The continuing evolution of Cyber warfare - Page 16 - Armchair General and HistoryNet >> The Best Forums in History

***GCoyote*** · #**226** 19 Feb 13, 10:31

19 February 2013 Last updated at 08:24 ET

Quote:

A secretive branch of China's military is probably one of the world's "most prolific cyber espionage groups", a US cyber security firm has said.

Mandiant said Unit 61398 was believed to have "systematically stolen hundreds of terabytes of data" from at least 141 organisations around the world.

http://www.bbc.co.uk/news/world-asia-china-21502088

Carl Schwamberg · #**227** 19 Feb 13, 13:19

Wasi listening to the news this morning & a Chinese rep. denied everything. Claimed the Chinese were the victims of hackers & cyber theft as much as anyone.

boomer400 · #**228** 20 Feb 13, 23:26

Well, I guess someone has finally gotten enough evidence to be able to say they did it; it's not like this is new news. The PRC operates in veiled fashion even among its own but clearly they've been infiltrating for quite a long time. And it's certainly true they suffer cyber attacks internally, if not from the opportunistic thieves then from "state" security which is more often than not corrupted anyways.
As for external attacks, I'm sure that happens too but not to the extent which they conduct their operations. It can be very confusing to listen to their protestations of innocence and injury but largely it's a mode of saving face. For that matter, the unit conducting these operations may not even be on Beijings radar except from the CCP security branches which, of course, has its own agenda separate often from the state agenda.
My guess is since nationalism in China has greatly increased and with new wealth at hand has created an environment where many CCP members are feeling their oats and want to appear to be the equal of the West. The destruction of old China by the CCP, the Cultural Revolution, successful suppression of Western-style democratic reforms, and loss of cultural history makes them vulnerable to the impulse of modern imperialism. Most unfortunate.

***GCoyote*** · #**229** 21 Feb 13, 09:54

The main report is here http://intelreport.mandiant.com/Mand...PT1_Report.pdf

The appendix is on the main page at http://intelreport.mandiant.com/

I've been watching a number of interviews with the journalists and researchers involved and they had a lot of interesting comments. In particular one noted the interrelationships between the Chinese military and state owned industries which suggest many of the break-ins were for financial gain.

Others were against US NGOs, esp. think tanks for the purpose of seeing who is visiting those sites. The purpose here would be to look for Chinese dissidents and track their activities.

boomer400 · #**230** 22 Feb 13, 12:24

Thanks for the links, GC, got some bedtime reading now. Too bad there's probably dozens of these types of units over there, every one who has access to a military/CCP IT department is probably busy trying to replicate this units success....

***Major Sennef*** · #**231** 23 Feb 13, 05:54

I found the book 'Cyber War' by Richard A. Clarke very informative on this subject:

http://www.amazon.com/Cyber-War-Nati...ords=cyber+war

***GCoyote*** · #**232** 28 Feb 13, 10:43

Published 28 February 2013

Quote:

In 2010, Symantec reported on a new and highly sophisticated worm called Stuxnet. This worm became known as the first computer software threat which was used as a cyber-weapon. In a new report, Symantec says that clues in the code pointed to other versions of the worm which could potentially perform different actions leaving an open question about Stuxnet and how it came to be.

full article here - http://www.homelandsecuritynewswire....ons-of-stuxnet

and Symantec report here - http://www.symantec.com/content/en/u...ssing_link.pdf

***GCoyote*** · #**233** 14 Mar 13, 21:25

A bit surprised he said this in open testimony. Or has the Pentagon decided that cat is out of the bag already?

Wednesday, March 13, 2013 - by Joel Hruska

Quote:

Yesterday, the newly minted head of the United States' Cyber Command team and NSA head General Keith Alexander told assembled lawmakers that the US has created offensive cyberwarfare divisions designed to do far more than protect US assets from foreign attacks. This is a major change in policy from previous public statements -- in the past, the US has publicly focused on defensive actions and homegrown security improvements.

http://hothardware.com/News/US-Cyber...n-US-Doctrine/

Carl Schwamberg · #**234** 14 Mar 13, 21:47

Or he has reliable information the 'other' side already knows about this, or he was under high pressure to say something. Three possibilities there.

boomer400 · #**235** 20 Mar 13, 12:47

Poor South Koreans, must be really feeling the love from their Northern bros....

http://www.nytimes.com/2013/03/21/wo...shes.html?_r=0

OTOH, they got bandwidth up the wazoo and we can only look on with jealousy and envy at what the S. Koreans have. Anyone like 1 Gb connections at their drops? Apparently not here in the US....oh wait, but we're more secure because we've got the FCC and Ma Bell to take care of us. Oooops, guess that's not true either. Ah, but we have now Cyber Command, right...oh, they've been building and using offensive systems for years now? Well, we can rely on corporate systems to protect us right? What, ATT helps out the gov on digital wiretapping for years too? Might as well as disconnect except we're so slow its almost the same.

Update : looks like some of the attack source IP addrs originate possibly from China.....

boomer400 · #**236** 23 May 13, 13:10

Gauss details are pretty interesting; since it's mainly in Lebanon, Israel, Palestine , it probably originates from the area and seems to share Flame-like architecture. Its main targets seem to be banking data; one should read up on it, if one hasn't. Here's a link to Securelists analysis : http://www.securelist.com/en/analysi...Distribution#2