2013年2月23日土曜日

Chinese Army Unit61398

人民解放軍61398部隊がハッカー攻撃関与に濃厚とのこと。
 米国の企業や政府機関に対するハッカー攻撃の圧倒的多数に、中国・上海
に拠点を置く人民解放軍の部隊が関与している疑いが濃厚。

Mandiant
・コンピューターセキュリティー企業
APT1 Exposing One of China’s Cyber Espionage Units
 被害を受けた企業などを調査し、攻撃元をたどると人民解放軍の部隊
 「61398」の本部が入居する上海市のビル近辺に行き着いたとする報
 告書を公表。
・141企業から、数百テラバイトのEmail、メモ、設計図等のデータを組織的
 に盗む。盗まれた企業は多くが米国企業。
・侵入が確認できた1905件97%が上海の同IPアドレス。

中国外務省
・サイバー攻撃は、匿名で越境。攻撃の起源をたどるのは困難。
 報告書の調査結果がどう信用できるかは不明。
・中国は、米国からのサイバー攻撃の犠牲者だった。

中国からのサイバー攻撃の報道が米国では続く。

人民解放軍からと思われるサイバー攻撃は、Lockheed Marchin、Google、
RSA、Apple、MHI、衆議院等多くの企業や学校、機関が被害にあった。
その度犯人とされたのが、人民解放軍と委託されたオタク。
米国からの締付けで、中国政府が捨て駒とした民間人もいた。
中国発信の攻撃であっても、偽装、迂回等で、真犯人と確定するのは困難
の場合もある。
そのうち、人民解放軍も技術力が上がれば、ツールを改良または、作成
し、濡れ衣と主張するかもしれない。

防衛省もサイバー空間防衛隊(攻撃隊?)新設検討との報道もあり、話題
のTorを使えば、防衛なのか攻撃なのは、担当者次第となりそう。
防衛省が民間に委託する際、思想調査を行い、命令に従うことを義務付け
できるかも疑問。サイバー空間で、どこまでを防衛と定義するのだろうか。
Stuxnet、Duga、Flameは、攻撃か防衛かどちらの定義になるのだろうか。

グーグル攻撃 軍関係校が発信か
政治中枢サーバ 中国へ接続
サイバー攻撃 関与中国人特定
Stuxnet,Duga,Flameは官製か
捨駒 王献冰
中国紅客連盟 攻撃対象300機関
中国製エシュロンシステム
China Cyber-Espionage Campaign


Highly ALERT: Chinese Military Behind U.S. Cyber Attacks


BBC World News: China denies hacking & cyber warfare claims of US firm MaNdiant 19 Feb 2013 2301


---アップルにもサイバー攻撃 数百社に被害の可能性---
2013.2.20 10:22
http://sankei.jp.msn.com/economy/news/130220/biz13022010240010-n1.htm

 ロイター通信は19日、米アップルが高度なサイバー攻撃を受けていたと報じた。顧客情報などの流出の形跡は確認されていないといい、アップルは米当局と共同で調査している。
 ロイター通信によると、アップルのパソコン「マック」を使用する企業数百社が同様に被害を受けている可能性があるという。
 攻撃を受けたのは少数の従業員のアップル製ノートパソコンで、外部の開発者向けサイトを通じて、有害なソフトに感染したという。米オラクルのプログラム言語「ジャバ」の安全面の弱点を突かれており、交流サイト最大手フェイスブックに対する攻撃と同様の手法とみられる。
 フェイスブックは先週末、高度なサイバー攻撃を受けた形跡を1月に見つけたと発表していた。
 米国ではこのところ、企業や政府機関に対するサイバー攻撃が相次いでおり、19日付の米紙ニューヨーク・タイムズは、このうちの多数のケースに中国・人民解放軍の部隊が関与していると報じている。(共同)


---中国軍のハッカー攻撃関与濃厚 米紙、部隊名挙げる---
2013年2月19日 18時24分
http://www.tokyo-np.co.jp/s/article/2013021901001893.html

