Commentary: China will never forego rights on regulating cyberspace


  • Since 2011, China has been repeatedly given “negative evaluations” over its Internet regulation by some western countries and non-governmental organizations. In a time, criticism and smearing of China prevail on the Western media. However, under no circumstances would the Chinese government forego its rights on regulating Internet, as the cyberspace is filled with threats. China has all rights to decide its way of regulating Internet based on its actual conditions and its cultural and historical traditions, and in line with rule of law and the common practice of countries.

China Increases Scrutiny of Internet, Tech Companies

May 25, 2016

  • The Chinese government has proposed taking part ownership of the country’s biggest Internet companies, and is subjecting American technology companies to mandatory reviews.Both moves are raising fears the government is attempting to exert even more control over web and tech firms in China.

ACM-ICPC International Collegiate Programming Contest Results 2016

China Denounces Pentagon Report That Cited Cyberwarfare Threat

May 14, 2016

  • China is denouncing interpretations of its military operations in the East and the South China Sea contained in a new new U.S. Defense Department report that spotlighted a focus on cyberwarfare. The report “deliberately distorted” China’s defense policy and legitimate actions, spokesman Yang Yujun said in a statement posted Saturday on the Chinese defense ministry’s official feed on Weibo, the popular Chinese microblogging site.

China, US anti-hacking group holds first talks since September pact

12 May, 2016

  • A group of senior US and China cyber officials has held its first meeting since the two countries struck an anti-hacking agreement in September to try to ease years of acrimony over the issue. The so-called Senior Experts Group on International Norms and Related Issues is expected to gather twice a year, the US State Department said in a statement announcing the meeting on Wednesday.

China ‘Serious’ About Becoming the Next ‘Cyber-Superpower’


  • Beijing has announced a long-term program to turn China into one of the world’s leading high-tech centers; the decision can be seen as the Chinese government’s attempt to make their country a “global cyber superpower,” Jewish expert Izhar Shay wrote an article which was published by the Israeli newspaper Globes.

FBI chief sees better cyber cooperation from China

April 26, 2016

  • FBI Director James Comey said Tuesday he has seen some improvement in cooperation from China in fighting cybercrime following last year’s bilateral agreement on the issue. Chinese authorities “seem to have an agreed upon framework for what is nation-state action appropriate, that is intelligence collection, and what is theft,” Comey told a cybersecurity event in Washington, when asked about international cooperation on cybercrime. “There are signs of progress in the Chinese helping us impose costs on active engagement and theft. I’m reasonably optimistic (about China), less so with Russia.”

Commentary: U.S. claim of “Chinese hacker attacks” serves selfish interests


  • The recent claim of “Chinese hacker attacks” is yet another example of self-serving rhetoric by the U.S. military and government going as far as being “creative.” By fabricating such “Chinese hacker threat” rhetoric under the “China threat” cliche, certain interest groups in the United States would stand to benefit in terms of the budget and to realize other ulterior motives. In similar cases, the U.S. military has applied hyperbolic technique and freak mindset, which are typically seen in Hollywood movies. James D. Syring, director of the U.S. Defense Department’s Missile Defense Agency (MDA), threw a shocking speech on Thursday in a House of Representatives hearing, claiming Chinese military hackers were conducting cyber attacks on the Pentagon’s MDA network “every day.”

This Chinese hacker claims he can hack your car, even without an internet connection

Apr 13, 2016

  • If you drive an internet-connected smart car, you’re probably aware of the danger of your system being compromised by hackers. But if you’ve got a dumb car like me, you probably think you’re safe, right? Apparently not. At least not according to Chinese hacker Daishen (it means “stupid god” and it’s not his real name). He told Chinese tech news site Leiphone that he can hack not-so-smart cars including the Volkswagen Toureg, Audi A6, Audi A7, and likely quite a few more.

US military cyber head questions Beijing’s spying activities

April 5, 2016

  • Six months after Washington and Beijing agreed not to conduct cyber attacks on each other’s private sector for commercial gain, a top US spy questioned Tuesday whether China has cut such activities. In September 2015, President Barack Obama and his Chinese counterpart Xi Jinping announced an accord under which neither the United States nor the Chinese government would conduct cyber-enabled theft of intellectual property. But Admiral Michael Rogers, who heads the US military’s Cyber Command, told lawmakers it was unclear if the Chinese government was holding up its end of the deal.

Russia, China are greatest cyberthreats, but Iran is growing

Apr. 5, 2016

  • Russia and China present the greatest cyber security threat to the U.S., but Iran is trying to increase and spend more on its capabilities, the Navy admiral in charge of the military’s Cyber Command told Congress Tuesday. Adm. Michael Rogers told the Senate Armed Services Committee that while the U.S. has more overall military power than the three countries, the gaps are narrower when it comes to cyber warfare.

China Seeks More Legal Muscle to Block Foreign Websites

March 29, 2016

  • BEIJING—China is considering new Internet rules that would pressure service providers to cut off access to foreign websites, adding to the government’s growing legal framework bolstering its control of cyberspace.

China’s first national NPO in cyber security founded


  • China’s first national non-profit organization (NPO) for cyber security was founded Friday, to pool resources that will support the safety and development of the Internet. The Cyber Security Association of China comprises 257 founding members, including major Internet firms, cyber security enterprises, scientific research institutions and individuals.

China Hacked F-22, F-35 Stealth Jet Secrets

March 24, 2016

  • A Chinese businessman pleaded guilty this week to conspiracy to hack computer networks of U.S. defense contractors and obtain sensitive data on military aircraft that was passed on to China. Su Bin, also known as Stephen Su and Stephen Subin, reached a plea deal in U.S. District Court in Los Angeles on Tuesday, following a 2014 criminal complaint and later indictment for illegal computer hacking and theft and transfer of export-controlled data.

China Continuing Cyber Attacks on U.S. Networks

March 18, 2016

  • Six months after China pledged to halt cyber espionage against the United States, Beijing’s hackers continue to conduct cyber attacks on government and private networks, the commander of U.S. Cyber Command told Congress. Despite a formal pledge made by Chinese leader Xi Jinping in September, “cyber operations from China are still targeting and exploiting U.S. government, defense industry, academic, and private computer networks,” Adm. Mike Rogers, the Cybercom chief, said in prepared testimony to a House Armed Services subcommittee on Wednesday.

U.S. ransomware attacks linked to Chinese hackers

Mar 15, 2016

  • Hackers using tactics and tools previously associated with Chinese government-supported computer network intrusions have joined the booming cybercrime industry of ransomware, four security firms that investigated attacks on U.S. companies said. Ransomware, which involves encrypting a target’s computer files and then demanding payment to unlock them, has generally been considered the domain of run-of-the-mill cyber criminals.

Information Warfare: Chinese Militia Invades Facebook

February 16, 2016

  • On January 20th members of a Chinese message board (Di Ba) launched a massive attack on Facebook that resulted in over 100,000 comments added over eight hours to the Facebook page of Tsai Ing-wen, Taiwan’s newly elected president. Also hit were several Taiwanese Facebook pages advocating an independent Taiwan. The Di Ba member comments opposed Taiwanese independence. China considers Taiwan a renegade province of China and threatens to invade if Taiwan declares independence. Tsai Ing-wen has expressed interest in independence. China has banned its citizens from using Facebook and made it very difficult for anyone inside China to even access Facebook. There are Chinese equivalents as well as some of the largest message boards on the Internet. Di Ba is one of the largest of these with about 20 million members.

Top US Spy Chief: China Still Successful in Cyber Espionage Against US

February 16, 2016

  • Last week, the Director of National Intelligence, James R. Clapper, delivered his annual threat briefing to the Senate Armed Forces Committee noting that China remains engaged in malicious activities in cyberspace against the United States, despite a U.S.-Chinese bilateral agreement to refrain from conducting or knowingly supporting commercial cyber-espionage. “China continues to have success in cyber espionage against the U.S. government, our allies, and U.S. companies,” Clapper emphasized. “Beijing also selectively uses cyberattacks against targets it believes threaten Chinese domestic stability or regime legitimacy.”

Chinese cyber strategy-building deterrence

February 14, 2016

  • While China was assessed to have cyber warfare capabilities for quite some time, the declaration by its Central Military Council of the formation of a new military branch focussed on digital battleground technically called Strategic Support Force on 1st Jan. 2016 confirmed this. This new force is mainly aimed at providing resources capable of protecting China’s cyber and space security. On this occasion Xi pointed out that this force is central to achieving the “Chinese Dream” suggesting its importance.

Hacking by China, Iran and North Korea set to increase dramatically over next 12 months

February 8, 2016

  • Now, a recently released threat intelligence report from US-based cybersecurity firm Crowdstrike has warned that invasive nation state hacking emerging from China, Iran and North Korea looks set to thrive in the year ahead.

Report: China bolsters state hacking powers

February 4, 2016

  • At a time when Chinese President Xi Jinping is in the spotlight for inking a landmark deal with the US barring economic espionage, a new report released Wednesday shows that he may be giving his security and intelligence agencies a larger role in helping Beijing hack foreign companies.

Unexpected Espionage Targets

Jan. 29, 2016

  • The theft of personal information regarding millions of government employees and their associates from an Office of Personnel Management database – which cybersecurity experts have attributed to China –represents an enormous intelligence threat that is still not fully understood. Since discovering the theft last spring, government officials have been preoccupied with assessing the risks to national security, but they must also address its potential to enable an adversary to steal valuable economic and commercial information.

Chinese Military Revamps Cyber Warfare, Intelligence Forces

January 27, 2016

  • A recent Chinese military reorganization is increasing the danger posed by People’s Liberation Army cyber warfare and intelligence units that recently were consolidated into a new Strategic Support Force. The announcement of the military reorganization made on Dec. 31 by the Chinese government provided few details of what has changed for three military intelligence units formerly under the now-defunct General Staff Department.

Scarlet Mimic Threat Group Takes Aim at Chinese Dissidents

26 Jan 2016

  • Security experts are warning of a new multi-year advanced cyber espionage campaign targeted against Uyghur and Tibetan activists as well as Russian and India anti-terrorist agencies. The so-called “Scarlet Mimic” group has been operating since 2009, using spear phishing and watering hole attacks to infect users. Although the security vendor fell short of direct attribution to the Chinese government, it admitted that the main targets of the group – Uyghur and Tibetan activists – have “a history of strained relationships” with Beijing.

China and Indonesia: Joint Cyber War Simulations

January 26, 2016

  • The news on Saturday that Indonesia and China will cooperate in cyber war exercises is big enough in itself for strategic relationships in the region. At the same time, it shows that the two countries have an advanced understanding of what cyber war will look like and it sets a new diplomatic precedent in how states must work together in preparing for the most likely impacts of cyber war.

Indonesia-China to actualize cooperation on cyber defense

23 Januari 2016

  • Indonesia and China are to actualize their cooperation on cyber security especially concerning capacity building for the human resources involved, an official said. Indonesia and the Cyberspace Administration of China (CAC) met earlier this week in a pre-agreement or pre-MoU regarding capacity building for cyberspace human resources, Expert Staff of the National Cyber Information Defense Security and Resilient Agency (DKKICN) Muchlis Ahmady said here Saturday.

Ex-Pentagon chief: Iran, China or Russia may have gotten to Clinton server

January 21, 2016

  • Former Defense Secretary Robert Gates says he believes foreign countries like Russia, China and Iran may have hacked the private email server Hillary Clinton used while secretary of State. “Given the fact that the Pentagon acknowledges that they get attacked about 100,000 times a day, I think the odds are pretty high,” he said Thursday during an interview on “The Hugh Hewitt Show.” Gates said he agreed with former acting CIA Director Mike Morell’s claim that the server had probably been hacked by either Russia, China or Iran.

Chinese soldiers implicated in U.S. military hacking case

Jan. 18, 2016

  • Two Chinese government soldiers were part of a hacking conspiracy allegedly carried out by a Chinese resident of Canada to steal secrets relating to components of F-35s and other American warplanes, according to court-filed documents. Prosecution “books of record,” recently released by a Vancouver court following a request from The Globe and Mail, make explicit Chinese military ties that were not publicly alleged when this rare cyberespionage prosecution was launched in 2014. The case centres on Su Bin, a 50-year-old Chinese aviation-industry entrepreneur residing in Vancouver, and the two unnamed “co-conspirators” revealed to be Chinese soldiers. Despite their military connection, it remains unclear whether the alleged scheme was state-sponsored, or whether the conspirators were essentially soldiers moonlighting to enrich themselves.

How China’s spies can watch you at your desk

2016 Jan 17

  • This week on 60 Minutes, Lesley Stahl explores the devastating impact of Chinese corporate spying and intellectual property theft. The story reports that U.S. companies have already lost hundreds of billions of dollars and more than two million jobs to what’s been called “the great brain robbery” of America. “Every single sector of the American economy has been affected,” correspondent Lesley Stahl tells 60 Minutes Overtime editor Ann Silvio. “It’s a major, major concern.”

China domain ‘.cn’ becomes world’s largest

January 8, 2016

  • China’s country code domain “.cn” is now the world’s most commonly used, the state media reported. It had 16.36 million users by the end of 2015, topping Germany’s “.de”, Xinhua cited China Internet Network Information Centre (CNNIC), which manages the domain, data released on Friday. The .cn domain is also world leading in domain resolution service, security and the ratio of benign uses, said CNNIC head Li Xiaodong.

China vows to make Party’s voice strongest in cyberspace


  • China’s Internet regulator vowed to make the views of the ruling Communist Party of China (CPC) the “strongest voice in cyberspace.” The Cyberspace Administration of China (CAC) discussed cyberspace publicity work on Tuesday and Wednesday, with a statement issued after the talks promising continued exploration and improvements to the governance of cyberspace with Chinese socialist characteristics.

It’s (Finally) Official: China Creates Cyberwarfare Military Branch

20:40 01.01.2016

  • China has long been rumored to possess cyberwarfare capabilities, and now the country’s military has kicked off 2016 by creating a new military branch focused on the digital battleground. China’s Central Military Council announced on Jan 1 that it has created three new military forces; one of these, according to the council’s website, deals with what it calls ‘cyber war forces.’ The new forces include the General Command for the People’s Liberation Army (a central command for ground forces), the Rocket Force and the Strategic Support Force. During the ceremony for the new forces in Beijing, Chinese President Xi Jinping passed the flags to the units.

Website launched to boost cloud computing-based manufacturing


  • China Aerospace Science and Industry Corp, one of the nation’s largest defense contractors, launched on Friday a website dedicated to boosting cloud computing-based manufacturing, the company said in a statement. The website, called CASICloud, aims at integrating Internet technologies with intelligent manufacturing and facilitating resources sharing. It targets industrial enterprises in China and overseas, according to the company.

‘White-hat’ hackers key force in cybersecurity


  • Amateur expertsare helping to spot potential loopholes, as Cao Yin reports. A very small office near the Sixth Ring Road in Beijing houses a very big dream, one that’s shared by thousands of Internet security enthusiasts across China. The office is the home of Wooyun, the country’s largest online community of “white-hat” hackers-private individuals who deliberately hack corporate and government computer systems to detect and expose security loopholes and help prevent cyber-attacks.

China allows no compromise on cyberspace sovereignty


  • At the opening of the second World Internet Conference on Wednesday, China made sure its voice was heard: Every country has the right to create its own Internet governance model, and the cyber sovereignty of all nations should be respected. China firmly opposes Internet hegemony, foreign interference in internal affairs, and incitement that could threaten national security, President Xi Jinping said during his opening remarks at the conference. The Internet is not beyond law and it should be ruled in accordance with a country’s laws and regulations.

China behind ‘massive’ cyber-attack on Australian government: ABC

Dec 2, 2015

  • A major cyber-attack against Australia’s Bureau of Meteorology that may have compromised potentially sensitive national security information is being blamed on China, the Australian Broadcasting Corporation (ABC) reported on Wednesday. The Bureau of Meteorology owns one of Australia’s largest supercomputers and the attack, which the ABC said occurred in recent days, may have allowed those responsible access to the Department of Defence through a linked network.

China, U.S. high-level cyber crime talks to begin Tuesday

Nov 30, 2015

  • Top U.S. and Chinese officials will convene this week in Washington for the first round of cyber security talks following the signing of a bilateral anti-hacking accord in September. China’s Public Security Minister Guo Shengkun is in Washington through Sunday and will meet U.S. Secretary of Homeland Security Jeh Johnson, Chinese state media reported. U.S. Attorney General Loretta Lynch is also expected to take part in the discussions.

State Department warns China IP hacking will continue

November 25, 2015

  • American companies doing business in China will face a continuing threat to their intellectual property under Chinese President Xi Jinping’s security policies, according to a State Department security report. China’s large-scale information hacking is not limited to recent incidents like the theft of Office of Personnel Management records on 2.1 million federal workers, according to the report by department’s diplomatic security office produced for the Overseas Security Advisory Council.

Chinese underground leads the world in cyber criminal innovation

25 November 2015

  • Two years ago, the last research report by Trend Micro on the bustling Chinese underground saw compromised hosts, DDoS attack tools services, and remote access Trojans (RATs) being sold. According to its most recent research, Trend Micro has found that China’s tech-savvy crooks are trading in social engineering tools, point-of-sale (POS), automatic teller machine (ATM) and card skimmers, as well as personal data.

China building its own uncrackable smartphone


  • China is seeking to construct its own uncrackable smartphones in an attempt to evade U.S. surveillance programs, The Wall Street Journal reported. The effort is part of the Asian power’s efforts to develop homegrown technology to replace foreign products. The majority of the smartphone operating systems and processors in China rely on either Apple or Google technology. Hackers frequently infiltrate phones through these components, and China fears that American companies are compromised by U.S. intelligence agencies.

U.S. counterintelligence chief skeptical China has curbed spying on U.S.

Nov 18, 2015

  • U.S. counterintelligence chief Bill Evanina said on Wednesday he was skeptical China had followed through on recent promises to curb spying on the United States. Evanina told a briefing that he had seen “no indication” from the U.S. private sector “that anything has changed” in the extent of Chinese espionage on the United States.

Cyberwar division behind Tsai Web site blitz: analysts

Nov 13, 2015

  • Defense analysts yesterday said that the Chinese army’s top electronic warfare division, “Unit 61398” was behind Wednesday’s onslaught of messages posted by Chinese netizens targeting the Facebook fan page of Democratic Progressive Party (DPP) Chairperson Tsai Ing-wen (蔡英文). The event was an attack on Tsai under directives given by Unit 61398 to test its cyberwarfare operations, when China’s strict Internet security was eased temporarily to allow access to Facebook on Wednesday, Chinese-language magazine Asia Pacific Defense editor-in-chief Cheng Chi-wen (鄭繼文) said.

China Military Seeks to Bring Cyber Warfare Units Under One Roof

October 22, 2015

  • China’s military chiefs are seeking to unify the country’s cyber warfare capabilities as they build a modern fighting force that relies less on ground troops. The plan is part of a broader shift toward a unified military command similar to that of the U.S. to meet President Xi Jinping’s goal of transforming the People’s Liberation Army into a force that can “fight and win modern wars.” It will be discussed at a meeting of top leaders next week, according to people familiar with the matter.

China Tried To Hack American Companies Since Agreeing To Cyber Pact, Security Firm Says

Oct 19, 2015

  • Hackers associated with the Chinese government have tried to penetrate at least seven U.S. companies in the three weeks since Washington and Beijing agreed not to spy on each other for commercial reasons, according to a prominent U.S. security firm. CrowdStrike Inc said software it placed at five U.S. technology and two pharmaceutical companies had detected and rebuffed the attacks, which began on Sept. 26.

Ocean-Focused Research Center Attacked By Chinese Hackers: Huh? Why?

By Aaron Mamiit, Tech Times | October 17 2015

  • The Woods Hole Oceanographic Institution (WHOI), which is a private and nonprofit facility doing scientific research focused on the world’s oceans, revealed that it was the recipient of an aggressive hacking attack that can seemingly be traced back to China.

China’s Cyber Spies Take to High Seas as Hack Attacks Spike

David Tweed October 15, 2015

  • In the midst of a weeklong hearing on a South China Sea territorial dispute, the website of the Permanent Court of Arbitration in The Hague went offline.

