The cyber threat from China

Mar 26, 2013

Are hackers from China stealing U.S. secrets?

China has denied these allegations for years. But a recent report by cybersecurity firm Mandiant thoroughly documents the activities of a team in China that has apparently ransacked terabytes of data from U.S. corporations.

Our technology commentator, Strategic News Service publisher Mark Anderson, has been warning us about the growing cyber threat from China. On this month’s edition of The Digital Future, Mark tells KPLU’s Dave Meyer the Mandiant report is truly a “smoking gun".

The most dangerous groups on the Internet are known as Advanced Persistent Threats (APT). These are elite organizations, often with the backing of a government, that are responsible for massive security breaches in corporate computer systems around the world.

Of the dozens of APTs tracked by Mandiant, the firm chose to publicly document the activities of a group it refers to as APT1.

Mandiant says APT1 is one of about 20 APTs based in China.

Starting in 2006, Mandiant monitored APT1 as it compromised the security of 141 companies, downloading terabytes of intellectual property (IP) including blueprints, manufacturing secrets and business plans.

The cybersecurity firm says the targeted companies matched up with industries that China has identified as strategic to its growth in its 12th Five Year Plan.

Mandiant traced the hackers back to Unit 61398 of the People’s Liberation Army. The unit is in a 12 story building in Shanghai.

This is the first time an APT has been publicly documented and identified.

Mark hails this as a turning point, writing in Strategic News Service that “the days of nations stealing crown-jewel intellectual property from foreign firms and governments, without fear of reprisal, are essentially over”.

One thing Mandiant found was that although APT1 infiltrated computer systems and stole data, it didn’t destroy data or engage in other forms of sabotage.

Could this be a rule of cyber espionage? As long as you just steal data, and don't otherwise cause any harm, it falls short of an act of war?

Mark says there are no rules. We’re at war: an economic cyberwar.

According to Mark, the whole purpose of these cyberattacks is to disable the enemy. China is winning this cyberwar by stealing IP from U.S. companies, and then undercutting them by selling cheaper products in the global marketplace.

What can we do to protect ourselves?

The US government is taking a more aggressive stance. As the New York Times reports, the US Cyber Command is developing special teams to counter cyberattacks from other nations.

On the corporate front, Mark says companies should assume their crown jewels have already been stolen.

As Mark told us on a previous edition of The Digital Future, the best way for a company to protect its IP is to disconnect it from the Internet. It may be inconvenient, but it keeps your secrets safe from online attacks.