 【ニューヨーク共同】米紙ニューヨーク・タイムズ(電子版)は18日、米国の企業や政府機関に対するハッカー攻撃の圧倒的多数に、中国・上海に拠点を置く人民解放軍の部隊が関与している疑いが濃厚だとする記事を掲載した。
 被害を受けた企業などを調査してきた米国のコンピューターセキュリティー企業が19日、攻撃元をたどると人民解放軍の部隊「61398」の本部が入居する上海市のビル近辺に行き着いたとする報告書を公表予定。同紙はこの報告書を事前に入手し、独自に検証したという。
 同紙は情報筋の話として、この部隊が、サイバー空間でスパイ活動を展開する中国の中核組織だとしている。


---「サイバー空間防衛隊」新設へ検討委…防衛省---
2013年2月16日09時24分  読売新聞
http://www.yomiuri.co.jp/national/news/20130215-OYT1T01485.htm?from=ylist

防衛省は15日、「サイバー政策検討委員会」を設置した。
 同省は昨年9月に公表した指針で、大規模なサイバー攻撃には自衛権を発動しうるとした上で、2013年度に「サイバー空間防衛隊」(仮称)を新設することなどを明記しており、具体策について検討を進めるのが目的。
 委員会では〈1〉サイバー攻撃を巡る国際協力〈2〉対処する部隊の運用〈3〉人材の確保・育成〈4〉防衛産業との協力――をテーマとする四つのグループを設置。人材育成については、外部からの優秀な技術者の登用についても議論を進める。また、一昨年秋に相次いで発覚した防衛産業に対するサイバー攻撃を教訓に、装備品を製造するメーカーと攻撃手法に関する情報を共有したり、部品供給網(サプライチェーン)を保護する方法などについても検討する。


---Chinese army likely behind cyber attacks, U.S. security firm says---
By Michael Muskal
February 19, 2013, 9:50 a.m.
http://www.latimes.com/news/nation/nationnow/la-na-nn-security-firm-china-hacking-20130219,0,5386392.story

Computer-hackers tied to the Chinese military have stolen massive quantities of data from at least 140 organizations in 20 major industries since 2006, a U.S. computer security firm said in an extensive report released Tuesday.

The 74-page report, prepared by Mandiant, comes as the United States has toughened its stand against computer hacking by China and is expected to seek to do more to protect both commercial and national security information. Just last week, President Obama signed an executive order to improve protection of the American computer assets.

The Mandiant report also comes after a growing concern in many U.S. businesses, including media companies, that China has stepped up its computer invasion. The Chinese government has repeatedly denied such charges and has insisted it has been the target of computer hacking. China repeated those charges on Tuesday.

But the Mandiant report lays the blame for the increase computer hacking squarely at the official door of China, and says that a secretive military group, based in the outskirts of Shanghai, is the likely culprit for official computer activities.

“Since 2004, Mandiant has investigated computer security breaches at hundreds of organizations around the world,” the report reads. In earlier reports, the security group noted, “The Chinese government may authorize this activity, but there’s no way to determine the extent of its involvement.

“Now, three years later, we have the evidence required to change our assessment,” the security group concluded. “The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them.”

The hacking activity was likely part of the mandate of the Unit 61398 of China's People's Liberation Army, identified in the report as “one of the most persistent of China's cyber threat actors.” The unit is based in the Pudong New Area, outside of Shanghai from where the computer attacks originate.

Unit 61398 “has systematically stolen hundreds of terabytes of data from at least 141 organizations,” in diverse industries and mostly in the United States, said the report. “It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively.”

According to the report, hundreds of terabytes of data, including emails, memos and blueprints have been stolen by the military group, which focused on a broad range of industries in English-speaking countries.

In more than 97% of the 1,905 times intruders were observed, they used computer addresses registered in Shanghai, the report found. The hackers likely have a large organization with at least dozens, but potentially hundreds, of operators, the report said.

China’s role in the hacking industry has been a growing concern amid reports that groups including the New York Times and the U.S. Chamber of Commerce have reported that they have been hacked from within China.

In addition to signing an executive order, President Obama noted the issue in his State of the Union speech last week. “We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems,” he said.

