David Sanger, David Barboza, and Nicole Perlroth at the New York Times are out with a huge report tonight on Chinese cyber-attacks on US companies.
The Times got their hands on an advanced copy of report by Mandiant, a cybersecurity firm the newspaper had previously hired when it got hacked.
The most scary detail from the report is that Mandiant basically points a finger directly at the Chinese government:
The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them.
Our analysis has led us to conclude that APT1 [Advanced Persistent Threat] is likely government-sponsored and one of the most persistent of China’s cyber threat actors.
Though the White House is "aware" of the Mandiant report, they came just short of naming the Chinese government, and one intelligence official told the Times with frustration, "There are huge diplomatic sensitivities here.”
The Times notes:
Obama administration officials say they are planning to tell China’s new leaders in coming weeks that the volume and sophistication of the attacks have become so intense that they threaten the fundamental relationship between Washington and Beijing.
What's amazing is how clearly the location of the attackers can be pinpointed to a building of the People's Liberation Army.
“Either they are coming from inside Unit 61398,” Kevin Mandia, the founder and chief executive of Mandiant, told the Times in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
The article cites a report from cyber-security firm Mandiant (which can be downloaded here) which cites the existence of a building housing PLA Unit 61398.
The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.
From the report, here's a satellite shot of the building.
Please follow Military & Defense on Twitter and Facebook.
Join the conversation about this story »