In a first, Chinese hackers are arrested at the behest of the U.S. government

By Ellen Nakashima and Adam Goldman October 9

  • The Chinese government has quietly arrested a handful of hackers at the urging of the U.S. government — an unprecedented step to defuse tensions with Washington at a time when the Obama administration has threatened economic sanctions.
  • The arrests come amid signs of a potential change in the power balance between the U.S. and Chinese governments on commercial cyberespionage, one of the most fraught issues between the two countries. For years, U.S. firms and officials have said Beijing hasn’t done enough to crack down on digital larceny. Experts estimate that Chinese industrial hacking costs U.S. firms tens of billions of dollars annually.

Hackers in China, South Korea, Germany targeted Clinton’s server: AP

October 8, 2015

  • WASHINGTON (Reuters) – Computer hackers in China, South Korea and Germany tried to attack Democratic presidential candidate Hillary Clinton’s private email server after she left the U.S. State Department in February 2013, the Associated Press reported on Thursday. “It was not immediately clear whether the attempted intrusions into Clinton’s server were serious espionage threats or the sort of nuisance attacks that hit computer servers the world over,” the AP said, citing a congressional document.

U.S. pulls spies from China after hack

By Evan Perez 2015/09/30

  • The United States is pulling spies from China as a result of a cyberattack that compromised the personal data of 21.5 million government workers, a U.S. official said Tuesday. The U.S. suspects that Chinese hackers were behind the breach at the U.S. Office of Personnel Management, which exposed the fingerprints of 5.6 million government employees.

US intel official not optimistic about cyber deal with China

By DEB RIECHMANN Sep. 29, 2015

  • WASHINGTON (AP) — The nation’s top intelligence official said Tuesday that he’s not optimistic that an agreement the U.S. recently struck with China will effectively deter state-sponsored cyberattacks on business emanating from the communist nation.

Obama: U.S. and China Reach Cyber-Espionage ‘Common Understanding’

by Julianne Pepitone Sep 25 2015

  • The United States and China have agreed not to “conduct or knowingly support” cyber-theft of intellectual property or commercial trade secrets, the presidents of both countries announced Friday in an address at the White House Rose Garden. Chinese President Xi Jinping, whose arrival in the U.S. this week marked his first-ever visit as president, jointly led the press conference with Obama. Despite mounting reports of cyberattacks on U.S. entities being linked to China, the nation has repeatedly denied involvement in such hacks.

Cyber Sleuths Track Hacker to China’s Military

The story of a Chinese military staffer’s alleged involvement in hacking provides a detailed look into Beijing’s sprawling state-controlled cyberespionage machinery

By Josh Chin Sept. 23, 2015

  • The growing reach of China’s army of cyberwarriors has become a flash point in relations between Beijing and Washington that President Barack Obama said will be a focus during Chinese President Xi Jinping ’s state visit to the U.S. this week. Cyberspace is the newest domain in warfare, and China’s relentless testing of its boundaries has flustered the U.S. The story of the Chinese military staffer’s alleged involvement in hacking provides a detailed look into Beijing’s sprawling state-controlled cyberespionage machinery.

5.6 million fingerprints stolen in U.S. personnel data hack: government

WASHINGTON | By David Alexander Wed Sep 23, 2015

  • Hackers who stole security clearance data on millions of Defense Department and other U.S. government employees got away with about 5.6 million fingerprint records, some 4.5 million more than initially reported, the government said on Wednesday. The additional stolen fingerprint records were identified as part of an ongoing analysis of the data breach by the Office of Personnel Management and the Department of Defense, OPM said in a statement. The data breach was discovered this spring and affected security clearance records dating back many years.

US, China Race To Boost Military Coding Personnel

September 21, 2015

  • As U.S. and Chinese leaders reportedly negotiate red lines in cyberspace, there is a hacker troop build-up playing out in their respective countries. It is believed China’s People’s Liberation Army has the deeper bench, with an estimated 100,000 code warriors recruited over the past two decades, and the world’s most powerful supercomputer. By comparison, U.S. Cyber Command started from near-scratch in 2010 and wants to reach a force size of 6,200 by 2016.

US, China in urgent talks on crucial cybersecurity deal

International Business TimesBy Jigmey Bhutia | International Business Times – Sun, Sep 20, 2015

  • The United States and China could agree on the cybersecurity deal, which has been under serious negotiations in recent weeks, when the Asian country’s president visits Washington on Thursday, 24 September. The US has often accused China of espionage and poaching intellectual data and experts believe that the deal would address the issue of cyber attacks on the country’s vitals services. According to a New York Times report, the agreement would protected against unauthorised use of electronic data of power stations, hospitals and cellphone networks. The US wants China to follow the code of conduct recently adopted by a working group at the United Nations. The key note in the UN document states that no country can allow cyber activity that cripples another’s critical infrastructure during peacetime.

In speech to CEOs, Obama threatens China with retaliation over hacking

Gregory Korte, USA TODAY 12:24 p.m. EDT September 16, 2015

  • WASHINGTON — President Obama did some cyber saber-rattling with China Wednesday, saying that the United States “is prepared to take some countervailing measures to get their attention.”
  • “We have repeatedly said to the Chinese government that we understand traditional intelligence-gathering functions that all states, including us, engage in,” Obama told the quarterly gathering of CEOs. “That is fundamentally different from your government or its proxies engaging directly in industrial espionage and stealing trade secrets, stealing proprietary information from companies. That we consider an act of aggression that has to stop.”

China reportedly compiling ‘Facebook’ of U.S. government employees

By Catherine Herridge, Matthew Dean Published September 16, 2015

  • A private industry IT security firm tells Fox News that personal data stolen over the span of several high-profile U.S. cyber breaches is being indexed by China’s intelligence service into a massive Facebook-like network. According to CrowdStrike founder Dmitri Alperovitch, Chinese hackers are using information gained from the breaches of the U.S. Office of Personnel Management, as well as intrusions into the Anthem and CareFirst BlueCross BlueShield health insurance networks, to build a complete profile of federal employees in what the company calls a “Facebook of Everything.”

U.S., Chinese officials meet on cyber security issues: White House

Sat Sep 12, 2015

  • Senior U.S. and Chinese officials concluded four days of meetings on Saturday on cyber security and other issues, ahead of Chinese President Xi Jinping’s visit to Washington later this month, the White House said. Cyber security has been a divisive issue between Washington and Beijing, with the United States accusing Chinese hackers of attacks on U.S. computers, a charge China denies.
  • The Chinese delegation also had meetings with Federal Bureau of Investigation Director James Comey and representatives from the Justice, State and Treasury departments and the intelligence community, the statement said.

Obama Warns China U.S. Will Win Any Competition in Cyberspace

Angela Greiling Keane September 11, 2015

  • Obama, who is set to meet with Chinese President Xi Jinping later this month at the White House, said he plans to make clear that “certain practices” coming out of China aren’t acceptable and that the two nations must come to terms on basic rules of behavior in cyberspace. “There comes a point at which we consider this a core national security threat and we will treat it as such,” Obama said Friday in a question-and-answer session with members of the military at Fort Meade, Maryland. Cyber-warfare is the new theater for conflict between nations and non-state actors, he said.

China and Russia cross-referencing OPM data, other hacks to out US spies

LA Times: Criminal organizations, private companies used to gather and analyze data.

by Sean Gallagher – Aug 31, 2015

  • The identities of a group of American technical experts who have provided assistance to covert operations by the US government overseas have been compromised as the result of cross-referencing of data from the Office of Personnel Management (OPM) and other recent data breaches, according a Los Angeles Times report. The Times’ Brian Bennet and W. J. Hennigan cited allegations from two US officials speaking under the condition of anonymity that Chinese and Russian intelligence agencies have worked with both private software companies and criminal hacking rings to obtain and analyze data.
  • According to the report, the OPM hack and other major data breaches were being merged and analyzed by China in an effort to both ferret out US covert operations—to provide background information for targeted cyber-attacks—and to provide intelligence on individuals who could be targeted for blackmail. And Russia’s Federal Security Service (FSB) is also using recent data breaches and ties to cybercriminals to target US government employees for cyber-attacks, the unnamed officials claimed.

U.S. Is Drafting Potential Sanctions Over China Cyber Hacking

John Walcott August 31, 2015

  • The Obama administration is drafting an escalating series of actions, including economic sanctions and curbs on doing business in the U.S., to punish China and other nations that persist in hacking its corporate computer networks, according to two administration officials with knowledge of the planning. The measures have not yet been decided, the officials said, and the administration is moving cautiously as actions being considered include cyber retaliation, which could reveal information about U.S. government and private cyber security capabilities. It could also trigger further online or commercial warfare that would be difficult to contain.

White House: Obama to confront Chinese leader over cyber concerns

By Katie Bo Williams – 08/26/15

  • The White House says President Obama will confront Chinese President Xi Jinping about cyberattacks on the U.S. during the foreign leader’s state visit in September. An official told Reuters Wednesday there is “no doubt” Obama will address concerns about China’s hacking into American networks.

University of Virginia hack targeted employees with China ties

By Katie Bo Williams – 08/21/15

  • The Chinese hackers that infiltrated the University of Virginia’s networks this month were targeting two specific employees at the school, which has links to the Defense Department and other intelligence agencies. The university announced last week that hackers had infiltrated its servers, forcing a two-day shutdown of its system. Officials said that the hackers did not access any personal data, such as Social Security numbers or personal health information.

Chinese hackers may have turned sights on India, new report says

By Simon Denyer August 20

  • A sophisticated cyberespionage group, probably based in China, is taking advantage of India’s weak cyberdefenses to burrow into government bodies and academic institutions to steal sensitive diplomatic information, a leading U.S. network security company alleged Friday. The group has also attacked other South and Southeast Asian countries, as well as Tibetan activists outside China, over the past four years, cybersecurity company FireEye said. But the group seemed particularly interested in India and its border disputes with neighboring countries.

Russian, Chinese hackers use nearly identical tactics on US

By Cory Bennett – 08/13/15

  • Russian and Chinese cyber spies are using similar — and surprisingly simple — methods to hack their top U.S. targets. According to new research from security firm Invincea, Chinese hackers breached health insurer Anthem using the same tactics that Russian hackers used to infiltrate the White House. Both lured an employee into clicking on a link to a video or software update that then installed a hidden gateway into the computer system for digital intruders.

Kerry: ‘Very likely’ China, Russia read my emails

By Tal Kopan, CNN Updated 9:44 PM ET, Tue August 11, 2015

  • Washington (CNN)Secretary of State John Kerry said that Chinese and Russian hackers are probably reading his emails — and he writes messages assuming they are.
  • “Unfortunately, we’re living in a world where a number of countries, China and Russia included, have consistently been engaged in cyberattacks against American interests, against American government,” Kerry said, adding it’s an issue of “enormous concern.”

China Read Emails of Top U.S. Officials

by Robert Windrem Aug 10 2015

  • China’s cyber spies have accessed the private emails of “many” top Obama administration officials, according to a senior U.S. intelligence official and a top secret document obtained by NBC News, and have been doing so since at least April 2010. The email grab — first codenamed “Dancing Panda” by U.S. officials, and then “Legion Amethyst” — was detected in April 2010, according to a top secret NSA briefing from 2014. The intrusion into personal emails was still active at the time of the briefing and, according to the senior official, is still going on.

American Airlines, Sabre Said to Be Hit in China-Tied Hacks

Jordan Robertson Michael Riley August 7, 2015

  • A group of China-linked hackers that has mowed through the databanks of major American health insurers and stolen personnel records of U.S. military and intelligence agencies has struck at the heart of the nation’s air-travel system, say people familiar with investigations of the attacks.
  • The plundered information would add to a trove already believed to include personal and employment details from background checks on millions of government employees and contractors, as well as medical histories. A foreign government could use the data to build profiles of U.S. officials and contractors, establishing information that could be used to blackmail them into providing intelligence. A government could also track the travel of U.S. officials and workers to detect military or intelligence operations, or compare their movements with those of its own citizens.

Cyberattacks on India mostly from Pakistan, China: Government

PTI | Aug 7, 2015

  • NEW DELHI: Cybercriminals from countries like Pakistan, China, Bangladesh and the US are mostly involved in hacking and launching attacks on computer networks of Indian organizations, Parliament was informed today.

Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”

Emissary Panda group penetrated the networks of industrial espionage targets.

by Sean Gallagher – Aug 5, 2015

  • Today at the Black Hat information security conference, Dell SecureWorks researchers unveiled a report on a newly detected hacking group that has targeted companies around the world while stealing massive amounts of industrial data. The majority of the targets of the hacking group were in the automotive, electronic, aerospace, energy, and pharmaceutical industries. The group, believed to be based in China, has also targeted defense contractors, colleges and universities, law firms, and political organizations—including organizations related to Chinese minority ethnic groups.

Exclusive: Secret NSA Map Shows China Cyber Attacks on U.S. Targets

Jul 30 2015

  • The map uses red dots to mark more than 600 corporate, private or government “Victims of Chinese Cyber Espionage” that were attacked over a five-year period, with clusters in America’s industrial centers. The entire Northeast Corridor from Washington to Boston is blanketed in red, as is California’s Silicon Valley, with other concentrations in Dallas, Miami, Chicago, Seattle, L.A. and Detroit. The highest number of attacks was in California, which had almost 50.

China-Tied Hackers That Hit U.S. Said to Breach United Airlines

Michael Riley Jordan Robertson July 29, 2015

  • United, the world’s second-largest airline, detected an incursion into its computer systems in May or early June, said several people familiar with the probe. According to three of these people, investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists — including the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from health insurer Anthem Inc.
  • It’s increasingly clear, security experts say, that China’s intelligence apparatus is amassing a vast database. Files stolen from the federal personnel office by this one China-based group could allow the hackers to identify Americans who work in defense and intelligence, including those on the payrolls of contractors. U.S. officials believe the group has links to the Chinese government, people familiar with the matter have said.

Not all hackers are bad – a look into the world of Chinese ‘white hats’

As businesses try to fend off the rise in cyberattacks, internet security is becoming more lucrative. That may explain the rapid growth in the number of white hats in China’s internet landscape.

PUBLISHED : Tuesday, 28 July, 2015

  • In China, the non-profit National Computer Network Emergency Response Technical Team said the number of data leaks recorded had tripled since 2013 to 9,068 instances in 2014. As businesses try to fend off the rise in cyberattacks, it is becoming more lucrative to join the country’s burgeoning cybersecurity industry.

Chinese hackers use US servers in cyber attacks

By Bill GertzPublished July 17, 2015

  • Chinese-government linked hackers are using American computer services companies in conducting cyber attacks against private company networks, according to cyber security analysts. A detailed computer forensic investigation by a major U.S. security firm revealed that three recent cyber attacks were carried out by two Chinese hacker groups known as Deep Panda and Wekby. Both groups appear linked to each other and are part of a Chinese-government run cyber espionage campaign.
  • A report on the investigation by the security firm reveals the Chinese groups conducted the attacks using seven computer-hosting companies to target a U.S. air carrier, a European telecommunications company, and a European energy firm.

Hacking Team Exploits Used By Chinese Cyber Attackers

Posted By: Brendan ByrnePosted date: July 13, 2015

  • Italian cybersecurity firm Hacking Team recently suffered an attack in which serious security flaws were exposed. Now it is believed that hackers linked to China used those security exploits to attack companies in the aerospace and defense, energy, telecommunications and healthcare sectors, writes James Griffiths for The South China Morning Post.

Internet gang that made millions from deleting negative web posts are arrested for making TOO MUCH money

By Olivia Chan For Mailonline Published: 16:42 GMT, 9 July 2015

  • Chinese police recently captured members of a gang that made millions from deleting web posts in an extreme example of internet reputation management.
  • The operation of the group was extremely intricate with nearly 2,000 accomplices spread across 22 regions in China.

China adopts new security law to make networks, systems ‘controllable’

BEIJING | By Michael Martina Wed Jul 1, 2015

  • China’s legislature adopted a sweeping national security law on Wednesday that covers everything from territorial sovereignty to measures to tighten cyber security, a move likely to rile foreign businesses. A core component of the law, passed by the standing committee of the National People’s Congress (NPC), is to make all key network infrastructure and information systems “secure and controllable”. President Xi Jinping has said China’s security covers areas including politics, culture, the military, the economy, technology and the environment.

Out of the shadows, China hackers turn cyber gatekeepers

BEIJING | By Paul Carsten and Gerry Shih Mon Jun 29, 2015

  • Zhang Tianqi, a 23-year old Beijinger, cut his chops in high school trying to infiltrate foreign websites, skirting domestic law by probing for vulnerabilities on overseas gaming networks. Now, after a stint working at internet bluechip Alibaba Group Holding Ltd, he is the chief technology officer of a Shanghai-based cybersecurity firm which owns, a site offering rewards for vulnerability discoveries, and internet security media site
  • To try and tackle this, dozens of cybersecurity companies are now cropping up across China according to industry observers, populated by young techies with bona fide security skills and work experience at firms like Alibaba, Tencent Holdings Ltd and Baidu Inc.

Russia and China are hacking British companies and spying on their employees

Gordon Corera, The Telegraph Jun. 26, 2015

  • It is being described as the worst cyber hack of the US government in history – a huge personnel database of government employees pilfered by foreign spies. But yesterday it emerged that the vast trove of details stolen is likely to have included information people supplied to get security clearances – such as intimate details of their sex lives, drug use and finances.
  • The finger has been pointed at China (which has denied any role). But it is little wonder that cyber-spying was top of the agenda when President Obama sat down with Chinese officials in Washington this week. “We remain deeply concerned about Chinese government-sponsored cyber-enabled theft,” the US Treasury Secretary said of the wider problem. But it is not just America that has been hit.

Hunt for Deep Panda intensifies in trenches of U.S.-China cyberwar

SINGAPORE | By Jeremy Wagstaff Sun Jun 21, 2015

  • Security researchers have many names for the hacking group that is one of the suspects for the cyberattack on the U.S. government’s Office of Personnel Management: PinkPanther, KungFu Kittens, Group 72 and, most famously, Deep Panda. But to Jared Myers and colleagues at cybersecurity company RSA, it is called Shell Crew, and Myers’ team is one of the few who has watched it mid-assault — and eventually repulsed it.
  • “The Shell Crew is an extremely efficient and talented group,” Myers said in an interview.Shell Crew, or Deep Panda, are one of several hacking groups that Western cybersecurity companies have accused of hacking into U.S. and other countries’ networks and stealing government, defense and industrial documents.The attack on the OPM computers, revealed this month, compromised the data of 4 million current and former federal employees, raising U.S. suspicions that Chinese hackers were building huge databases that could be used to recruit spies.

Officials: Chinese had access to U.S. security clearance data for one year

By Ellen Nakashima June 18

  • The recently disclosed breach of the Office of Personnel Management’s security-clearance computer system took place a year ago, giving Chinese government intruders access to sensitive data for a year, according to new information.
  • “The longer you have to exfiltrate the data, the more you can take,” he said. “If you’ve got a year to map the network, to look at the file structures, to consult with experts and then go in and pack up stuff, you’re not going to miss the most valuable files.”

Britain pulls out spies as Russia, China crack Snowden files: report

Sun Jun 14, 2015

  • Britain has pulled out agents from live operations in “hostile countries” after Russia and China cracked top-secret information contained in files leaked by former U.S. National Security Agency contractor Edward Snowden, the Sunday Times reported. Security service MI6, which operates overseas and is tasked with defending British interests, has removed agents from certain countries, the newspaper said, citing unnamed officials at the office of British Prime Minister David Cameron, the Home Office (interior ministry) and security services.
  • Leaked Snowden documents led security services to cancel operations by British and American agents
  • ‘Utter lies’: Greenwald debunks Sunday Times spin on Snowden

Officials: Second hack exposed military and intel data

By KEN DILANIAN and TED BRIDIS Jun. 12, 2015

  • Hackers linked to China have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances, U.S. officials said Friday, describing a cyberbreach of federal records dramatically worse than first acknowledged. The forms authorities believed may have been stolen en masse, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant’s Social Security number and that of his or her cohabitant is required.
  • Hack-a-Gun: Pentagon official admits cyber-vulnerability

Chinese Hackers Circumvent Popular Web Privacy Tools

JUNE 12, 2015

  • Chinese hackers have found a way around widely used privacy technology to target the creators and readers of web content that state censors have deemed hostile, according to new research. The hackers were able to circumvent two of the most trusted privacy tools on the Internet: virtual private networks, or VPNs, and Tor, the anonymity software that masks a computer’s true whereabouts by routing its Internet connection through various points around the globe, according to findings by Jaime Blasco, a security researcher at AlienVault, a Silicon Valley security company.