In an October speech, Defense Secretary Leon Panetta warned of China’s growing computer capabilities.

“In my visit to Beijing, I underscored the need to increase communication and transparency with each other so that we could avoid a misunderstanding or miscalculation in cyberspace,” Panetta said. He called for greater sharing about cyber security between private enterprise and the U.S. government.

Speaking at a daily news briefing on Tuesday, Chinese Foreign Ministry spokesman Hong Lei denied the latest accusations.

“Cyber attacks are anonymous and transnational, and it is hard to trace the origin of attacks, so I don't know how the findings of the report are credible,” Hong said.

He added that China has been a frequent victim of cyber attacks coming from the United States. He stopped short, however, of blaming the U.S. government.


---An Overwhelming Number Of Cyber-Attacks On America Are Coming From This Army Building In China---
Joe Weisenthal and Geoffrey Ingersoll    | Feb. 18, 2013, 10:29 PM | 12,562 | 26
http://www.businessinsider.com/china-hacking-pla-unit-61398-2013-2

David Sanger, David Barboza, and Nicole Perlroth at the New York Times are out with a huge report tonight on Chinese cyber-attacks on US companies.

The Times got their hands on an advanced copy of report by Mandiant, a cybersecurity firm the newspaper had previously hired when it got hacked.

The most scary detail from the report is that Mandiant basically points a finger directly at the Chinese government:

The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them.

Our analysis has led us to conclude that APT1 [Advanced Persistent Threat] is likely government-sponsored and one of the most persistent of China’s cyber threat actors.

Though the White House is "aware" of the Mandiant report, they came just short of naming the Chinese government, and one intelligence official told the Times with frustration, "There are huge diplomatic sensitivities here.”

The Times notes:

Obama administration officials say they are planning to tell China’s new leaders in coming weeks that the volume and sophistication of the attacks have become so intense that they threaten the fundamental relationship between Washington and Beijing.

What's amazing is how clearly the location of the attackers can be pinpointed to a building of the People's Liberation Army.

“Either they are coming from inside Unit 61398,” Kevin Mandia, the founder and chief executive of Mandiant, told the Times in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”

The article cites a report from cyber-security firm Mandiant (which can be downloaded here) which cites the existence of a building housing PLA Unit 61398.

From the article:

The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence - confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years - leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.

From the report, here's a satellite shot of the building.


---Chinese Army Unit Is Seen as Tied to Hacking Against U.S.---
By DAVID E. SANGER, DAVID BARBOZA and NICOLE PERLROTH
Published: February 18, 2013
http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?_r=0

On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.

 The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence - confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years - leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.

An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups - known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” - to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.

“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”

Other security firms that have tracked “Comment Crew” say they also believe the group is state-sponsored, and a recent classified National Intelligence Estimate, issued as a consensus document for all 16 of the United States intelligence agencies, makes a strong case that many of these hacking groups are either run by army officers or are contractors working for commands like Unit 61398, according to officials with knowledge of its classified content.

Mandiant provided an advance copy of its report to The New York Times, saying it hoped to “bring visibility to the issues addressed in the report.” Times reporters then tested the conclusions with other experts, both inside and outside government, who have examined links between the hacking groups and the army (Mandiant was hired by The New York Times Company to investigate a sophisticated Chinese-origin attack on its news operations, but concluded it was not the work of Comment Crew, but another Chinese group. The firm is not currently working for the Times Company but it is in discussions about a business relationship.)

While Comment Crew has drained terabytes of data from companies like Coca-Cola, increasingly its focus is on companies involved in the critical infrastructure of the United States - its electrical power grid, gas lines and waterworks. According to the security researchers, one target was a company with remote access to more than 60 percent of oil and gas pipelines in North America. The unit was also among those that attacked the computer security firm RSA, whose computer codes protect confidential corporate and government databases.

Contacted Monday, officials at the Chinese embassy in Washington again insisted that their government does not engage in computer hacking, and that such activity is illegal. They describe China itself as a victim of computer hacking, and point out, accurately, that there are many hacking groups inside the United States. But in recent years the Chinese attacks have grown significantly, security researchers say. