access to the data and call it done.

  10. formerlawyer says:

    True story. Early 80′s working at a University computer science spin-off. Got a contract to work on distributed systems for XXXX (SXr WXX). Naval Intelligence (I have no idea why?) got wind that we were doing work on Unix computers (there was a more secure Multics ie. NORAD level security, installation as well) and were concerned that we had a Chinese Graduate Student in the program. Showed up asking about the particular project we were working on. Asking all sorts of questions, did they have accounts, could they access the system etc. oh by the way could they talk to project supervisor?

    Sure we said – directing them to the Chinese Grad Student who initiated, designed and was in charge of the project.