OPM Hack Far Deeper Than Publicly Acknowledged, Went Undetected For More Than A Year, Sources Say

Jun 11, 2015

  • The massive hack into federal systems announced last week was far deeper and potentially more problematic than publicly acknowledged, with hackers believed to be from China moving through government databases undetected for more than a year, sources briefed on the matter told ABC News.
  • However, U.S. officials speaking on the condition of anonymity say unequivocally such information was put at serious risk by the OPM hack. Of utmost concern are U.S. employees stationed overseas, including in countries such as China, whose government would covet personal information on relatives and contacts of American officials living in the communist country, according to officials.

Hackers May Have Obtained Names of Chinese With Ties to U.S. Government

JUNE 10, 2015

  • WASHINGTON — Investigators say that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation.
  • “They are pumping this through their databases just as the N.S.A. pumps telephone data through their databases,” said James Lewis, a cyberexpert at the Center for Strategic and International Studies. “It gives the Chinese the ability to exploit who is listed as a foreign contact. And if you are a Chinese person who didn’t report your contacts or relationships with an American, you may have a problem.”

Chinese gov’t-funded hackers attack Vietnam’s cyberspace


  • As many as 200 malicious codes used by APT30 to attack important Vietnamese organizations.
  • In late May, 1,000 Vietnamese websites were hacked in by 1937cn, another group of Chinese hackers. The intentional attacks mostly targeted websites of schools, science & technology development firms, maritime firms, and quality measurement companies which store important data.

Congressman Says China Waging Long-Term Cyber Espionage

Chris Strohm June 8, 2015

  • The Chinese government is developing detailed profiles of U.S. workers and private citizens as part of a long-term strategic espionage campaign that might include blackmailing key government officials, said the chairman of the House Homeland Security Committee.
  • “It’s a huge intelligence collection operation,” McCaul said in a phone interview Monday. “The fact that they’re able to do this now and sweep it up shows that China is becoming more sophisticated.”

Spotlight: China backs cooperation in cyberspace, opposes hegemony: official | 2015-06-07

  • China is ready to cooperate with other countries to achieve a safe, cooperative, open and peaceful cyberspace, a Chinese official said here Saturday. Meanwhile, China respects sovereignty and opposes hegemony in cyberspace, said Li Tao, an official from the Cyberspace Administration of China (CAC), at the International Conference on New Scenarios of Political Communication in the Digital Realm being held in the Cuban capital.

Chinese Hackers Accused of Two More Huge Security Breaches

Kate Knibbs 6/05/15

  • Remember when hackers accessed files from US health insurance firms Anthem and Premera last year? According to the New York Times, it was the same Chinese hackers suspected of breaching the US Office of Personnel Management’s files. These data breaches yielded an enormous amount of personal information. For the OPM, at least 4 million former and current former federal employees may have been affected. With Anthem and Premera, 78 million and 11 million. So far, the hackers aren’t doing normal hacker stuff like selling the giant swaths of information they stole for personal gain, reports the Times: There is no evidence that the data collected was used for criminal purposes like faking identities to make credit card purchases. Instead, the attackers seem to be amassing huge databases of personal information about Americans.

US official on China hacking government database: ‘This is deep’

Reuters Jun. 5, 2015

  • Data stolen from US government computers by suspected Chinese hackers included security clearance information and background checks dating back three decades, US officials said on Friday, underlining the scope of one of the largest known cyber attacks on federal networks.
  • “This is deep. The data goes back to 1985,” said one official, who spoke on condition of anonymity. “This means that they potentially have information about retirees, and they could know what they did after leaving government.”

China calls U.S. hacking accusations unverified, irresponsible, unscientific

The Associated Press Published Friday, June 5, 2015

  • China said Friday that any allegations that it was involved in breaking into U.S. government computers are irresponsible. Chinese Foreign Ministry spokesman Hong Lei said at a regular news briefing that Beijing hopes the U.S. would be “less suspicious and stop making any unverified allegations, but show more trust and participate more in co-operation.”

How China’s ‘Great Cannon’ works — and why we should be worried

June 5, 2015

  • The device we dubbed the “Great Cannon” is different; it acts as a “man-in-the-middle,” able to not just shout down a conversation but actually able to change content as it passes through the Internet.

Chinese breach data of 4 million federal workers

By Ellen Nakashima June 4

  • Hackers working for the Chinese state breached the computer system of the Office of Personnel Management in December, U.S. officials said Thursday, and the agency will notify about 4 million current and former federal employees that their personal data may have been compromised. The hack was the largest breach of federal employee data in recent years. It was the second major intrusion of the same agency by China in less than a year and the second significant foreign breach into U.S. government networks in recent months.Last year, Russia compromised White House and State Department e-mail systems in a campaign of cyber*espionage.
  • Massive cyberattack on federal government
  • U.S. official: China behind massive cyberattack

Internet the key front in China’s battle with Western hostile forces: military paper

Wed May 20, 2015

  • The Internet is the most important front in China’s ideological battle against “Western anti-China forces”, the country’s military newspaper said on Wednesday, adding that online controls were essential to the government’s survival.
  • China must defend its “sovereignty” in cyberspace with ideological purity, or “the public will be led astray by the enemy,” the People’s Liberation Army Daily said in a commentary reposted on the website of Seeking Truth, a leading Communist Party journal.

Chinese Hackers Force Penn State to Unplug Engineering Computers

by Michael Riley May 15, 2015

  • Penn State University, which develops sensitive technology for the U.S. Navy, disclosed Friday that Chinese hackers have been sifting through the computers of its engineering school for more than two years. One of the country’s largest and most productive research universities, Penn State offers a potential treasure trove of technology that’s already being developed with partners for commercial applications. The breach suggests that foreign spies could be using universities as a backdoor to U.S. commercial and defense secrets.
  • “This was an advanced attack against our College of Engineering by very sophisticated threat actors,” said Penn State President Eric Barron in a letter to professors and students. “This is an incredibly serious situation, and we are devoting all necessary resources to help the college recover as quickly as possible.”

China, US Have Weapons for Cyberassault

Doug Bernard May 11, 2015

  • Perhaps nowhere is this evolution more clearly seen than in China’s recently disclosed “Great Cannon” and its similarities to a tool reportedly possessed by the United States known as “QUANTUM.”
  • In March, the operators of GitHub – a popular site among software developers – noticed something unusual. Two open-source project sites on GitHub, both aimed at circumventing Chinese censorship of the Web, were under a heavy and sustained DDoS attack.
  • In April, researchers at the University of Toronto’s “Citizen Lab” confirmed that it was indeed something new – and something powerful. Dubbed “The Great Cannon,” it’s a tool that Chinese officials could use for censorship, espionage, or worse.

US concerned China behind cyberattack on US sites

Associated Press MATTHEW PENNINGTON May 8, 2015

  • State Department spokesman Jeff Rathke’s comments follow complaints from anti-online censorship group that Chinese authorities carried out denial-of-service attacks in late March that intermittently shut down San Francisco-based Github, a U.S.-based computer-code sharing site that hosts some of Greatfire’s data. said it was a direct target of similar attacks earlier that month.–politics.html

How Chinese hackers snooped on Indian defence agencies for over 10 years

By ET Bureau | 7 May, 2015

  • A California-based firm has uncovered a large scale cyber espionage network that is says is linked to the Chinese government. The network has been active for 10 years in the region and targets India in particular by infecting computer systems of key, selected individuals and organisations. Terming it the APT30, US firm FireEye says that the infection is specially targeted at Indian military, aerospace and maritime sector. What is interesting is that researches have uncovered the modus operandi of the spying network that uses decoy documents that users would download or read in their emails or online. The decoy documents contain a bug that can transmit data and information from the infection computer system back to servers in China. The bug can even hide in documents and infect secure computers not connected to a network.

FBI Links Chinese Government to Cyber Attacks on U.S. Companies

Beijing attacked two U.S. web pages used to beat censors

BY: Bill Gertz May 1, 2015

  • Computer hackers linked to the Chinese government used two Chinese telecom companies and the Baidu search engine to mount mass data disruption attacks on American websites involved in circumventing Beijing’s censors. According to a confidential FBI Flash alert sent to U.S. companies on Thursday, investigators determined with high confidence that since the middle of March Internet traffic entering China was used in a data-denial attack against two websites involved in defeating Chinese-based web censorship. The traffic was “manipulated to create cyber attacks directed at U.S.-based websites,” the notice said.

Hackers in China tired of getting no love, try to rebrand

Staff Reporter 2015-04-30

  • Chinese online security firm Qihoo 360 is a major employer of white-hat hackers, whose job is to detect weaknesses in software and computer systems. One of the hacker teams employed by Qihoo 360 is led by a person only identified as “MJ0011” who has won the world’s largest computing contest Pwn2Own.

New Zealand PM happy to talk to China about spy claims

  • New Zealand intelligence and the US National Security Agency (NSA) collaborated on a plan to hack a data link between China’s consulate in Auckland and a nearby visa office run by the Chinese, The Herald on Sunday reported.

POSTED: 20 Apr 2015

  • Key refused to comment on the newspaper report, saying only that the documents it was based upon had been stolen. “I’m not going to talk about any foreign intelligence that we gather from any country or any particular reason, all I can tell you is that we gather information when it’s in the best interests of New Zealand,” he told TV3.
  • “What I can tell you is we’ve got an immensely strong relationship with China, it’s very open and we talk to them about all sorts of things. “If they want to raise any issue with us they’re welcome to, but I’d be surprised if they do.”

China ‘seriously concerned’ at New Zealand hack attempt report

Mon Apr 20, 2015

  • “We are extremely concerned about this report. We strongly urge the relevant countries to immediately stop using the Internet to damage the interests of China and other countries,” Chinese Foreign Ministry spokesman Hong Lei told a daily news briefing.

New Zealand Plotted Hack on China With NSA

By Ryan Gallagher and Nicky Hager 2015/04/18

  • New Zealand spies teamed with National Security Agency hackers to break into a data link in the country’s largest city, Auckland, as part of a secret plan to eavesdrop on Chinese diplomats, documents reveal. The covert operation, reported Saturday by New Zealand’s Herald on Sunday in collaboration with The Intercept, highlights the contrast between New Zealand’s public and secret approaches to its relationship with China, its largest and most important trading partner.

China’s Growing Cyberwar Capabilities

A recent attack on GitHub highlights China’s growing expertise – and aggression – in cyberspace.

By Marcel A. Green April 13, 2015

  • In addition to its official cyberwarfare units, China is believed to also have “reached out” to people with the necessary cyber skills in the IT sector and academic community to help fill any gaps in state expertise and personnel when needed. As the GitHub attacks illustrate, there is also ample evidence that China uses hackers and other cybercriminals to accomplish operations that it is officially unwilling or unable to commit. To be sure, cybercrime is often intimately tied to state-sponsored threats to cybersecurity. The use of affiliated hackers is based on the idea that cybercriminals can be used to escape the attribution that may otherwise provide the necessary legal, military or diplomatic links that other countries can use to prove China’s official participation in cyberattacks. Consequently, in October 2014, the FBI issued a warning that a Chinese hacking collective known as Axiom has been engaged in a well-resourced, sophisticated campaign to steal valuable data from U.S. government agencies. According to the warning, Axiom, and other state-sponsored Chinese hacking groups like them, are “exceedingly stealthy and agile by comparison” to Unit 61398. Later in 2014, the U.S. Department of Justice indicted five Chinese citizens, affiliated with Unit 61398 on charges of theft of business information and unauthorized access to the computers of a number of U.S. companies.

Chinese hackers targeted SE Asia, India for last decade: report

Apr 13, 2015

  • A cyber espionage group most likely sponsored by China has been snooping on governments and businesses in Southeast Asia and India undetected for the last ten years, Internet security company FireEye said Monday.
  • FireEye said the hackers, dubbed APT30, have been systematically stealing “sensitive information” since 2005, targeting governments, corporations and journalists with interest in China.

China Accused Of Decade Of Cyber Attacks On Governments And Corporates In Asia

Posted Apr 12, 2015

  • The Chinese government is accused of being behind a newly discovered set of cyber attacks waged against government agencies, corporate companies and journalists across India and Southeast Asia over the past ten years. Security firm FireEye released a report today revealing a spate of corporate espionage and cyber spying offenses against targets located in India, Malaysia, Vietnam, Thailand, Nepal, Singapore, Philippines, Indonesia and beyond. The group said attacks began in 2005.

China’s ‘Great Cannon’ Cyberweapon Can Target Websites And Computers Anywhere Worldwide

By Fergal Gallagher, Tech Times | April 10, 2:33 PM

  • The new cyberweapon allows China to take international websites offline and install malicious software on computers around the world.
  • Any computer visiting a Chinese website that does not fully utilize HTTPS encryption technology could be infected with malicious software. This could mean it could act as a “man in the middle,” intercept unencrypted email to or from a target and “undetectably replace” legitimate attachments with malicious payloads, “sabotaging email sent from China to outside destinations,” the report said.
  • The report compares the Great Cannon with the NSA’s Quantum system, which is also capable of implanting malware on machines around the world. China has become more brazen with its Internet attacks since Edward Snowden leaked the hacking abilities of the NSA in 2013. “This precedent will make it difficult for Western governments to credibly complain about others utilizing similar techniques,” wrote the researchers.

U.S. Coding Website GitHub Hit With Cyberattack

Security experts say attack is likely an attempt by China to shut down anticensorship tools

By Eva Dou March 29, 2015

  • BEIJING—A popular U.S. coding website is enduring an onslaught of Internet traffic meant for China’s most popular search engine, and security experts say the episode likely represents an attempt by China to shut down anticensorship tools. The attack on San Francisco-based GitHub Inc., a service used by programmers and major tech firms world-wide to develop software, appears to underscore how China’s Internet censors increasingly reach outside the country to clamp down on content they find objectionable.

Washington Has Proof of Russian, Chinese Cyber Attacks on US – FBI Director


  • WASHINGTON (Sputnik) — The United States has accused Russian hackers of multiple cyber-attacks, including on the US government. In February 2015, US Director of National Intelligence James Clapper said Russia, China, Iran and North Korea are the leading cyber-threats to the United States. “Russia is a significant player in cyber intrusions as is China…two huge operators in that world.”

Chinese government cyber division accused of hacking Google

by Catherine Neilan 25 March 2015

  • A wing of the Chinese government has been accused of being behind a recent attack on Google, as well as previous hacks on Microsoft, Apple and Yahoo. Anti-censorship organisation today highlighted a recent admission by Google that it had been the subject of a “man in the middle” (MITM) attack which it traced back to the China Internet Network Information Center (CNNIC).

Ex-NSA director: China has hacked ‘every major corporation’ in U.S.

By Jose Pagliery 2015/03/13

  • Mike McConnell, who served as director of national intelligence under President George W. Bush, made the comments during a speech at the University of Missouri on Thursday. “The Chinese have penetrated every major corporation of any consequence in the United States and taken information,” he said. “We’ve never, ever not found Chinese malware.”

China Reveals Its Cyberwar Secrets


  • A high-level Chinese military organization has for the first time formally acknowledged that the country’s military and its intelligence community have specialized units for waging war on computer networks.
  • China has divided its cyber warfare forces into three types, said McReynolds, whose analysis is included in his forthcoming book, China’s Evolving Military Strategy, which will be published in October. First, there are what the Chinese call “specialized military network warfare forces” consisting of operational military units “employed for carrying out network attack and defense,” McReynolds said. Second, China has teams of specialists in civilian organizations that “have been authorized by the military to carry out network warfare operations.” Those civilian organizations include the Ministry of State Security, or MSS, which is essentially China’s version of CIA, and the Ministry of Public Security (its FBI). Finally, there are “external entities” outside the government “that can be organized and mobilized for network warfare operations,” McReynolds said.
  • And a Chinese hacking unit dubbed Axiom that has been linked to intrusions against Fortune 500 companies, journalists, and pro-democracy groups is reportedly an MSS actor. He noted that there are also many ways that Chinese civilians have been seen assisting in industrial espionage, including through “hack-for-cash” operations.
  • Experts generally agree that Russia, China, and the United States have the most advanced and sophisticated cyber warfare forces. But Iran has been quickly gaining new capabilities and demonstrated a willingness to use them, as with a massive attack on U.S. bank websites in 2012. North Korea has also ramped up its cyber operations, most notably with the hacking of Sony Pictures Entertainment last year, which prompted the Obama administration to impose new economic sanctions on the hermit kingdom.

Gone in 60 seconds: Chinese hackers shut down Adobe Flash, Internet Explorer … but only for top hackathon

PUBLISHED : Friday, 20 March, 2015, 10:57am James Griffiths

  • Members of two Chinese hacking teams have scooped the top prizes at a major annual hacking competition held in Vancouver, Canada, this week. Hackers at Pwn2Own, launched in 2007 and sponsored by Google and HP, were successful in breaching the security of widely-used software including Adobe Flash, Mozilla’s Firefox browser, Adobe PDF Reader and Microsoft’s recently-discontinued Internet Explorer.
  • The Shanghai-based Keen Team won US$60,000 for a 30-second hack of Flash, and a further US$25,000 for managing to exploit a bug in Windows’ font handling to bypass its defensive measures and give themselves administrator privileges.

Chinese government cyber division accused of hacking Google

by Catherine Neilan 25 March 2015 2:40pm

  • A wing of the Chinese government has been accused of being behind a recent attack on Google, as well as previous hacks on Microsoft, Apple and Yahoo.
  • Anti-censorship organisation today highlighted a recent admission by Google that it had been the subject of a “man in the middle” (MITM) attack which it traced back to the China Internet Network Information Center (CNNIC).

Washington Has Proof of Russian, Chinese Cyber Attacks on US – FBI Director

© AFP 2015/ BRENDAN SMIALOWSKI 02:23 26.03.2015

  • WASHINGTON (Sputnik) — The United States has accused Russian hackers of multiple cyber-attacks, including on the US government. In February 2015, US Director of National Intelligence James Clapper said Russia, China, Iran and North Korea are the leading cyber-threats to the United States. “Russia is a significant player in cyber intrusions as is China…two huge operators in that world.”
  • When asked by a presiding House Appropriations member whether the FBI had proof that the Russian and Chinese governments were responsible for cyberattacks against the United States, Comey replied “yes.”

China’s ‘Code War’ attacks on US internet titans

Al JazeeraBy Kevin Holden | Al Jazeera – Sat, Feb 14, 2015

  • Teams of hackers staged “man-in-the-middle” attacks on Chinese iPhone users, deploying servers disguised as Apple’s iCloud system to intercept passwords and messages, said GreatFire co-founder Percy Alpha.
  • Apple leader Tim Cook was so alarmed by the attack that he jetted into Beijing to ask the Chinese leadership to help halt the hacking operation, said Alpha.
  • Erik Hjelmvik, a researcher at the Swedish internet security firm Netresec, said an intricate analysis of the iCloud attack conducted by Netresec revealed,”The attacks are being performed on backbone networks belonging to China Telecom as well as China Unicom.” The leaders of both of these Chinese government-run telecom giants “were most likely either directly involved with assisting the attack or at least aware of the attack since critical changes would have to be made to their network routing infrastructure”, he said.
  • While secret cables sent from the US Embassy in Beijing, published by WikiLeaks, revealed the initial round of Chinese attacks on Google was orchestrated by the CCP’s ruling Politburo, Smith said the latest hacker invasions of Google, Apple, Microsoft and Yahoo are being masterminded by Lu, with the Politburo’s approval.
  • These digital strikes, GreatFire’s co-founders said, are aimed at establishing Beijing’s absolute authority, or “Cyber Sovereignty,” over all Internet operations within Chinese borders.
  • Apple, like other Western internet titans that aim to ride China’s rise as an economic superpower, is likely under tremendous pressure to tolerate these “organized network attacks” as part of the price of remaining in the Chinese market, he added.

