First the Chinese bought US shale gas reserves, now they are hacking into the gas pipeline control systems. They will literally hack what they frack. . .
Chinese Hackers Resume Attacks on U.S.
The headquarters of Unit 61398, center, in Shanghai. The unit of the People’s Liberation Army is believed to have resumed its attacks on American companies and government agencies.
Published: May 19, 2013 42 Comments
WASHINGTON — Three months after hackers working for a cyberunit of China’s People’s Liberation Army went silent amid evidence that they had stolen data from scores of American companies and government agencies, they appear to have resumed their attacks using different techniques, according to computer industry security experts and American officials.
China Blasts Hacking Claim by Pentagon (May 8, 2013)
U.S. Blames China’s Military Directly for Cyberattacks (May 7, 2013)
As Hacking Against U.S. Rises, Experts Try to Pin Down Motive (March 4, 2013)
Chinese Army Unit Is Seen as Tied to Hacking Against U.S. (February 19, 2013)
The Obama administration had bet that “naming and shaming” the groups, first in industry reports and then in the Pentagon’s own detailed survey of Chinese military capabilities, might prompt China’s new leadership to crack down on the military’s highly organized team of hackers — or at least urge them to become more subtle.
But Unit 61398, whose well-guarded 12-story white headquarters on the edges of Shanghai became the symbol of Chinese cyberpower, is back in business, according to American officials and security companies.
It is not clear precisely who has been affected by the latest attacks. Mandiant, a private security company that helps companies and government agencies defend themselves from hackers, said the attacks had resumed but would not identify the targets, citing agreements with its clients. But it did say the victims were many of the same ones the unit had attacked before.
The hackers were behind scores of thefts of intellectual property and government documents over the past five years, according to a report by Mandiant in February that was confirmed by American officials. They have stolen product blueprints, manufacturing plans, clinical trial results, pricing documents, negotiation strategies and other proprietary information from more than 100 of Mandiant’s clients, predominantly in the United States.
More recently, security experts said, the group took aim at companies with access to the nation’s power grid. Last September, it broke into the Canadian arm of Telvent, now Schneider Electric, which keeps detailed blueprints on more than half the oil and gas pipelines in North America.
Mandiant said that the Chinese hackers had stopped their attacks after they were exposed in February and removed their spying tools from the organizations they had infiltrated. But over the past two months, they have gradually begun attacking the same victims from new servers and have reinserted many of the tools that enable them to seek out data without detection. They are now operating at 60 percent to 70 percent of the level they were working at before, according to a study by Mandiant requested by The New York Times.
The Times hired Mandiant to investigate an attack that originated in China on its news operations last fall. Mandiant is not currently working for The New York Times Company.