I believe that it is very possible the next Pearl Harbor could be a cyber attack … [that] would have one hell of an impact on the United States of America. That is something we have to worry about and protect against.
Other experts are more worried about low-visibility attacks. Former cybersecurity and cyberterrorism advisor for the White House Richard Clarke said last year:
Every major company in the United States has already been penetrated by China. My greatest fear is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it.
It looks like that “single event” has finally come to pass, but in the form of two publicly reported attacks.
New York Times Attacked
On January 30, the New York Times published an in-depth account of its battles with Chinese hackers. After publishing an investigation of corruption in the Chinese government on October 25, the New York Times‘ network monitors noticed network “behavior that was consistent with other attacks believed to have perpetrated by the Chinese military.” After unsuccessfully trying to expel the hackers over two weeks, the New York Times hired cybersecurity specialist Mandiant. After tracking the hackers’ movements and actions for four months in January, Mandiant was able to expel the hackers for good from the New York Times‘ systems, at which point, the newspaper went public with its account.
Mandiant believed the attack to be the work of a Chinese Cyber Espionage Unit, which it refers to as Advanced Persistent Threat (APT) 12. For its part, China denied any attacks on media organizations with the Chinese Defense Ministry saying, “It is unprofessional and groundless to accuse the Chinese military of launching cyber attacks without any conclusive evidence.”
Evidence of China’s Cyber Espionage Organization unveiled to the public
On Tuesday, Mandiant came out with a report on APT 1, one of China’s Cyber Espionage Units that Mandiant considers to be “one of the most prolific in terms of the sheer quantity of information it has stolen.”
We’ve known U.S. companies are under siege: In the past five years, 27 of the 30 companies that make up the Dow Jones Industrial Average have been hacked or had data breaches. The Mandiant report on APT1 gives us a clearer picture of the threat to U.S. companies by showing the breadth of industries of the 141 organizations APT1 attacked over the past seven years.
Mandiant’s report, which can be downloaded from Mandiant here, details APT1’s attack infrastructure, command, and control, and tools, tactics, and procedures. Without getting into the specifics of the report, which I highly recommend you read, Mandiant concludes
We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support. In seeking to identify the organization behind this activity, our research found that People’s Liberation Army (PLA’s) Unit 61398 is similar to APT1 in its mission, capabilities, and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate.
Mandiant believes that ATP1 is PLA Unit 61398, which is known to be a unit in the People’s Liberation Army’s cyber-command. The gauntlet has been thrown down.
The Chinese Defense Ministry vehemently denied the accusations, and said the report “lacks technical proof.” On the other side, the Obama administration has raised concerns with senior Chinese officials at the highest levels, and has come out with a comprehensive report titled “Administration Strategy on Mitigating the Theft of U.S. Trade Secrets.” It remains to be seen if anything will come of all this.
In the meantime what can you do?
Eight simple tips to boost your cybersecurity
Many of the above hacks could have been prevented by some simple precautions.