Online Bank Robbers Steal Up to $1 Billion: Kaspersky

by Ilya KhrennikovCornelius Rahn /2015-02-15

  • The gang targeted as many as 100 banks, e-payment systems and other financial institutions in 30 countries including the U.S, China and European nations, stealing as much as $10 million in each raid, Kaspersky Lab, Russia’s largest maker of antivirus software, said in a report. The Carbanak gang members came from Russia, China, Ukraine and other parts of Europe, and they are still active, it said.

NSA Chief: China, Russia Capable of Carrying Out ‘Cyber Pearl Harbor’ Attack

By Yasmin Tadjdeh

  • Nations such as China and Russia have enough offensive cyber capabilities to one day carry out a “cyber Pearl Harbor” attack, said the head of the National Security Agency and U.S. Cyber Command.
  • “We’ve talked about our concerns with China and what they’re doing in cyber. Clearly the Russians and others have [those types of] capabilities,” said Navy Adm. Mike Rogers on Feb. 23. “We’re mindful of that.”

China drops leading tech brands for certain state purchases

BEIJING | By Paul Carsten Fri Feb 27, 2015 1:33am EST

  • (Reuters) – China has dropped some of the world’s leading technology brands from its approved state purchase lists, while approving thousands more locally made products, in what some say is a response to revelations of widespread Western cybersurveillance.
  • Chief casualty was U.S. network equipment maker Cisco Systems Inc, which in 2012 counted 60 products on the Central Government Procurement Center’s (CGPC) list, but had none left by late 2014, a Reuters analysis of official data shows.

Security firm: ‘All roads lead to China’ in Anthem breach

By Cory Bennett – 02/27/15 09:34 AM EST

  • Security firm ThreatConnect on Friday released a detailed report tying Chinese state hackers to the massive data breach at Anthem. The malicious software used to breach the health insurer mirrors the malware used in a previous Chinese attempted hack on a small U.S. defense contractor, the company found. The researchers were also able to tie the incident back to entities with ties to the Chinese military and intelligence agency.
  • The firm tied the Anthem breach to Chinese efforts last year to target Virginia-based defense contractor, VAE. Those attempts were launched from a computer server used by a Chinese university and Chinese security company.

Microsoft Outlook Hacked In China, New Report Finds

Posted Jan 19, 2015 by Sarah Perez

  • Only a few weeks after Google’s Gmail service was blocked in China, a new report from online censorship monitoring organization released this morning states that Microsoft’s email system Outlook was recently subjected to a “man-in-the-middle” attack in China. This is a form of eavesdropping where the attacker inserts himself in between the victims’ connections, relaying messages between them while the victims’ continue believe they have a secure, private connection. Meanwhile, the attacker is able to read all the content they’re sharing.
  • During this attack, users would only see the pop-up warning when their email client tried to automatically retrieve new messages. In most cases, they would simply hit “continue” to dismiss the message, likely thinking that a network problem was to blame. But by doing so, their emails, contacts and passwords were able to be logged by the hacker.

Chinese State-Sponsored Hackers Suspected in Anthem Attack

by Michael A RileyJordan Robertson 2015-02-05

  • Technical details of the attack include “fingerprints” of a nation-state, according to two people familiar with the investigation, who said China is the early suspect. China has said in the past that it doesn’t conduct espionage through hacking.
  • In the past year, Chinese-sponsored hackers have taken prescription drug and health records and other information that could be used to create profiles of possible spy targets, according to Adam Meyers, vice president of intelligence at Crowdstrike, an Irvine, Califorinia-based cybersecurity firm. He declined to name any of the companies affected. “This goes well beyond trying to access health-care records,” Meyers said. “If you have a rich database of proclivities, health concerns and other personal information, it looks, from a Chinese intelligence perspective, as a way to augment human collection.”
  • A different major U.S. health insurer was breached recently by Chinese hackers, according to a person involved in that investigation, who asked not to be identified because the matter is confidential. In that case, investigators concluded that the goal of the hack was to obtain information on the employees of a defense contractor that makes advanced avionics and other weaponry, said the person, who declined to identify the insurer.
  • Meyers said the breach fits the pattern of a hacking unit that Crowdstrike calls Deep Panda, which over the last several months has targeted both defense contractors and the health care industry. China appears to be putting together huge databases of individuals who might be intelligence targets, he said.
  • Like many other Chinese hacking campaigns, the attacks appear to serve multiple purposes — one commercial and the other related to national security — said one of the U.S. officials. The attacks, this official and a former intelligence officer said, can test a firm’s ability to protect intellectual property and financial information, while simultaneously stealing prescription records, medical treatment histories and other personal information that could be used to blackmail individuals to reveal national security and trade secrets. The attacks apply new technology to some of the oldest espionage trade craft in the world, the former official added.

Chinese hackers attack blue-chip groups via Forbes website

Sam Jones in London and Hannah Kuchler in San Francisco February 10, 2015 6:53 pm

  • Visitors to Forbes during the period it was compromised who have not subsequently cleaned or scanned their systems are still likely to be infected, however, and might be being spied on by the Chinese group.
  • Codoso, the Chinese hacking group, was able to exploit the pop-up because of a loophole they had discovered in Adobe’s software. A second loophole then enabled them to bypass security on Microsoft operating systems that would ordinarily have blocked the attack.
  • Codoso is one of the more prominent and well-resourced hacking groups in China and has been followed by western security analysts and cyber security agencies for years. In 2010 the group performed a similar attack on the Nobel Prize website after the honour was awarded to a leading Chinese dissident Liu Xiaobo.
  • After using a vulnerability in a website — often called a watering hole because it lures the victims — cyber criminals will select which companies that visit the site they want to target and use other vulnerabilities to access their networks, said Chris Eng, vice-president of research at cyber security company Veracode. “Once they have control, they will target certain people, see who they are connected to, what information is on their system, what might they siphon off as interesting data,” he said. The Chinese have long been interested in hacking to steal intellectual property from western companies and defence contractors, and banks have often been prime targets, he said.

S Korea seeks Chinese help over nuclear cyber-attack

24 December 2014 Last updated at 06:35 ET

  • South Korea is seeking the help of China over a cyber-attack on its nuclear power network after the IP address of a suspected hacker was traced to a north-eastern Chinese city.
  • Seoul says multiple internet addresses used in the attacks stem from Shenyang city near the North Korean border.

Snowden leak: Slow cyber defenses letting Russia, China hack US

By Julian Hattem – 01/15/15 05:16 PM EST

  • This week, British Prime Minister David Cameron is headed to Washington after lambasting private companies’ use of encryption. Cameron is reportedly planning on pressing President Obama to join his call to prevent Apple, Google and other tech companies from encrypting messages to lock out government officials and other prying eyes.
  • But according to the newly released document, the absence of those technologies has made it easier for countries like China and Russia as well as ill-intentioned hackers to break into people’s networks and do billions of dollars worth of damage.

50 terabytes! Snowden leak reveals massive size of F-35 blueprints hack by China

Published time: January 19, 2015 07:56

  • The data – reportedly used by China to build their own advanced fighter jets – includes detailed engine schematics and radar design.
  • F-35 blueprints are just a fraction of what Chinese hackers have allegedly stolen from the Pentagon’s data vaults over the years. The reported haul includes some two dozen advanced weapon systems, including the AEGIS Ballistic Missile Defense System, Littoral Combat Ship designs and emerging railgun technology, a classified report revealed in 2013.

China calls Snowden’s stealth jet hack accusations “groundless”

BEIJING Mon Jan 19, 2015 5:00am EST

  • Jan 19 (Reuters) – China dismissed accusations it stole F-35 stealth fighter plans as groundless on Monday, after documents leaked by former U.S. intelligence contractor Edward Snowden on a cyber attack were published by a German magazine.
  • The Pentagon has previously acknowledged that hackers had targeted sensitive data for defence programmes such as the F-35 Joint Strike Fighter, but stopped short of publicly blaming China for the F-35 breach.

NSA Chief Warns Chinese Cyberattacks Could Shut U.S. Infrastructure

Nov 21

  • China and “probably one or two” other countries have the ability to invade and possibly shut down computer systems of U.S. power utilities, aviation networks and financial companies, Admiral Mike Rogers, the director of the U.S. National Security Agency, said on Thursday. Testifying to the House of Representatives Intelligence Committee on cyber threats, Rogers said digital attackers have been able to penetrate such systems and perform “reconnaissance” missions to determine how the networks are put together. “What concerns us is that access, that capability, can be used by nation-states, groups or individuals to take down that capability,” he said. Rogers said China was one of the countries with that capability, but that there were others. “There’s probably one or two others,” he said, declining to elaborate in a public setting. Chinese Foreign Ministry spokesman Hong Lei said the Chinese government “forbids” cyber hacking and that it is often a victim of such attacks that originate from the United States. “The Chinese government resolutely cracks down on these activities. This reality is irrefutable,” Hong told reporters at a regular press briefing on Friday.

Russian hackers identified as most skilled by UK counterparts

  • 34% of UK pros believe the most skilled hackers are Russian, with China following in second place.
  • UK cyber security professionals have identified Russia and China as the countries that produce the most skilled hackers, according to a survey carried out by information security consultancy, MWR InfoSecurity. Thirty four per cent believed that the hackers with the highest skills come from Russia, with China in second at 18%. Almost a third of respondents surveyed at a recent IT conference linked the success of their overseas counterparts to a combination of more investment, better education and political motivations.
  • “The findings clearly show the perception that hackers in countries like Russia and China are better funded and educated,” continued Ruks. “Regardless of whether this perception is true or not, the UK should take this as an indicator that cyber really needs to start making its way up the socio and political agendas. Training security consultants so they are armed with the specialist knowledge to protect against today’s threats is vitally important. If we are to keep pace we must understand the nature of attacks in order to best defend against them.”

Chinese Criminals Blamed for Record Japan Bank Cybertheft

by Monami YuiShingo Kawamoto 2014-12-17

  • Losses stemming from online theft go well beyond the $16 million stolen from Japanese bank accounts. The price of cybercrime targeting consumers in Japan was estimated at $1 billion last year by Symantec Corp. in its Norton Report. The U.S. topped the list with $38 billion in costs, followed by China at $37 billion, the data security company’s report showed.
  • Fraud using the Internet, phones and text messages is surging within China, where more than 300,000 cases involving at least 10 billion yuan ($1.6 billion) were reported to police in 2013, China’s Economic Information Daily reported in October. The number of cases has increased about 70 percent each year since 2011, the newspaper said.
  • In Japan, many of the people arrested are the foot-soldiers who withdraw cash for their bosses “They’re usually exchange students and trainees from China” who accept employment without noticing that they’re becoming part of organized crime, said Eguchi. “They think it’s just a part-time job.”
  • “We’re often seeing Chinese names in online-banking thefts and illegal transactions,” Shibata said. “The money they steal in Japan will end up giving them multiple returns in China.” Police haven’t been able to find the China-based masterminds behind the crimes because investigation becomes difficult once the money trail leaves Japan, he said.
  • The 1.85 billion yen in banking cyberthefts reported in the six months through June compares with 48 million yen in 2012 and 308 million yen in 2011, when the National Police Agency began collecting the data. The cash was stolen from accounts at 73 Japanese lenders in the first half, and 1,280 individuals and 572 companies were victims, the figures show.
  • “It’s a game of cat and mouse,” Japanese Bankers Association Chairman Nobuyuki Hirano, who is also president of Mitsubishi UFJ, said at an October news briefing. “They always come up with tricks that seem to be one step ahead of our defenses.”
  • Japan and China should better cooperate in tracking down ringleaders, given that both nations are members of the International Criminal Police Organization, or Interpol, Eguchi said. The police agency held talks with its Chinese counterpart for the first time in four years in October, and Japan sought cooperation on crimes including cybertheft, he said.

Researchers identify sophisticated Chinese cyberespionage group

By Ellen Nakashima October 28, 2014

  • News of the state-sponsored hacker group dubbed Axiom comes a week before Secretary of State John F. Kerry and two weeks before President Obama are due to arrive in Beijing for a series of high-level talks, including on the issue of cybersecurity.
  • “Axiom’s activities appear to be supported by a nation state to steal trade secrets and to target dissidents, pro-democracy organizations and governments,” said Peter LaMontagne, chief executive of Novetta Solutions, a Northern Virginia cybersecurity firm that heads the coalition. “These are the most sophisticated cyberespionage tactics we’ve seen out of China.”

China May Have Hacked The US Postal Service

Jacob Kleinman, TechnoBuffalo Nov. 10, 2014, 9:41 PM

  • Chinese government hackers may have broken into the United States Postal Service computer network earlier this year, potentially accessing the information of more than 800,000 government employees and some customers. The hack was initially spotted in September, but wasn’t revealed to the public until today when The Washington Post broke the story.

Chinese hack U.S. weather systems, satellite network

By Mary Pat Flaherty, Jason Samenow and Lisa Rein November 12, 2014

  • Hackers from China breached the federal weather network recently, forcing cybersecurity teams to seal off data vital to disaster planning, aviation, shipping and scores of other crucial uses, officials said.
  • NOAA officials declined to discuss the suspected source of the attack, whether it affected classified data and the delay in notification. NOAA said publicly last month that it was doing “unscheduled maintenance” on its network, without saying a computer hack had made that necessary.

Chinese hackers ‘breach Australian media organisations’ ahead of G20

By Dylan Welch Updated 13 Nov 2014, 5:04am

  • A Chinese hacking group believed to be affiliated with the Chinese government has penetrated Australian media organisations ahead of this weekend’s G20 meeting, a global cyber security expert says.
  • CrowdStrike has named the group “Deep Panda”.
  • “Out of all the groups that we track from China… Vixen Panda is the one with the most focus on Australia,” he said.

China-Backed Hackers May Have Infiltrated Apple’s iCloud

  • The hackers potentially gained access to passwords, iMessages, photos and contacts, said. By Reuters October 21, 2014
  • Apple Inc’s iCloud storage and backup service in China was attacked by hackers trying to steal user credentials, a Chinese web monitoring group said, adding that it believes the country’s government is behind the campaign.
  • Using what is called a “man-in-the-middle” (MITM) attack, the hackers interposed their own website between users and Apple’s iCloud server, intercepting data and potentially gaining access to passwords, iMessages, photos and contacts, wrote in its blog post.

Software firms join forces to declare war on Chinese hackers group

Gavin McLoughlin Published 22/10/2014

  • The group, known as Hidden Lynx, have targeted hundreds of organisations worldwide, according to Symantec. “They use targeted attacks to infiltrate some of the most hard-to-get-into companies in the world,” said Stephen Doherty from Symantec’s response team in Dublin.
  • “The tools that they use are purpose built to navigate around a network, discover what’s on the computer, and then if they’re interested in the data they can then exflitrate that from the compromised network,” he added. Firms involved in the operation include Microsoft, Cisco, Novetta and Symantec.

Russia, China prepare to sign unique cybersecurity treaty – report

Published time: October 21, 2014 12:44

  • An unprecedented treaty on cybersecurity cooperation could be signed during Vladimir Putin’s state visit to China in November, a Russian business daily reports.
  • The draft treaty states the two countries oppose the use of information technology to meddle in the internal affairs of independent states, to undermine national sovereignty as well as political, economic and social stability and public order, Kommersant reported.

Chinese hackers show off skills at GeekPwn security contest

Staff Reporter 2014-10-26

  • Held in Beijing on Oct. 24 and 25, GeekPwn is a platform for tech geeks with “extraordinary ideas” to demonstrate how they “pwn” — that is, to conquer or to gain ownership over — smart devices such as smartphones, smartglasses, smart bracelets and smart vehicles.
  • Wang, formerly the first principal security researcher of Microsoft Asia Pacific and founder of the China Microsoft Security Response Center, showed attendees how to hack into a smartphone in under two minutes. He said his team has found similar security vulnerabilities in as many as 70 mainstream handsets, including Google’s Nexus 5 and Samsung’s Galaxy S5.

‘Unjustified fabrication of facts’: China slams US over FBI’s hacking claims

Published time: October 09, 2014 13:19

  • Beijing has lashed out at an allegation by FBI Director that Chinese hackers were guilty of causing billions of dollars of damage to the US economy. China accused the US of using such statements “to divert attention” from its own massive cyber-spying.
  • “We express strong dissatisfaction with the United States’ unjustified fabrication of facts in an attempt to smear China’s name and demand that the US side cease this type of action,” Hong said, Reuters reported.

Core Secrets: NSA Saboteurs in China and Germany

By Peter Maass and Laura Poitras 10/10/2014

  • The NSA is generally thought of as a spying agency that conducts its espionage from afar—via remote commands, cable taps, and malware implants that are overseen by analysts working at computer terminals. But the agency also participates in a variety of “human intelligence” programs that are grouped under the codename Sentry Osprey. According to the briefing document’s description of Sentry Osprey, the NSA “employs its own HUMINT assets (Target Exploitation—TAREX) to support SIGINT operations.”
  • The TAREX guide lists South Korea, Germany, and Beijing, China as sites where the NSA has deployed a “forward-based TAREX presence;” TAREX personnel also operate at domestic NSA centers in Hawaii, Texas, and Georgia. It also states that TAREX personnel are assigned to U.S. embassies and other “overseas locations,” but does not specify where. The document does not say what the “forward-based” personnel are doing, or how extensive TAREX operations are. But China, South Korea, and Germany are all home to large telecommunications equipment manufacturers, and China is known to be a key target of U.S. intelligence activities.

China takes cyber war to Australia

Tim Ring October 14, 2014

  • After stealing the confidential data of American and European companies, China’s cyber spies are now training their sights on their country’s latest key trading partner – Australia.
  • In a 13 October blog post, FireEye documents a series of recent targeted APT attacks by Chinese hackers on Australian mining and natural resources firms, and their advisory law firms – who hold confidential mergers and acquisitions information and sensitive intellectual property. It reports at least one case of data theft from an Australian firm.

FBI warns of cyberattacks linked to China

Jeremy Kirk Oct 15, 2014 8:35 PM

  • The U.S. Federal Bureau of Investigation issued a warning to companies and organizations on Wednesday of cyberattacks by people linked with the Chinese government.
  • “The FBI has recently observed online intrusions that we attribute to Chinese government affiliated actors,” according to the FBI statement. “Private sector security firms have also identified similar intrusions and have released defensive information related to those intrusions.”

China military hackers attack gov’t websites daily, says Taiwan minister

The China Post/Asia News NetworkSunday, Sep 28, 2014

  • THAILAND – The Chinese military has an “army” of hackers attacking Taiwan’s government websites daily, with the Mainland Affairs Council (MAC) and the Ministry of Economic Affairs (MOEA) being targeted most, a Cabinet minister has revealed.
  • Minister of Science and Technology Chang San-cheng said Chinese military hackers conduct massive attacks on Taiwan’s government websites every day, but he did not give any specific numbers concerning the hacking.

I’m a good boy, claims China’s youngest hacker

Staff Reporter 2014-10-05

  • A 13-year-old has gained media attention during this year’s China Internet Security Conference, held from Sept. 24 to 25. Referred to as “China’s youngest hacker,” Wang Zhengyang, a student from a junior high school affiliated with Tsinghua University in Beijing, said he prefers to be seen as an ethical computer hacker, or “white hat,” reported the Beijing News.

China cyber-war costing US billions: FBI chief

AFP October 6, 2014 3:43 AM

  • China is waging an aggressive cyber-war against the United States that costs American business billions of dollars every year, Federal Bureau of Investigation director James Comey said.
  • “There are two kinds of big companies in the United States,” Comey said. “There are those who’ve been hacked by the Chinese, and those who don’t know they’ve been hacked by the Chinese.”


  • In February 2013, Mandiant, a private U.S. cybersecurity firm, published a report providing detailed technical information regard- ing the activities of a cyber threat group, which Mandiant refers to as Advanced Persistent Threat 1. According to the report, the group likely is the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s Third Department, also known as Unit 61398. Mandiant assesses Unit 61398 since 2006 has penetrated the networks of at least 141 organizations, including companies, international organizations, and foreign governments. These organizations are either located or have headquarters in 15 coun- tries and represent 20 sectors, from information technology to financial services.
  • Through these intrusions, the group gained access to ‘‘broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and e-mails and contact lists from victim organizations’ leadership.’’1
  • Aside from Unit 61398, the Third Department has another 11 operational bureaus, three research institutes, four operations centers, and 16 technical reconnaissance bureaus.3
  • In July 2013, a threat researcher at Trend Micro, a private Japanese cybersecurity firm, claimed he had detected a Chinese cyber intrusion, commencing in December 2012, of a honeypot. He created the honeypot to resemble the industrial control sys- tem of a water plant in the United States.
  • If true, this suggests Unit 61398 is collecting intelligence on crit- ical infrastructure in addition to other targets. Such activities are consistent with PLA doctrine, which explains that one func- tion of wartime computer network operations is to ‘‘disrupt and damage the networks of [an adversary’s] infrastructure facilities, such as power systems, telecommunications systems, and edu- cational systems.’’ 9 Some PLA strategists also have suggested China should develop the capability to paralyze ports and air- ports by cyber or precision weapon attacks on critical infrastructure.10
  • In May 2013, DoD for the first time directly accused the Chinese government and military of cyber espionage against U.S. networks.
  • Publicly attributing cyber intrusions to the Chinese government and military in the DoD report is a significant step for the U.S. government. Previous DoD documents and statements had acknowledged cyber espionage ‘‘emanated’’ or ‘‘originated’’ from China but stopped short of attributing those operations to the Chinese government and military.
  • When confronted with public accusations from the United States about its cyber espionage, Beijing attempted to refute the evidence, in part, by pointing to the anonymity of cyberspace and the lack of verifiable technical forensic data.
  • There is growing evidence the Chinese government is conducting a cyber espionage campaign against U.S. media organizations. China likely seeks to use information acquired through these intrusions to (1) shape U.S. press coverage of China by intimidating journalists’ sources in China, and (2) gain warning about negative media coverage of China before it is published.19
  • In April 2013, U.S. Secretary of State John Kerry announced the and Chinese governments would establish a working group to discuss cybersecurity.34
  • In what appears to be a break with the past, China in June 2013 agreed in a United Nations (UN) report that international law, which includes the law of armed conflict,* extends to cyberspace. The report states, ‘‘International law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible [information and communication technology] environment.’’
  • Addressing Mr. Snowden’s allegations, a spokesperson for China’s Ministry of National Defense said, ‘‘To, on the one hand, abuse one’s advantages in information technology for selfish ends, while on the other hand, making baseless accusations against other countries, shows double standards that will be of no help for peace and security in cyberspace.’’ 45
  • However, an official at the U.S. embassy in Beijing told the Commission Mr. Snowden’s allegations had not affected private discussions with the Chinese government on cyber theft of intellectual property.
  • There are no indications the public exposure of Chinese cyber espionage in technical detail throughout 2013 has led China to change its attitude toward the use of cyber espionage to steal intellectual property and proprietary information.

China accused of spying on Danish defence industry

The cyber attack occurred between 2008 and 2012 September 26, 2014 by CW

  • A number of experts and sources have identified the foreign state that has been spying on the Danish defence industry for years as China, according to DR Nyheder.
  • “We are talking about an attack that was advanced, targeted and which took place over a longer period of time,” Thomas Lund Sørensen, the director at the Centre for Cyber Security at the Ministry of Defence, told DR Nyheder.
  • The Chinese Embassy in Denmark has denied that China was behind any cyber espionage attacks in Denmark, but in 2009, US government officials reportedly revealed that information from the F-35 program had been compromised by an attack that allegedly originated from China and may have assisted in the development of the Chinese J-20 fighter jet.

Hackers stole secret MH370-related documents from Malaysian officials – report

Published time: August 20, 2014 06:19

  • A targeted phishing attack on a handful of Malaysian officials involved in investigating the disappearance of flight MH370 in March reportedly gave the perpetrators, presumably of Chinese origin, access to a trove of classified material.
  • The successful hacking attack affected some 30 computers belonging to officials in the Malaysia Airlines, the Civil Aviation Department and the National Security Council, Malaysian newspaper the Star reported on Wednesday.

Senate: China hacked military contractor networks

By JACK GILLUM September 17, 2014 4:42 PM

  • WASHINGTON (AP) — China’s military hacked into computer networks of civilian transportation companies hired by the Pentagon at least nine times, breaking into computers aboard a commercial ship, targeting logistics companies and uploading malicious software onto an airline’s computers, Senate investigators said Wednesday.
  • A yearlong investigation announced by the Senate Armed Services Committee identified at least 20 break-ins or other unspecified cyber events targeting companies, including nine successful break-ins of contractor networks. It blamed China’s government for all the most sophisticated intrusions, although it did not provide any detailed evidence.

US greenlights Chinese universities’ plan to adopt NSA cyber training

Published time: September 18, 2014 21:06

  • Schools in China are free to borrow from a cybersecurity program being implemented across the United States, the head of the US National Initiative for Cybersecurity Education said in a recent interview.
  • Speaking to NextGov, the cyber-ed guru, Ernest McDuffie, said he welcomes an effort from the Far East to adopt a computer security program sanctioned by the US National Security Agency and currently being taught from coast-to-coast at American colleges.
  • “It’s not like we’re giving away some deep, dark secret that they didn’t know before,” McDuffie said during an interview, according to NextGov’s Aliya Sternstein. “And it gives you the chance to put ethics into the mix.”

Taiwan Complains of ‘Severe’ Cyber Attacks From China

By Shannon Tiezzi August 15, 2014

  • Cyberattacks from China are especially worrying for Taiwan, which is constantly evaluating its political and security position vis-à-vis the mainland. Chang specifically noted that “many of the attacks were aimed at stealing relevant information for use in negotiations with Taiwan,” raising concerns that China is seeking leverage over what it considers a breakaway province. According to Taipei Times, Chang said the attacks, which occur almost daily, often target confidential information on Taipei’s bottom line for cross-strait negotiations.
  • Chang also said that China often uses Taiwan as an experimental target for new hacking techniques, something Reuters noted back in 2013. Reuters cited Taiwanese IT experts who said China’s cyberattacks against the United States were often tested first against Taiwan. Many of the attacks are relatively simple “phishing” attempts, where malware is sent via email to government employees. Reuters cited estimates that “thousands of Taiwanese high-level government employees receive as many as 20 to 30 of these emails a month.” Like other countries, Taiwan’s cyber defense experts have noted that the attacks take place during normal Chinese business hours — including days off for Chinese national holidays.

Community Health says data stolen in cyber attack from China

By Jim Finkle and Caroline Humer BOSTON/NEW YORK Mon Aug 18, 2014

  • “APT 18” typically targets companies in the aerospace and defense, construction and engineering, technology, financial services and healthcare industry, said Charles Carmakal, managing director with FireEye Inc’s (FEYE.O) Mandiant forensics unit, which led the investigation of the attack on Community Health in April and June.
  • The information stolen from Community Health included patient names, addresses, birth dates, telephone numbers and Social Security numbers of people who were referred or received services from doctors affiliated with the hospital group in the last five years, the company said in a regulatory filing.

Chinese cyberattack hits Canada’s National Research Council

Foreign Affairs Minister John Baird raises issue during visit to Beijing

By Rosemary Barton, CBC News Posted: Jul 29, 2014 9:28 AM ET

  • The office also said Baird raised this issue with his Chinese counterpart and the two had a “full and frank exchange of views.” “The government takes this issue very seriously and we are addressing it at the highest levels in both Beijing and Ottawa,” the statement continued.
  • This is not the first time the Canadian government has fallen victim to a cyberattack that seems to have originated in China — but it is the first time the Canadian government has unequivocally blamed China for the attack.
  • “China is, by far, at the top of the ranks worldwide when it comes to cyber-espionage,” Juneau-Katsuya said in an interview with CBC News. “They are devoting hundreds-of-millions of dollars, thousands of people just specializing in hacking on their behalf.”
  • In remarks sent to CBC News, a spokesperson for the Chinese Embassy in Ottawa said China does “not accept the groundless allegation of [the] Chinese government’s involvement in any cyber intrusion or attack.” “The Chinese government has always firmly opposed … and combated cyberattacks in accordance with the law,” Yang Yundong wrote, adding that China itself faced attacks from thousands of “foreign servers” in 2013.
  • In January 2011, the federal government was forced to take the Finance Department and Treasury Board — the federal government’s two main economic nerve centres — off the internet after foreign hackers gained access to highly classified federal information. The attack also targeted Defence Research and Development Canada, a civilian agency of the Department of National Defence that assists in the scientific and technological needs of the Canadian Forces.

Hacker group targets video game companies to steal source code

Lucian Constantin Jul 31, 2014

  • A group of attackers with links to the Chinese hacking underground has been targeting companies from the entertainment and video game industries for years with the goal of stealing source code.
  • The stolen intellectual property is used to “crack” games so they can be used for free, to create game cheating tools or to develop competing products, security researchers from Dell SecureWorks said in an analysis of the group’s activities.
  • Dell SecureWorks tracks the hacker group as Threat Group-3279 (TG-3279) and believes it has been active since at least 2009.
  • There is also strong, but not definitive, evidence to suggest a link between TG-3279 and Winnti, another hacker group with Chinese origins that has been known to target the online video game industry. The Winnti group’s attacks were documented by researchers from Kaspersky Lab in April 2013.

New type of cryptography that can better resist “dictionary attacks”

Aug 05, 2014

  • Cryptographers in China have have developed a new type of cryptography that can better resist so-called offline “dictionary attacks”, denial of service (DoS) hacks, and cracks involving eavesdroppers. Their approach, reported in the International Journal of Electronic Security and Digital Forensics, extends and improves a type of cryptography that uses an intractable mathematical problem as its basis.
  • Qiao and Tu have now devised an algorithm for on elliptic curve cryptography that precludes such security breaches by using a four-phase approach: registration phase, password authentication phase, password change phase and session key distribution phase. These are the same steps used with the Islam-Biswas scheme but Qiao and Tu add two additional calculations on the user side for the final single-session password. This change means that offline dictionary attacks will never succeed because even if the hacker guesses the user’s password they will not have the necessary algorithm to recalculate the actual session password used each time by the user. The same addition also thwarts stolen-verifier attacks, because even if a third-party has access to the verification protocol used by the system, they would still need to be able to do the one-time additional pair of calculations for the given session.

China accused of global zero-day attack on shipping firms

Tim Ring July 11, 2014

  • In its report on the zero-day, TrapX said weaponised malware was pre-installed on handheld scanners and software at a Chinese supplier’s factory, then sent to seven shipping and logistics firms and one manufacturing company, in order to infiltrate their corporate ERP servers and steal financial data. The “highly sophisticated” malware was embedded in the Windows XP operating system installed on the scanner and also on the Chinese manufacturer’s support website.
  • In the attack that first alerted TrapX to Zombie Zero, as soon as the victim used the scanner to send data via an exterior wireless network to its main server, the malware attacked the corporate network, targeting any servers that had the word ‘finance’ in their host name. “The attack successfully located the ERP financial server via automated means and compromised it,” TrapX said. “Exfiltration of all financial data and ERP data was achieved, providing the attacker complete situational awareness and visibility into the logistic/shipping company’s worldwide operations.”
  • The malware successfully bypassed the victim company’s firewall, IPS, IDS and mail-gateway security. TrapX also warned: “The customer installed security certificates on the scanner devices for network authentication. But because APT malware from the manufacturer was already installed in the devices, the certificates were completely compromised.”
  • TrapX suspects Zombie Zero is a Chinese ‘nation state’ malware campaign because its command-and-control server is located at the Lanxiang Vocational School, within the China Unicom Shandong province network.
  • TrapX says the Lanxiang School was implicated in the Operation AURORA attacks against Google two years ago which were linked to the Chinese People’s Liberation Army. The Chinese scanner manufacturer is also located a few streets away from the Lanxiang School.
  • Yet despite the criticism, UK security expert Alan Woodward, a visiting professor at Surrey University and Europol adviser, says there is no sign of China reducing its attacks.

U.S. Accuses Chinese Executive of Hacking to Mine Military Data

Man Charged With Industrial Espionage Targeting Boeing, Other Defense Contractors

By Andrew Grossman And Danny Yadron Updated July 11, 2014 8:26 p.m. ET

  • Tensions between the U.S. and China over cyberespionage remain high. Secretary of State John Kerry, visiting China this week, raised the “chilling effect” hacking has on U.S. firms. The Chinese, in turn, see themselves as victims of cyberespionage.
  • Prosecutors in Los Angeles unsealed a 50-page complaint accusing Mr. Su of working with two co-conspirators in China between 2009 and 2013 to break into computers at Boeing Co. and other defense contractors, steal technology and pass it to entities in China, sometimes for a price. The trio allegedly stole sensitive information about Boeing’s C-17 military transport plane and two of the Pentagon’s most advanced fighter jets, the F-22 and F-35, built by Lockheed Martin Corp. among other projects.
  • The F-35 has been a long-standing target of suspected overseas hackers. The Wall Street Journal reported in 2009 that hackers, possibly Chinese, had penetrated Pentagon computers containing information about the program.
  • The complaint helped to answer one question about China’s sprawling hacking-industrial complex. The country’s cyberwarriors, some of whom work for the military and others on their own, hit so many targets and vacuum up so much information, that it can at times it can be hard to tell who is directing them, a former U.S. official said.
  • A spokesman for the Chinese embassy in Washington said he wasn’t aware of Mr. Su’s case, but said that in recent meetings, U.S. and Chinese officials have discussed the issue and that China told the U.S. to take a “constructive approach.”
  • China’s state-controlled Xian Aircraft Corp. is developing its own four-engine military cargo jet, dubbed the Y-20, that flew for the first time last year. Western defense experts have said the plane bears similarities to the C-17, though other military transport planes also share attributes.

Chinese Hackers Stole Plans For Israel’s Iron Dome

Armin Rosen Jul. 28, 2014, 4:53 PM

  • According to Krebs, “the attacks bore all of the hallmarks of the ‘Comment Crew,’ a prolific and state-sponsored hacking group associated with the Chinese People’s Liberation Army (PLA) and credited with stealing terabytes of data from defense contractors and U.S. corporations.” The hackers gained access to the systems of three Israeli companies working on missile defense. Maryland-based Cyber Engineering Services could prove that 700 documents were stolen in the breach although it’s likely that the actual number is higher.
  • Elements of the Chinese state are willing to gain any potential intelligence or technological advantage regardless of the possible diplomatic consequences. “The Chinese style of espionage is more like a vacuum cleaner than a closely-directed telescope,” Jon Lindsay, a research scientist at the University of California’s Global Institute on Conflict and Cooperation, explained to Business Insider. “They go after a lot of different kinds of targets — the leaders in any particular industry.”
  • As Lindsay notes, missile defense is a technological puzzle, with high-profile systems like the U.S.’s Patriot missile battery often showing disappointing results in the field, as during the first Gulf War. Israel has a highly developed domestic arms industry that seems to have mastered a difficult niche ability. With the Iron Dome’s apparent success after Israel’s 2012 conflict with Hamas, it must have seemed like an irresistible target to the Chinese — despite improving relations with Israel.
  • Still, Lindsay notes that Chinese hacking isn’t always a reflection of what the country’s leadership wants — for instance, China still enjoys close economic ties with the U.S. even in spite of state-sanctioned Chinese cyber-attacks on American targets. And it isn’t always clear how high up the chain of command cyber-attacks go. “The party is in charge but there’s a sprawling state council with several executive ministries,” Lindsay explains of China’s often-compartmentalized authority structure. “Everybody is looking up and very few people are looking across.”

US seeks resumption of cyber talks with China

Jun 27, 2014 by Matthew Pennington

  • The U.S. next month will urge China to resume discussions on cybersecurity suspended after the U.S. charged five Chinese military officers with hacking into U.S. companies to steal trade secrets.
  • Assistant Secretary of State Daniel Russel told The Associated Press on Thursday that the U.S. would push for a resumption of the cyber working group when officials meet at the annual U.S.-China Security and Economic Dialogue in Beijing in July.

Chinese cyberspies have hacked Middle East experts at major U.S. think tanks

By Andrea Peterson July 7

  • Alperovitch said the firm noticed a “radical” shift in DEEP PANDA’s focus on June 18, the same day witnesses reported that Sunni extremists seized Iraq’s largest oil refinery. The Chinese group has typically focused on senior individuals at think tanks who follow Asia, said Alperovitch. But last month, it suddenly began targeting people with ties to Iraq and Middle East issues.
  • It’s rarely clear why Chinese cyberspies hack specific American targets, but experts say there are a few clues to why the DEEP PANDA group may have been interested in Middle East experts at think tanks.
  • “It wouldn’t be surprising if the Chinese government is highly interested in getting a better sense of the possibility of deeper U.S. military involvement that could help protect the Chinese oil infrastructure in Iraq,” wrote Alperovitch in a company blog post.
  • “The Chinese think that American think tanks are like Chinese think tanks,” says James Lewis at the Center for Strategic and International Studies, which has been hacked before. In the midst of the most recent campaign, CSIS staff received an e-mail warning them of phishing attacks, he said. “The downside is that they’re going to read this stuff and be confused — then quite possibly come to the wrong conclusions,” Lewis explains.
  • DEEP PANDA’s cyberattacks are notable for their extreme stealth, according to Alperovitch. “The group leverages existing tools on the system and very rarely brings in malicious tools that might be noticed by administrators of that network.” Instead, the hackers set up scripts that use existing Windows tools to operate malicious programs that run only in memory — making them almost impossible to detect using traditional forensic methods. “These are well-funded, motivated teams that are doing whatever they can to get all this information,” he warns.

Chinese Hackers Broke Into US Database Of Employees With Top-Secret Security Clearances

Reuters Supriya Kurane, Reuters Jul. 9, 2014, 11:48 PM

  • (Reuters) – Chinese hackers broke into the computer networks of the United States government agency that keeps the personal information of all federal employees in March, the New York Times reported, citing senior U.S. officials.
  • The hackers appeared to be targeting files on tens of thousands of employees who have applied for top-secret security clearances, the newspaper said.

China’s cyber-generals are reinventing the art of war

By Dominic Basulto May 30

  • Instead of tallying costs in terms of dead and wounded, we now measure them in purely economic terms. Instead of a known enemy, we now have a shadowy assailant who, on the surface, is still our friend. For every claim by the United States that the Chinese have gone beyond mere spying for national security to include ruthless appropriation of commercial secrets, there is a counterclaim by China that the United States has been using the NSA as its own kind of global surveillance state.
  • The new warfare will be cheap, low-intensity and most likely, waged primarily in cyberspace. Attacks will occur against economic targets rather than military targets. Taking down a stock market or a currency has greater tactical value than taking out a hardened military target.
  • For better or worse, cyberwarfare represents a new form of warfare, in which our ostensible friends – such as the Chinese – are also our shadow enemies. For every economic deal we sign with them, they may be busy undermining the very companies that make these deals possible. For every company that goes public on our stock market, there is a shadowy cyber outpost like 61398 searching for ways to bring that stock market to its knees.
  • But if you’re expecting something along the lines of a conventional war, with a clear beginning and end, think again. The future of war is all about low-grade, low-intensity attacks in cyberspace, all easily disavowed. Instead of one big cyber Pearl Harbor, maybe it’s just a lot of tiny little Pearl Harbors. It is the ultimate asymmetric war in which we do not even know who to attack, or how or when.
  • The new war has no official start, no official end, and no official enemy. There are only “evolving threats.” War is everywhere, and yet nowhere because it is completely digital, existing only in the ether.

2nd China Army Unit Implicated in Online Spying


  • Just weeks after the Justice Department indicted five members of the Chinese army, accusing them of online attacks on United States corporations, a new report from CrowdStrike, released on Monday, offers more evidence of the breadth and ambition of China’s campaign to steal trade and military secrets from foreign victims.
  • The report, parts of which The New York Times was able to corroborate independently, ties attacks against dozens of public and private sector organizations back to a group of Shanghai-based hackers whom CrowdStrike called Putter Panda because they often targeted golf-playing conference attendees.
  • The hackers’ tools were developed during working hours in Chinese time zones, researchers say, and Internet records show that in one case hackers used the same I.P. address as members of Unit 61398 to launch their attacks. The use of that address for simultaneous attacks suggests cooperation between Unit 61398 and Unit 61486, said Adam Meyers, CrowdStrike’s head of threat intelligence.
  • In some cases, researchers said, attackers slipped up and registered websites used in their assaults under the same email address they used to register personal blog and social media accounts. In one case, an attacker deployed a remote access tool, or RAT, from a web domain registered to an email address that belonged to a onetime student at the School of Information Security Engineering at Shanghai Jiao Tong University, a top university long suspected of being a state recruiting ground for hackers.

How to watch hacking, and cyberwarfare between the USA and China, in real time

By Sebastian Anthony on June 25, 2014 at 8:54 am

  • The real-time map, maintained by the Norse security company, shows who’s hacking who and what attack vectors are being used. The data is sourced from a network of “honeypot” servers maintained by Norse, rather than real-world data from the Pentagon, Google, or other high-profile hacking targets. In hacking a honeypot is essentially a juicy-looking target that acts as a trap — either to gather important data about the would-be assailants, or to draw them away from the real target. The Norse website has some info about its “honeynet,” but it’s understandably quite sparse on actual technical details.

China Hacking Is Deep and Diverse, Experts Say

Intruders Often Work As Hackers For Hire, According to Officials

By Danny Yadron in San Francisco, James T. Areddy in Shanghai and Paul Mozur in Beijing Updated May 29, 2014 8:24 p.m. ET

  • The Chinese have often told their U.S. counterparts they don’t condone hacking but also that they can’t police what they don’t control, according to former U.S. officials.
  • experts in the field, including former U.S. officials, say the Chinese hacking landscape is chaotic and hard to follow.
  • “Part of the consternation when we were pushing them was there is not complete knowledge of what’s going on,” said a former U.S. official, recalling cyber negotiations with China. Kevin Mandia, chief operating officer of FireEye Inc., FEYE +4.20% a cybersecurity firm, said some of the best hacks appear to be by one of several Chinese groups, which his colleagues refer to as “unknown.”
  • “With its network technology and infrastructure, the U.S. has a unique superiority. It wouldn’t be difficult for them to fabricate evidence,” said Geng Yansheng at the ministry’s monthly news conference.
  • Four years ago, authorities arrested three people for running a “hacker training website” called Black Hawk Safety Net with over 170,000 members.
  • Nongovernment hacking, however, has continued to flourish, with strategies and lines of code being traded in anonymous Internet bazaars.
  • A weakness of Army hackers is their ability or willingness to be identified, researchers say. Comment Crew is characterized by easily traceable electronic fingerprints like the repeated use of certain email addresses and nicknames.
  • Security researchers say they are more impressed with those known only by the fallout from their work. U.S. officials and researchers say they are tracking between 20 and 30 Chinese groups.
  • In 2009, an anonymous group researchers refer to as “Aurora” infiltrated the servers that run Google’s Gmail service and stole information from accounts. The hack was so stealthy the firm initially thought one of its employees was responsible, the former U.S. official said. A Google spokesman declined to comment.
  • Mr. Kindlund said he has files on several members Aurora but declined to release them. Because Aurora is made up of seemingly private citizens, “there is potential blowback” if the people he is monitoring aren’t actually working for the state, he said.
  • Since the Google intrusions, Aurora hacked into Lockheed Martin, the U.S. Labor Department, RSA, EMC Cop’s security unit and Bit9 Inc., a Massachusetts company with contracts to keep hackers out of some of the biggest U.S. firms and the U.S. government, according to people familiar with investigations into those intrusions. Attribution in cyberspace isn’t an exact science and relies on spotting strings of code and matching online personas to real-world people. Regardless, “whoever these guys are, they’re pretty damn good,” Mr. Mandia said of Aurora.

Students hack Tesla Model S, make all its doors pop open IN MOTION

Toot the horn, too

By Darren Pauli, 21 Jul 2014

  • Zhejiang University students have hacked the Tesla Model S with an attack that enabled them to open its doors and sun roof, switch on the headlights and sound the horn – all while the car was driving along.
  • The hack was part of a competition at the annual Syscan conference in Beijing, where a prize of $US10,000 was offered to anyone who could pop the smartcar’s doors and engine.

Can our cyber cadre compete with China?

May. 6, 2014 – 06:00AM | By | AMBER CORRIN

  • “I do think we’re at a big disadvantage when you compare where we are to many of the other nations operating in this realm who are at the forefront of this…specifically the Chinese,” Rep. Tammy Duckworth (D-Ill.) said May 6 at the C4ISR & Networks conference in Arlington, Va. “When you look at our cyber warriors, in the Army for example, these are not men and women who started out their careers as cyber warriors. They don’t go through ROTC or the academies and what they want to be when they graduate is a cyber warrior; it’s not even a career field that’s open to them at the time. They want to be rangers or aviators…or infantry. But cyber is not that. What we get in the cyber cadre in this country are people who’ve done other things for a while.”
  • “We do the best we can to train then, provide them with certifications, provide them with experience – but they’re going up against Chinese military officers who were probably recruited out of high school and probably have a couple Ph.D. at this point, and who do nothing but cyber their entire careers. This is a daunting enemy we have to face up to.”
  • “What we’re facing right now is a wakeup call that cyber is absolutely a priority, and if we don’t learn how to dominate this military battle space and if we don’t learn to do it now, we will leave ourselves behind much as great empires and nations did in the past,” Duckworth said. “As long we don’t dominate this battle space we will behind our competitors. And we simply can’t afford that.”

Mandiant: China-backed Cyber Threats Show No Signs of Abatement

15 April 2014

  • More than a year after security firm Mandiant caused a stir by publishing a report that alleged China was behind widespread and increasingly sophisticated cyber-espionage projects, it’s back again to tell us that things have gone from bad to worse.
  • “One conclusion is inescapable: the list of potential targets has increased, and the playing field has grown,” the company said in the report. “Cyber-threat actors are expanding the uses of computer network exploitation to fulfill an array of objectives, from the economic to the political. Threat actors are not only interested in seizing the corporate crown jewels but are also looking for ways to publicize their views, cause physical destruction and influence global decision makers. Private organizations have increasingly become collateral damage in political conflicts. With no diplomatic solution in sight, the ability to detect and respond to attacks has never been more important.”
  • “Mandiant’s recent observations of China-based APT activity indicate that the PRC has no intention of abandoning its cyber campaigns, despite the Obama administration’s specific warnings that China’s continued cyber espionage ‘was going to be [a] very difficult problem in the economic relationship’ between the two countries,” the firm said.

Taiwan vulnerable to cyber attacks from China: academic

Samuel Hui 2014-05-01

  • In a seminar titled China’s Military Capability and the Security Situation in Taiwam Strait, Lin discussed the different characteristics of China’s cyber army. First, Lin said that it is fruitless to study the various units of China’s cyber army because they change all the time and do not have permanent bases as many Western experts have believed.
  • Taiwan at present would be unable to defeat the PLA’s cyber division in a potential cyber war against China. Lin said the Republic of China Armed Forces or Taiwan’s security agencies has not yet established any unified command with the authority to manage information security. Noting that Taiwan has civilian talent that the government could use to defend the nation in a cyber warfare against China, Lin said however that many information security companies in the country have already been bought up by foreign companies.

‘Chinese spies’ launch new Adobe zero-day attack

Tim Ring February 21, 2014

  • A group of Chinese spies are believed to have resurfaced to attack vulnerable political and non-profit groups, after FireEye discovered them using a new zero-day Adobe exploit.
  • FireEye does not directly identify the cyber spies involved, but David Bailey, CTO of cyber security at BAE Systems Applied Intelligence (formerly Detica), told “We believe the threat actors originate in China, though cannot say who is funding them.”

U.S. Wants to Advance Military Relations With China Despite Hacking Incident

By Army Sgt. 1st Class Tyrone C. Marshall Jr. American Forces Press Service

  • WASHINGTON, May 20, 2014 – A day after the Justice Department charged five members of China’s military with hacking into computer networks of American companies, a Defense Department spokesman said the Pentagon wants to continue developing military relations with Beijing.
  • “We still desire, from a military perspective, to further grow and develop the military-to-military relationship and to find ways to have a more productive conversation about these very tough issues,” Pentagon Press Secretary Navy Rear Adm. John Kirby told reporters today. “Cyber’s one of them.”

America’s Global Surveillance Record

Updated: 2014-05-26 15:30 (China Academy of Cyber Space)

  • America’s secret surveillance activities directed against China and other parts of the world include:
  • Collecting data on nearly 5 billion mobile telephone calls across the globe every day;
  • Monitoring German Chancellor Angela Merkel’s cell phone for more than 10 years;
  • Plugging into the main fiber optic connections between Yahoo’s and Google’s overseas data centers, and stealing data of hundreds of millions of customers;
  • Monitoring mobile phone apps over a period of years to grab personal data;
  • Waging large scale cyber-attacks against China, with both Chinese leaders and the Chinese telecoms giant Huawei as targets
  • Targets of American surveillance include the Chinese government and Chinese leaders, Chinese companies, scientific research institutes, ordinary netizens, and a large number of cell phone users. China sticks to the path of peaceful development, and sees no justification for being targeted by America’s secret surveillance agencies under the guise of fighting terrorism.

Chinese spies read Australian MPs’ emails for a year: report

SYDNEY Sun Apr 27, 2014 8:05pm EDT

  • (Reuters) – A cyber attack on the Australian parliamentary computer network in 2011 may have given Chinese intelligence agencies access to lawmakers’ private emails for an entire year, the Australian Financial Review reported on Monday.
  • “It was like an open-cut mine. They had access to everything,” a source told the newspaper.
  • The access would have allowed China to gain a sophisticated understanding of the political, professional and social links of the Australian leadership and could have included sensitive discussions between lawmakers and their staff.

Chinese hackers are stealing our secrets – US Admiral

19 April, 00:54

  • The US military are concerned that their secret development is no longer a secret for hackers from other countries. The Pentagon cannot protect their developments from cyber attacks, says Admiral Samuel Locklear.
  • A senior military commander said that Chinese hackers continue to steal the US military secrets, despite the fact that the US government has repeatedly expressed its protest on this issue.
  • Although Admiral did not give any specific examples of theft of secret information, according to Foreign Policy, it is already known that hackers have stolen the design data of F/A-18 fighters and F-35 helicopter Black Hawk, as well as the anti-missile systems Aegis.

Chinese hackers accused of attacking Vietnamese websites

Tuesday, May 13, 2014 17:39

  • Thanh Nien, Vu Quoc Khanh, director of the state-run Vietnam Computer Emergency Response Team, confirmed that a number of Vietnamese websites have been attacked recently
  • Nguyen Hong Phuc, an expert with HVA Online – one of Vietnam’s oldest Internet security forums, also believed that the attacks will likely increase, causing more damages. Nearly 2,000 Vietnamese websites were hit in June 2011, after Chinese marine surveillance ships cut the cables of an exploratory vessel belonging to the Vietnam National Oil and Gas Group (PetroVietnam) working in Vietnamese waters, he said.
  • Nguyen Minh Duc, a security expert with FPT – one of Vietnam’s biggest telecommunication groups – also said the latest attacks look like a warning shot from Chinese hackers, as their attacks on Vietnamese Internet systems in recent years have proven that they’re capable of inflicting much more damage.
  • Meanwhile, many experts called for Vietnamese hackers to restrain themselves, warning that Vietnamese businesses and Internet users would suffer the most from such a confrontation. Phuc warned that it would be a bad idea to launch a cyber-war now, given Vietnam’s lack of preparation and the other side’s obvious advantages (i.e. more hackers and better online infrastructure).

U.S. Charges Five in Chinese Army With Hacking

By Devlin Barrett and Siobhan Gorman May 19, 2014, 4:42 p.m. ET

  • The U.S. said five officers in Unit 61398 of the People’s Liberation Army in Shanghai engaged in espionage by hacking into five U.S. companies and a labor union in the steel, solar and nuclear-power industries, including U.S. Steel Corp., Westinghouse Electric Co. and Alcoa Inc. Authorities said the individuals were attempting to gain access to “trade secrets” and other information that would help the Chinese compete and gain advantage at key moments, such as during negotiations to build a nuclear-power plant in China or during trade talks.
  • The suspects were allegedly part of a group that hacked into U.S. systems to obtain information about 1,753 computers at U.S. Steel, piping systems for nuclear-power plants from Westinghouse Electric, and cost and pricing information from a solar-panel firm.
  • That Obama administration offensive seemed to wane in the wake of disclosures starting in June 2013 by Mr. Snowden exposing U.S. cyberspying efforts against China, including Chinese companies. Some disclosures specifically showed the U.S. penetrating Chinese telecommunications giant, Huawei, which U.S. officials say is a vehicle for Chinese government cyberspying. The Obama administration has struggled in the wake of those disclosures to regain the upper hand.
  • The Obama administration has struggled in the wake of those disclosures to regain the upper hand. It argues that it doesn’t conduct corporate espionage, as it accuses China of doing, but it relies on a nuanced argument. U.S. officials privately acknowledge they spy on companies for foreign intelligence purposes, particularly those they believe are at least in part state-controlled, but they say they won’t steal corporate secrets to provide an advantage to U.S. companies. In China, where many companies are state-controlled in some fashion, that nuanced argument has fallen flat.

US indicts China’s PLA hackers: Productive, or desperate?

The Obama administration, clearly frustrated at the extent of Chinese industrial espionage, has indicted five military officers for stealing trade secrets. Does this step make sense?

By Dan Murphy, Staff writer / May 19, 2014

  • The National Counterintelligence Executive’s 2011 report on economic espionage singled out China as the most persistent country in stealing US trade and defense data, noting that of seven cases brought under the US Economic Espionage Act in 2010, six were linked to the People’s Republic. Russia came in as the No. 2 source for economic espionage.
  • The US says it doesn’t spy to steal trade secrets and pass them on to its companies, and none of the stolen NSA documents that Edward Snowden has filtered through Glenn Greenwald and others have contradicted that assertion. But that’s a distinction without a difference for many, particularly since the US has used snooping to gain advantage in government-to-government trade talks, which could at least indirectly help US companies.

China cyber-gangs use ‘vast underground network’

4 March 2014 Last updated at 07:47 ET

  • Such underground forums are thriving worldwide, particularly in Russia, China and Brazil.
  • Spam is big business in a country where 81% of Chinese internet users went online using their mobile phone in 2013.
  • To boost an iPhone app into the top five of Apple’s China app store can cost 60,000 yuan (£5,800).
  • In Android third-party stores – where most Chinese Android users shop – cybercriminals pay according to the number of downloads they want, with prices starting at 40 yuan (£3.90) for 10,000 downloads. At the end of 2013 there were 500 million mobile internet users in China, according the China Internet Network Information Center (CNNIC).

New Chinese stealth jet built with stolen F-35 component designs

Published time: March 14, 2014 04:02

  • A new Chinese stealth fighter jet’s design includes details obtained in a Chinese cyber-spying operation conducted seven years ago against the F-35 Lightning II, according to a new report based on conversations with US military officials and contractors.
  • The Chinese espionage plot, dubbed Operation Byzantine Hades by US intelligence agencies, primarily targeted government as well as US industry. While the US Office of National Intelligence is known to have more details about the plot, Bill Gertz of the Washington Free Beacon reported that new Chinese planes have incorporated technology previously only found in the F-35.
  • The initial J-20 prototype was revealed in 2011, however the aircraft shown in the video was equipped with a new electro-optical targeting system under its nose, an updated coating that will help the plane hide from radar, and newly hidden engine nozzle, according to the Free Beacon. Pentagon officials have said that the data was first taken by a Chinese military group called the Technical Reconnaissance Bureau based in Chengdu province. The information was then given to the Aviation Industry Corp. (AVIC). The AVIC then passed it on to a subsidiary, the Chengdu Aircraft Industry Group, to incorporate the information into the new design.
  • “If as part of their espionage, China had also gained engineering insights into the F-35’s very advanced sensor systems, that could prove disastrous to its combat potential barring a rapid redesign and improvements before entering service.”
  • Last year US officials denied that the Chinese had gained an edge on American military capabilities, although they did not refute that cyber-espionage is becoming more common in the tense world of geopolitics.

US to China: Come clean over cyber war

2014-04-08 07:29

  • In a speech on Tuesday at the PLA’s National Defence University, Hagel urged China to be more open about its cyber capabilities to defuse tensions and avoid an inadvertent conflict, a senior defence official said.
  • “We have tried to be as open and transparent on that as we can be. And we would like to see them be able to reciprocate,” said the official, who spoke on condition of anonymity.
  • “We very recently shared with them some basic doctrine on cyberspace, on how we’re approaching the challenges in cyberspace,” the official told reporters travelling with Hagel. But the Chinese so far had not “reciprocated”, said the official, confirming a New York Times report.
  • During his Asia tour, which included a visit to Tokyo, Hagel has stressed that as a “great power” China has to live up to its “responsibilities”, suggesting Beijing should respect its smaller neighbours and adopt a more transparent approach in its relations with the US military.
  • China showed off its sole aircraft carrier, the Liaoning, to Hagel on Monday, giving him a two-hour tour, including a briefing from the skipper and a walk on the flight deck. “We didn’t see every space aboard the ship but we felt this was an honest, genuine effort” to be more transparent, the official said.

Chinese Hackers Seen Exploiting Cloud to Spy on U.S.

By Chris Strohm Nov 20, 2013 6:00 PM ET

  • The Chinese government wages “a large-scale cyber espionage campaign” and “has successfully targeted the networks of U.S. government and private organizations,” the U.S.-China Economic and Security Review Commission concludes in its annual report to Congress released yesterday.
  • The commission for the first time said cloud computing, which connects Internet services, “represents a potential espionage threat.” The report fails to cite any examples of the Chinese government using the technology in attacks.

China hackers ‘target EU foreign ministries’

By Jane Wakefield Technology reporter 10 December 2013 Last updated at 07:08 ET

  • Chinese hackers spied on the computers of five European foreign ministries over the summer, according to research from US security company FireEye. The hackers sent emails with malware-ridden attachments purporting to detail a possible US intervention in Syria. The Ke3chang group has been active since at least 2010, according to the researchers.
  • Traditionally it has targeted the aerospace, energy and manufacturing industries but they have also delivered malware to hi-tech companies and governments, according to FireEye. In 2012 it used a London Olympics themed attack and a year earlier used emails purporting to show nude pictures of the then French president’s wife, Carla Bruni, researchers said. But in their latest attack “they appeared to be specifically targeting foreign ministries”, Mr Villeneuve told the BBC.

Chinese hackers reportedly crashed Federal Election Commission website

By Molly Henneberg Published December 19, 2013

  • Chinese hackers crashed the Federal Election Commission’s website Oct. 1, the first day of the partial government shutdown, in “what may be the worst act of sabotage in [the FEC’s] 38-year history,” a non-partisan investigative journalism group reported.
  • David Levinthal, senior reporter at the Center for Public Integrity, told Fox News the hackers’ motivation was not yet clear, but taking down a website of the U.S. federal government is a “big deal to them.
  • “These are not people who like the United States,” he added. “These are people who want to do damage to the country. They want to do damage to freedom and democracy as we have it in this country.”

China Cyber Espionage Grows

BY: Bill Gertz November 6, 2013 4:59 am

  • The recent exposure of a secret Chinese military cyber warfare unit has not led to a decrease in cyber espionage against U.S. government and private networks, according a draft congressional China commission report. Instead, the Chinese military group temporarily limited its large-scale cyber espionage campaign and took steps to mask its activities, according to a forthcoming report by the U.S.-China Economic and Security Review Commission.
  • “The Chinese government is directing and executing a large-scale cyber espionage campaign against the United States, and to date has successfully targeted the networks of U.S. government and private organizations, including those of DoD, defense contractors, and private firms,” the report said. “These activities are designed to achieve a number of broad economic and strategic objectives, such as gathering intelligence, providing Chinese firms with an advantage over its competitors worldwide, advancing long-term research and development objectives, and gaining information that could enable future military operations.”

Chinese APT Campaigns May Be More Connected Than Previously Thought

Kelly Jackson Higgins November 12, 2013

  • Researchers at FireEye closely studied 11 Chinese advanced persistent threat (APT) campaigns targeting different industries and found that many of them employed the same malware tools, code, binaries, and digital certificates for the binaries. The findings appear to suggest that these cyberespionage campaigns are likely more centralized and organized that was once thought, a theory that has been bandied about among different researchers for some time.

A New Army Of Chinese Hackers Is Stealing Secrets From U.S. Companies, Researchers Say

Julie Bort Nov. 13, 2013, 4:52 PM

  • Researchers at security vendor FireEye say they’ve uncovered a disturbing scheme: what looks like random hack attacks against a variety of U.S. companies is really an organized group of Chinese hackers stealing intellectual property.
  • The researchers told Business Insider that they don’t know what the hackers are doing with stolen IP, or how much money this has cost U.S. companies so far. But, they say, the group has been busy in 2013.

Chinese ‘Icefog’ gang attacks Asian countries using ‘hit and run’ APTs

Traced to clutch of past attacks By John E Dunn | Techworld | Published: 16:45, 26 September 2013

  • Kaspersky Lab has identified another Chinese APT campaign. Dubbed ‘Icefog’, the largely Japanese, Taiwanese and South Korean targets included a well-publicised attack on Japan’s House of Representatives in 2011.
  • Judging from Kaspersky’s latest research, Icefog looks like a smaller player than Hidden Lynx or the notorious Comment Crew/APT1 convincingly blamed for a hugely successful raid on defence contractor QinetiQ.
  • “The ‘hit and run’ nature of the Icefog attacks demonstrate a new emerging trend: smaller hit-and-run gangs that are going after information with surgical precision. The attack usually lasts for a few days or weeks and after obtaining what they were looking for, the attackers clean up and leave,” he said.

Expert: Hacks by Chinese ‘frenemy’ a fact of lifeBusiness ties between Israel and China grow closer daily, but that doesn’t stop hackers from helping themselves to tech secrets

BY DAVID SHAMAH October 29, 2013, 6:00 am

  • But there’s another side to China that Israel must deal with — the China that will stop at nothing to acquire the technology it seeks, using hacking and other illicit means to get what it wants. That China was very much in evidence this week, as Israeli officials conveyed Sunday night that they had intercepted an attempted attack by Chinese hackers who wanted to break into Israeli security sites. According to Channel 2, over 140 top-level officials in Israeli security organizations reported a hacking attempt via a Trojan horse.

China military hackers persist despite being outed by U.S.: report

By Deborah Charles and Paul Eckert WASHINGTON Wed Nov 6, 2013 6:44pm EST

  • (Reuters) – The disclosure early this year of a secretive Chinese military unit believed to be behind a series of hacking attacks has failed to halt the cyber intrusions, a U.S. computer security company and congressional advisory panel said on Wednesday.
  • “There are no indications the public exposure of Chinese cyber espionage in technical detail throughout 2013 has led China to change its attitude toward the use of cyber espionage to steal proprietary economic and trade information,” the commission said in a draft of their annual report to Congress.
  • A Mandiant spokeswoman told Reuters that within a few weeks of the February report, the hacking levels from China had returned to about the same levels though the group was using some different tools.

Hacking U.S. Secrets, China Pushes for Drones

By EDWARD WONG Published: September 20, 2013

  • BEIJING — For almost two years, hackers based in Shanghai went after one foreign defense contractor after another, at least 20 in all. Their target, according to an American cybersecurity company that monitored the attacks, was the technology behind the United States’ clear lead in military drones.
  • The hacking operation, conducted by a group called “Comment Crew,” was one of the most recent signs of the ambitions of China’s drone development program. The government and military are striving to put China at the forefront of drone manufacturing, for their own use and for export, and have made an all-out push to gather domestic and international technology to support the program.

Meet Hidden Lynx: The most elite hacker crew you’ve never heard of

These hired hackers have unusual skills and penetrate high-value targets worldwide. by Dan Goodin – Sept 17 2013, 1:53pm EST

  • A hacking team with unusual skill and persistence has penetrated more than 100 organizations around the world, including US defense contractors, investment banks, and security companies whose sole purpose is to defend against such attacks, according to a detailed report.
  • One of the best known exploits of the so-called Hidden Lynx group was the devastating compromise of security firm Bit9 in 2012. The Waltham, Massachusetts, company provides an “application whitelisting” service that allows customers to run only a small set of approved software on their PCs and networks. By hacking into the company’s servers and stealing the private cryptographic keys Bit9 used to digitally sign legitimate apps, the intruders were able to infect more valuable targets inside military contracting firms who used the service.

Hackers-for-hire: Chinese group accused of economic espionage against US companies

Published time: September 19, 2013 18:40

  • According to Symantec, the group involved in the exploits consists of 50 to 100 professional “hackers for hire,” and is among the most advanced troops of its kind.
  • “This group has a hunger and drive that surpass other well-known groups,” Symantec acknowledged in a blog post published on Tuesday, and characterized the unit as demonstrating vast technical prowess, agility, organization, patience and “sheer resourcefulness.” “These attributes are shown by the relentless campaigns waged against multiple concurrent targets over a sustained period of time,” Symantec said.
  • Speaking to Reuters, the chief technologist at competing security firm CrowdStrike said he thinks the group has worked solely for the Chinese government and state-owned enterprises, despite Symantec’s falling short of make such accusations.

China’s freelance hackers: For love of country (and proof that propaganda works)

By Shannon Van Sant / CBS News/ July 10, 2013, 3:28 AM

  • Wan Tao (Eagle) hacked for China unofficially, led a collection of 400 hackers called China Eagle Union
  • despite wild claims from the west, many hackers from China are not government sponsored, it is done “independently and voluntarily, driven by nationalism and a fundamental desire for self-expression”
  • China’s heavily censored environment made hacking very attractive, particularly as a form of expression “Hacking can give young people, especially introverts, a feeling that they cannot achieve in the day to day world. It’s a feeling of accomplishment, challenging authority and people in power. Young people have the desire for that feeling of freedom,”
  • China Eagle Union created viruses, attacked U.S. government websites and infiltrated the email accounts of Japanese politicians
  • while Wan Tao has gone legit and runs a security form to help Chinese companies against cyber attacks, some of the other members have gone to be ‘cyber soldiers’ and work for the Chinese government or engage in cyber espionage

Taiwan a ‘testing ground’ for Chinese cyber army

By Michael Gold TAIPEI | Thu Jul 18, 2013 9:11pm EDT

  • “We’ve seen everything,” said Jim Liu, the 28-year-old founder of Lucent Sky, a Taiwanese internet security company specializing in resolving dangerous software vulnerabilities that hackers can exploit in order to gain access to a system.
  • “We’ll see a specific attack signature here, and then six months later see the same signature in an attack on the States.”
  • This cyber war playing out across the narrow Taiwan Strait first came to public attention in 2003, when a Taiwanese police agency realized hackers had stolen personal data, including household registration information, from its computer system.

Chinese hackers mount fresh attacks – and smarter than ever, says US security firm

  • Agence France-Presse in Washington Wednesday, 14 August, 2013, 11:00am
  • The security firm FireEye said the original perpetrators “appear to be mounting fresh assaults that leverage new and improved versions of malware”.

Hackers Find China Is Land of Opportunity

By EDWARD WONG Published: May 22, 2013

  • some hackers see crime as more lucrative than legitimate work, but opportunities for skilled hackers to earn generous salaries abound, given the growing number of cybersecurity companies providing network defense services to the government, state-owned enterprises and private companies.
  • government jobs are usually not well paying or prestigious, and most skilled hackers prefer working for security companies that have cyberdefense contracts
  • another former hacker said the monolithic notion of insidious, state-sponsored hacking now discussed in the West was absurd. The presence of the state throughout the economy means hackers often end up doing work for the government at some point, even if it is through something as small-scale as a contract with a local government office.

China blamed after ASIO blueprints stolen in major cyber attack on Canberra HQ

Updated May 28, 2013 07:51:38

  • Secret blueprints of new ASIO HQ stolen
  • Chinese hackers believed to be behind theft
  • Blueprints show security, IT system layouts

Pentagon: China’s Government Hacked U.S. Networks

by Scott Neuman May 06, 2013 4:26 PM

  • The new report says numerous U.S. diplomatic, economic and defense industry networks were hacked in 2012 at the direction of China’s government and its military.
  • Earlier this month, reported that , which produces spy satellites, drones and software used by U.S. special forces, had been the target of Chinese hacking.
  • In February, that the European Aeronautic Defense & Space Co. — EADS — and Germany’s largest steelmaker, ThyssenKrupp, had also been hacked by China.

Pentagon: The Chinese stole our newest weapons

Published time: May 28, 2013 15:31

  • Blueprints for the Pentagon’s most advanced weaponry, including the Black Hawk helicopter and the brand new Littoral Combat Ship used by the Navy, have all been compromised, the Defense Science Board claims in a new confidential report.
  • The Washington Post acknowledged late Monday that they have seen a copy of the report and confirmed that the Chinese now have the know-how to emulate some of the Pentagon’s most sophisticated programs.
  • “This is billions of dollars of combat advantage for China,” a senior military official not authorized to speak on the record told Post reporters. “They’ve just saved themselves 25 years of research and development.”
  • Chinese hackers have previously been accused of waging cyberattacks on a number of US entities, including billion-dollar corporations and governmental departments. In 2007 it was reported that China accumulated the blueprints for the Pentagon’s F-35 fighter jets, the most expensive weapons program ever created, but the latest news from the DSB decries that much more has been compromised.
  • According to the Post, the plans for the advanced Patriot missile system, an Army anti-ballistic program and a number of aircraft have all ended up in the hands of the Chinese. The result could mean the People’s Republic is working towards recreating the hallmarks of America’s military might for their own offensive purposes, while also putting China in a position where even the most advanced weaponry in the world won’t be able to withstand complex defensive capabilities once those projects are reverse engineered.

China’s culture of hacking cost the country $873 million in 2011

By Max Fisher, Published: May 20, 2013 at 1:59 pm

  • freelance and industrial hackers operating within China are estimated to have caused $873 million in damage to Chinese economy in 2011 alone according to a study by academics at Tsinghua University
  • corporate agents taking China’s often-cutthroat internal economic competition online
  • point is that official government hacking creates a culture of cyber-espionage; it’s how things are done.
  • culture of hacking even pervades, as I’ve previously written, the ranks of the Communist Party itself. Senior officials regularly spy on one another, hiring out hackers and other freelancers to help them survive the party’s kill-or-be-killed culture.

Chinese hackers launch pirate App Store, no jailbreak needed

by Michael Grothaus Apr 19th 2013 at 2:00PM

  • Chinese hackers have launched a pirate app store that allows people to download pirated iOS apps with no jailbreaks needed. The online web store uses geolocation to determine a user’s whereabouts. If the user is outside of China, he is not granted access to the store, instead being redirected to another page run by the hackers.

Chinese Hackers Seek Drone Secrets

Mathew J. Schwartz | April 22, 2013 01:38 PM

  • Furthermore, the advanced persistent threat (APT) group behind both attacks, according to FireEye, is the gang known as the “Comment Crew,” which was singled out in a recent report from Mandiant. The security firm accused the group, dubbed APT1, of being an elite Chinese military hacking unit based in Shanghai, known as the People’s Liberation Army (PLA) Unit 61398, which is suspected of having attacked at least 141 organizations across numerous industries. Chinese government officials have denied those accusations.
  • In the latest series of attacks, the tactics have remained largely the same, although this time one of the decoy documents includes a reference to Pakistan’s UAV program, while another appears to have been sent from a military email address at Joint Base Andrews in Maryland, titled “Family Planning Association of Base (FPAB).”
  • Regardless of the group’s sponsor, one recent set of attacks it launched targeted about a dozen organizations — across the aerospace, defense, telecommunications and government sectors — in both the United States and India, beginning in December 2011, if not earlier. But FireEye also found that the malicious infrastructure and command-and-control (C&C) servers used in the attacks are the same as those employed in a campaign known as Operation Beebus, so named for the related malware used by attackers, which was first submitted for testing to VirusTotal in April 2011. Including those spear-phishing attacks, which were discovered in February, FireEye now has a running total of 20 targets, including government-funded drone researchers in academia.

Chinese cyber-spook crew back in business, say security watchers

Who can tell the spies from the robbers?

By John Leyden • Get more from this author Posted in Security, 29th April 2013 13:13 GMT

  • according to over 400 global security researchers, Comment Crew and other Chinese hacker groups are still hacking. they never stopped or changed, not even with the recent exposures.
  • they still use zero day exploits and spear phishing
  • 89% of APT attacks use Chinese attack tools, developed and disseminated by Chinese hacker groups
  • verizon researches say 96% of espionage attacks it investigated, was traced to China, meanwhile 55% of criminally motivated attacks were traced to the US or Eastern Europe

‘Chinese’ attack sucks secrets from US defence contractor

Comment Crew blamed for three-year attack on QinetiQ

By Phil Muncaster • Get more from this author Posted in Security, 2nd May 2013 04:54 GMT

  • Comment Crew attacked QinetiQ, stealing advanced military secrets for at least 3 years
  • NASA warned QinetiQ that it was being attacked, but they still treated it like an isolated incident
  • Mandient suggested a simple fix that was ignored, a 2 factor authentication system that would prevent stolen passwords from working
  • Russian hackers have also been stealing secrets for 2 years through a compromised secretary computer

US military secrets leaked to Chinese hackers for three years

Published time: May 03, 2013 19:58

  • A US military contractor was allegedly hacked by those associated with the Chinese military. The company reportedly ignored signs of security breaches, allowing hackers to access military technology and classified documents for three years.
  • Comment Crew’s continuous spying reportedly provided China with a wealth of secret information on QinetiQ’s drones, satellites, military robotics, and the US Army’s combat helicopter fleet. The spies also stole several terabytes – equivalent to hundreds of millions of pages – of documents and data on weapons programs.

China says willing to discuss cyber security with the U.S.

By Terril Yue Jones BEIJING | Tue Mar 12, 2013 6:17am EDT

  • On Monday, U.S. National Security Advisor Tom Donilon called on China to acknowledge the scope of the problem and enter a dialogue with the United States on ways to establish acceptable behavior. China, in response, said it was happy to talk.
  • “China is willing, on the basis of the principles of mutual respect and mutual trust, to have constructive dialogue and cooperation on this issue with the international community including the United States to maintain the security, openness and peace of the Internet”, Foreign Ministry spokeswoman Hua Chuying said at a daily news briefing.

Who hacks the most? Hint: Not China

Kristin DeasyMarch 13, 2013 17:39

  • Russians hack the most, then Taiwan/Germany/Ukraine/Hungary and the United States
  • Russia is the most by far with over 2 million attacks in February, Taiwan second with 900k attacks

Not Playing Nice: Chinese Hacker Gang Has Their ‘Game’ Face On

By Robert Westervelt April 11, 2013 12:45 PM ET

  • Kaspersky said the Chinese hacking group identified as Winnti has been active in a spate of targeted attacks for several years and now specializes in cyberattacks against the online video game industry. The financially motivated cybercriminals appear to be attempting intellectual property theft, infiltrating gaming companies to steal source code for game projects and digital certificates of legitimate software vendors, according to Kaspersky, which issued a report Thursday.
  • The Winnti hacking group has so far targeted companies in 13 countries, including gaming firms in the U.S. The tight-knit group could have been active since 2007 and is believed to have infected systems in at least 35 companies with its custom malware, Kaspersky said in its report.

US and China to set up cyber security working group

13 April 2013 Last updated at 18:05

  • The US and China have agreed to work together on cyber security, US Secretary of State John Kerry has said.
  • In recent months the US and China have traded accusations over cyber attacks on US government computer networks and private companies.

U.S. firm blames China’s military for hacking attacks

China says claims ‘groundless’

The Associated Press Posted: Feb 19, 2013 5:41 AM ET

  • Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a drab, white 12-storey office building run by “Unit 61398” of the People’s Liberation Army.
  • The unit “has systematically stolen hundreds of terabytes of data from at least 141 organizations,” Mandiant wrote. By comparison, the U.S. Library of Congress 2006-2010 Twitter archive of about 170 billion tweets totals 133.2 terabytes.
  • “From our observations, it is one of the most prolific cyberespionage groups in terms of the sheer quantity of information stolen,” the company said. It added that the unit has been in operation since at least 2006.

  • The latest and most telling example came Tuesday. According to a new report from information security company Mandiant, the Chinese military is linked to one of the most prolific hacking groups in the world.
  • That group, known as the “Comment Crew,” has attacked Coca-Cola (KO, Fortune 500), EMC (EMC, Fortune 500) security division RSA, military contractor Lockheed Martin (LMT, Fortune 500), and hundreds of others. It reportedly holds the blueprints to America’s energy systems, and has funneled trade secrets out of some of the country’s largest corporations.

How the reported Chinese hackers worked

Cracking down on Chinese hackers

Sorry, But That ‘Chinese’ Hacking Report Proves Nothing

Adam Taylor | Feb. 19, 2013, 2:36 PM

  • In a blog post today, Jeffrey Carr, founder and CEO of cyber security firm Taia Global inc, wrote that the Mandiant report had “critical analytic flaws” and that other theories had not been fully investigated as they did not fit in with the report’s anti-China bias.
  • The biggest problem, as I wrote in my blog, is that Mandiant’s conclusions do not exclude other threat actors besides China. Nor do they eliminate the possibility that other foreign intelligence services are using China as a false flag to disguise their own cyber espionage operations. All they need to do is set up a business in Shanghai.
  • They traced IP addresses to a section of Shanghai which is the center of China’s economic and financial growth and which has over 5 million people. They never traced it to that building.

Sophisticated cyber-attack hits Energy Department, China possible suspect

Published February 04, 2013

  • US Energy Department hit by cyber attack, possibly China
  • Personal info of several hundred employees were compromised
  • 14 servers and 20 workstations were penetrated
  • No classified info was compromised

U.S. said to be target of massive cyber-espionage campaign

By Ellen Nakashima, Published: February 10

  • National Intelligence Estimate says China is the most aggressive in hacking American business and institutions for economic gain
  • Russia, Israel and France also hack for econ intel, but pales in comparison to Chinese efforts

China vs. U.S.: Online spying called “Cold War for the next generation”

February 11, 2013 8:53 AM

  • Online spying directed at military, but also energy/finance
  • Doing it for the government, not anarchy
  • All countries hack, but China does it for economic gain, this is unfair

Alt Text: Chinese Hackers Are Responsible for Everything Wrong With My Life

By Lore Sjöberg 02.11.13 6:30 AM

  • Part of what makes this ongoing series of attacks so concerning in a fully understandable way is that nobody’s safe. In fact, pretty much any lapse in security — pretty much any lapse even vaguely computer-related — could be explained as the result of Chinese hackers, even if it’s not actually…. Hmm.
  • For instance, last week when a bunch of my friends and I were going to see The Hobbit and I showed up late with the tickets and we missed the trailer for Star Trek and also some of The Hobbit? It turns out Chinese hackers got into my GPS and sent me to a strip club for three hours, which is why I was late. Darn those Chinese hackers!
  • Other things that Chinese hackers have been responsible for: My lack of car insurance, approximately 80 percent of the videos and images downloaded to my hard drive — including all those in the “Very Boring and Non-Sexual Documents” folder — the lopsided nature of my beard, that smell coming from behind the fridge, whatever I said last Friday around 1:30 a.m., whatever I did last Friday around 2:30 a.m., and basically anything in my life involving cat urine.

Hardcore Chinese Hacker Sells Facebook ‘Likes’ on the Side

By Ryan Tate 02.15.13 9:30 AM

  • An intriguing story surfaced this week about a mysterious hacker named Zhang Changhe, who is apparently working for the Chinese army coordinating a botnet of zombie computers infested with malware, according to Bloomberg BusinessWeek.
  • But that’s only part of the story. Zhang, according to Bloomberg and other accounts, seems to also have been running a service through which unscrupulous businesses could pay to increase the number of “likes” on their Facebook pages, as well as their number of followers on Twitter and votes on other social networks. The site was promoted on the forum BlackHatWorld.
  • The business and its owner underscore what Facebook is up against as the social network tries to preserve the purity, and thus value, of interactions between users and advertisers. Zhang was no ordinary social media consultant; in an academic paper on computer security, he listed himself as working at the PLA Information Engineering University. That’s PLA, as in People’s Liberation Army. The university is the Chinese army’s electronic intelligence center. That’s quite an enemy for Facebook to be up against.

10 Targets Hit by Chinese Hackers

By Mark Hachman January 31, 2013

  • Although the hacker group Anonymous has become the world’s highest-profile hacking group, the teams of private hackers from the PRC have probably been responsible for far more damage. Anonymous has defaced Web pages and taken them down via distributed denial-of-service attacks; the Chinese groups have reportedly stolen code, hacked into files used by U.S. businesses, and caused economic damage, rather than just bad publicity.
  • “China’s persistence, combined with notable advancements in exploitation activities over the past year, poses growing challenges to information systems and their users,” the U.S.-China Economic and Security Review Commission wrote in its 2012 annual report to Congress. “Chinese penetrations of defense systems threaten the U.S. military’s readiness and ability to operate.”
  • One of the epic battles between Chinese hacker groups and a U.S. company was waged between Solid Oak Software and its founder, Brian Milburn, and a group of Chinese hackers. As documented by Bloomberg, Milburn’s attempts to sue the Chinese government for the theft of his code was met with a three-year-long war that shut down his company’s servers and caused him to even crawl underneath his house, looking for a possible wiretap on his fiber-optic cable. Clearly, the Chinese are to be feared.

Google boss Schmidt labels China an ‘IT menace’

2 February 2013

  • China is “the most sophisticated and prolific” hacker of foreign companies, according to a review obtained by the Wall Street Journal (WSJ).

China May (or May Not) Be Behind the Twitter Hack

Connor Simpson 2,776 Views Feb 2, 2013

  • You may not have heard, but roughly 250,000 Twitter accounts may have been compromised by hackers. There’s a theory that — if you read between the lines — Twitter is implying the Chinese are to blame for compromising their security.
  • Bandits might have made away with “usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.” They think. A Twitter representative stressed to the Verge that they’re still investigating; there’s a chance we’re all safe.

China’s People’s Daily rejects hacking allegations by US media

Agence France-Presse in Beijing Monday, 04 February, 2013, 12:59pm

  • Hacking attacks are transnational and concealable
  • IP addresses are not sufficient evidence to confirm origin of attack
  • America is hyping and using this threat as justification for sanctions and trade protectionism

Hackers in China Attacked The Times for Last 4 Months

By NICOLE PERLROTH Published: January 30, 2013

  • Chinese hackers attacked NYT, getting passwords
  • No evidence emails or files from the Wen story was accessed, downloaded or copied
  • No customer data was stolen
  • China’s Ministry of Defense denies the attacks
  • Hackers could have wreaked havoc, but did not, interested in the names of sources who provided information on the Wen story
  • The group is APT 12, who have hacked many organizations including American military contractors

Chinese Hackers Hit U.S. Media

Wall Street Journal, New York Times Are Breached in Campaign That Stretches Back Several Years

By SIOBHAN GORMAN, DEVLIN BARRETT and DANNY YADRON Updated January 31, 2013, 8:28 p.m. ET

  • WASHINGTON—Chinese hackers believed to have government links have been conducting wide-ranging electronic surveillance of media companies including The Wall Street Journal, apparently to spy on reporters covering China and other issues, people familiar with the incidents said.
  • Chinese hackers for years have targeted major U.S. media companies with hacking that has penetrated inside newsgathering systems, several people familiar with the response to the cyberattacks said. Tapping reporters’ computers could allow Beijing to identify sources on articles and information about pending stories. Chinese authorities in the past have penalized Chinese nationals who have passed information to foreign reporters.
  • Chinese Embassy spokesman Geng Shuang condemned allegations of Chinese cyberspying. “It is irresponsible to make such an allegation without solid proof and evidence,” he said. “The Chinese government prohibits cyberattacks and has done what it can to combat such activities in accordance with Chinese laws.” He said China has been a victim of cyberattacks but didn’t say from where.

Washington Post Joins List of News Media Hacked by the Chinese

By NICOLE PERLROTH Published: February 1, 2013

  • SAN FRANCISCO — The question is no longer who has been hacked. It’s who hasn’t? The Washington Post can be added to the growing list of American news organizations whose computers have been penetrated by Chinese hackers.
  • According to people with knowledge of an investigation at The Washington Post, its computer systems were also attacked by Chinese hackers in 2012. A former Post employee said there had been hacking attempts at the Washington Post for at least four years, but none targeted the company’s newsroom. Then, last year, newsroom computers were found to be communicating with Web servers that were traced back to China, according to people with knowledge of the Post investigation who declined to speak on the record.
  • The Times reported on Wednesday that Bloomberg L.P. was also attacked by Chinese hackers after its Bloomberg News unit published an article last June about the wealth accumulated by relatives of Xi Jinping, China’s vice president at the time. Mr. Xi became general secretary of the Communist Party in November and is expected to become president in March.

Chinese government ‘hacks into White House office in charge of the nuclear launch codes’

By Meghan Keneally Published: 13:16 GMT, 1 October 2012

  • White House confirmed the hack but downplayed it, saying no damage was done and it was unsuccessful
  • Military Office targeted which controls the President’s travel, interoffice communications, and nuclear codes

Hacker attack underlines Web role in China scandal

Associated Press By CHRISTOPHER BODEEN and ISOLDA MORILLO April 20, 2012 11:36 PM

  • A massive hacker attack has crippled an overseas website that has reported extensively on China’s biggest political turmoil in years, underscoring the pivotal role the Internet has played in the unfolding scandal.
  • The assaults on Boxun’s server followed days of reporting on Bo Xilai, formerly one of the country’s most powerful politicians, who was fired as head of the mega-city of Chongqing and suspended from the Communist Party’s powerful Politburo amid accusations of his wife’s involvement in the murder of a British businessman.

Anonymous says it hacked China websites

The Associated Press Posted: Apr 05, 2012 7:14 AM ET

  • China was struggling Thursday to restore several government websites that international hacking group Anonymous says it attacked in an apparent protest against Chinese Internet restrictions.
  • On a Twitter account established in late March, Anonymous China listed the websites it says it hacked over the last several days. They include government bureaus in several Chinese cities, including in Chengdu, a provincial capital in southwest China.

Comment Crew

Stealing US business secrets: Experts ID two huge cyber ‘gangs’ in China

Two large operations in China account for 90 percent of cyberespionage against US business, one expert says. Research suggests the scope of the operations could be breathtaking.

By Mark Clayton, Staff writer / September 14, 2012

  • Among the 20 or so identifiable Chinese cyberespionage groups, the two that dwarf the others are the Elderwood Gang and the Comment Crew. The two have many different names, with researchers giving them different monikers. To Dell Secureworks cyber counterspy expert Joe Stewart, they are the Beijing Group and the Shanghai Group because of where their activities seem to originate. To Mr. Alperovitch of CrowdStrike, they are Sneaky Panda and Comment Panda.
  • In 2011, while still at McAfee, he went on to reveal Comment Crew (which he calls Comment Panda) operating alongside Elderwood. It’s called that because the group so often uses a technique involving internal software “comment” features on web pages as a tool to infiltrate target computers.
  • Comment Crew, Alperovitch found, had infiltrated at least 72 organizations including defense companies, the International Olympic Committee, and the United Nations. He dubbed Comment Crew’s campaign Operation ShadyRAT – “RAT” standing for “remote access tool,” the name for malware used to control computer systems remotely.

Hackers Linked to China’s Army Seen From EU to D.C.

By Michael Riley & Dune Lawrence – Jul 26, 2012 7:00 PM ET

  • Observed for years by U.S. intelligence, which dubbed it Byzantine Candor, the team of hackers also is known in security circles as the Comment group for its trademark of infiltrating computers using hidden webpage computer code known as “comments.”
  • Those logs — a record of the hackers’ commands to their victims’ computers — also reveal the highly organized effort behind a group that more than any other is believed to be at the spear point of the vast hacking industry in China. Byzantine Candor is linked to China’s military, the People’s Liberation Army, according to a 2008 diplomatic cable released by WikiLeaks. Two former intelligence officials verified the substance of the document.
  • The methods behind China-based looting of technology and data — and most of the victims — have remained for more than a decade in the murky world of hackers and spies, fully known in the U.S. only to a small community of investigators with classified clearances.
  • What sets the Comment group apart is the frenetic pace of its operations. The attacks documented last summer represent a fragment of the Comment group’s conquests, which stretch back at least to 2002, according to incident reports and interviews with investigators. Milpitas, California-based FireEye Inc. alone has tracked hundreds of victims in the last three years and estimates the group has hacked more than 1,000 organizations, said Alex Lanstein, a senior security researcher.

Hackers break into energy technology company

By Robert O’Harrow Jr,September 27, 2012

  • A major technology company that enables energy suppliers and others to remotely control their operations has been penetrated by hackers from China, according to security researchers and company officials.
  • Security researchers said details of the attack suggest it was the work of a notorious Chinese group dubbed the Comment Crew. The group appears to be behind a series of other attacks detailed in a Washington Post report Thursday.
  • The Comment Crew are believed to have attacked hundreds of other organizations in recent years as part of an ongoing espionage and disruption campaign.

World’s power-grid cyber breach traced to notorious Chinese crew

Telvent pulls plug on networks after shock raid

By John Leyden Posted in Security, 28th September 2012 16:28 GMT

  • An espionage attack on Telvent – the maker of power-grid control systems and smart meters – has been linked to a prolific Chinese hacking crew.
  • Clues such as references to particular domain names and malware left behind by the spies match the digital fingerprints of a Chinese hacking crew called the Comment Group, which is linked to previous cyber-espionage campaigns, according to researchers at Dell SecureWorks.

Elderwood Group

Internet Explorer zero-day exploit linked to China

Paul Wagenseil , TechNewsDaily

  • Delving further into the Microsoft Internet Explorer zero-day exploit found last week, which unknown hackers used to compromise the website of an influential American think tank, researchers have discovered the exploit’s use on other websites and strong evidence of links to China.

Latest Internet Explorer zero-day linked to Elderwood Project

Author : Mohit Kumar on 1/06/2013 04:49:00 AM

  • Last week we have seen ongoing attacks was exploiting a vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 that came to light after the Council on Foreign Relations website was hacked and was hosting the code. Symantec has linked exploits to the group responsible for a spate of recent espionage attacks Dubbed the “Elderwood Project”.
  • The group, believed to be based in China, has targeted U.S. defense contractors and their partners in the supply chain, including manufacturers of mechanical components. The latest zero-day was used as part of a so-called “watering hole” attack against the website for the policy think tank Council on Foreign Relations, the influential membership group that helps shape U.S. foreign policy.

Elite hacker gang pulls out another IE zero-day from bottomless pocket

Symantec links latest IE vulnerability — which Microsoft won’t patch next week — to group that’s exploited nine zero-days in last two years

By Gregg Keizer January 4, 2013 04:21 PM ET

  • Computerworld – An elite hacker group credited last year with having an inexhaustible supply of zero-day vulnerabilities was responsible for digging up and first using the newest unpatched bug in Internet Explorer (IE), a Symantec manager today.
  • The gang, dubbed “Elderwood” after a source code variable regularly used by the hackers, had been profiled last September by Symantec in a research paper that outlined its strategies as well as its hacking tactics.

American think-tank hack linked to Chinese hackers

By Erik Crouch

  • Last month the New York-based Council on Foreign Relations (one of the US’s most prestigious think tanks) was attacked by a group of hackers. The attack aimed to compromise the computers of the website’s high-profile clientele, which includes high-level politicians, powerful businessmen (and humble Shanghaiist writers). The hack was believed to be carried out by the Elderwood Group, a China-based hacker coalition that has previously targeted Google, Tibetan- and Uyghur-rights groups, Amnesty International, Taiwanese travel sites, and other pages seen to be “anti-China.”
  • The principal question isn’t whether or not the hackers are Chinese (the attacks have been linked to computers within the country) but rather if they are linked to the government. Elderwood has repeatedly impressed security experts with its seemingly unlimited supply of resources and the high sophistication of their attacks, leading to speculation that the group is more than just a handful of hackers in Beijing and Shanghai (as was originally believed). Beijing emphatically denies having any hand in the recent Council on Foreign Relations hit, but previous Elderwood attacks (such as those against Google in 2009) were said to have links to the Chinese government.

‘Elderwood’ Crew, Tied to Google Aurora Attack, Targeting Defense, Energy, Finance Companies

September 7, 2012, 10:41AM

  • Researchers at Symantec have been tracking the group, which they’ve dubbed the Elderwood gang, for some time, and have seen the crew using previously unknown vulnerabilities in rapid succession over the course of the last couple of years in attacks aimed at defense contractors, government agencies and other high-value targets.
  • “In order to discover these vulnerabilities, a large undertaking would be required by the attackers to thoroughly reverse-engineer the compiled applications. This effort would be substantially reduced if they had access to source code. The vulnerabilities are used as needed, often within close succession of each other if exposure of any of the vulnerabilities is imminent,” Gavin O’Gorman and Geoff McDonald of Symantec wrote in a detailed analysis of the Elderwood crew’s tactics.
  • The Elderwood team also seems to have an uncanny ability to sense when one of the zero days it has been using is about to be disclosed publicly. It often will shift to using a new vulnerability shortly before one of its current favorites is exposed, suggesting the crew watches the developments in the underground and legitimate security communities closely.

RSA: Not Enough Proof That China Is Behind The Elderwood Gang

By Fahmida Y. Rashid on September 08, 2012

  • Back in early 2010, Google announced it had been a victim of a persistent and sophisticated attack conducted over a sustained period of time. According to Google, the attackers behind “Operation Aurora” were from China and had the backing of the Chinese government.
  • There is not enough proof that China was behind the Elderwood gang. The attack package contained the Chinese language version of the malware, but it is still possible that the group making decisions were not based in China at all, Cox noted. In fact, the fact that the malware, exploit kit, and the script contained Chinese meant the developer at least knew how to read the language, he said

An Elite Chinese cyberattack unit has been pawning U.S. computers for three years and counting

September 10th, 2012 // Hacking and Security

  • Hack attack graphicDetails emerged this week regarding an attack system known as The Elderwood Project that appears to be sponsored by the Chinese military complex. The first instance of this attack vector occurred in 2009 when Google computers were comprised by a group using a zero-day exploit in Internet Explorer. It was determined that the group initiating the cyberattack was most certainly sponsored by the Chinese government. Symantec says that three years later, the attacks are still continuing, even as the attacking group hones and upgrades their exploit software. Originally the attackers used spear phishing emails to lure prospective victims to compromised websites or tricking them into opening infected attachments that would execute code to root their machine and give the attackers total control of the compromised system. Today they are increasingly adopting the “watering hole” methodology which utilizes a hidden iframe in a web page to execute code that has been housed on a compromised web server.
  • The Elderwood Group chooses specific targets which can include infrastructure companies, oil and gas companies, defense contractors, financial institutions, military organizations, and other important United States entities. The majority of their targets appear to be top-tier United States defense organizations. Once a target is chosen, the Elderwood Group studies the target and predicts which websites their targets will visit. Those websites are then forcefully comprised and the server seeded with attack code (typically utilizing SQL injection techniques). When their target visits one of the compromised servers, a hidden iframe (in the HTML based web page) is used that points to a server which hosts the exploit code. The exploit code downloads and executes the trojan program (Hydraq/Aurora is currently being used) that gives the Elderwood Group control of their target’s machine. Symantec has seen several instances where the Elderwood Group is also targeting supply chain manufacturers that service the company in Elderwood Group’s cross hairs.

Sophisticated ‘Elderwood’ hackers targeting defence industry, Symantec warns

A three-year investigation into a group of hackers shows they are well organized and interested in stealing intellectual property from the defence industry supply chain.

9/7/2012 3:46:00 PM By: Brian Jackson

  • It’d be easier to find the exploits if the group had access to the software source doe, Thakur adds, but there is no evidence that’s the case. The number of zero-day vulnerabilities used by the group, in what Symantec calls the ‘Elderwood platform’, exceeds even that of Stuxnet. That worm was developed in tandem by the U.S. and Israel to hinder Iran’s nuclear enrichment facilities, a New York Times investigation revealed June 1.

Elderwood hacker gang has seemingly unlimited supply of zero-day bugs

Group has exploited eight unpatched IE and Flash flaws in the last 20+ months

By Gregg Keizer | Computerworld US | Published 16:15, 10 September 12

  • “We’ve never see a group use so many zero-days,” said Cox in an interview today. “We were amazed when Stuxnet used four zero-days, but this group has been able to discover eight zero-days. More, the fact that they have prepared [their attacks] and are ready to go as soon as they have a new zero-day, and the speed with which they use these zero-days, is something we’ve not seen before.”

US and China engage in cyber war games

Nick Hopkins, Monday 16 April 2012 13.00 BS

  • The US and China have been discreetly engaging in “war games” amid rising anger in Washington over the scale and audacity of Beijing-co-ordinated cyber attacks on western governments and big business, the Guardian has learned.
  • “China has come to the conclusion that the power relationship has changed, and it has changed in a way that favours them,” said Jim Lewis, a senior fellow and director at the Centre for Strategic and International Studies (CSIS) thinktank in Washington.
  • Known as “Track 1.5” diplomacy, it is the closest governments can get in conflict management without full-blown talks.
  • “The Chinese are very astute. They send knowledgeable people. We want to find ways to change their behaviour … [but] they can justify what they are doing. Their attitude is, they have experienced imperialism and they had a century of humiliation.” Lewis said the Chinese have a “sense that they have been treated unfairly”. “The Chinese have a deep distrust of the US. They are concerned about US military capabilities. They tend to think we have a grand strategy to preserve US hegemony and they see a direct challenge.
  • “Of the countries actively involved in cyber espionage, China is the only one likely to be a military competitor to the US,” Lewis said.

Code blue for China’s red army

The mainland’s military is taking Mao Zedong’s guerilla tactics into cyberspace with the creation of teams of online special forces to counter more powerful enemies


  • Within minutes, more than 300 blue unit computer specialists are at their posts. They find a “back door” in the enemy’s radio communications and infiltrate their military network. Drones and helicopters take off from a border airfield and strike the enemy’s secret supply bases and convoys. The would-be attackers abandon their assault.
  • The cyberwarfare scenario is just one of the various exercises involving military blue units, or cyberspace special forces, that have been described in recent years in PLA Daily, the English-language edition of the People’s Liberation Army daily newspaper. The existence of these semi-independent units in all military regions was confirmed in May by the Defence Ministry. The units are co-ordinated by the Information Security Base under the control of the PLA’s General Staff Department.
  • Already, a large number of soldiers have been trained in hacking and defence skills. And, from the army, air force and navy to the strategic missile force, the blue units have developed their own tactics to deal with their perceived enemies, mainland military experts say.
  • China’s guerilla attacks would avoid defence strongholds such as military command centres. Instead, it would target civilian sectors such as the power grid, financial system, international trade, transport and even hospitals to cause the greatest damage, given that more than 95 per cent of the US military’s network is connected to the internet.
  • Ren Xiaowei , a navy officer with the PLA’s 91878 Unit based in Zhanjiang , Guangdong province, wrote in 2008 that the navy’s cyberwarfare units were developing hardware and tactics for simultaneous attacks on different enemies. For example, a battle in the Taiwan Strait might involve the forces of many countries, each with their own communications systems and chains of command. The mainland’s navy must be ready to infiltrate or suppress these different networks at the same time, a far more complex challenge than any that land or air forces would face, Ren wrote.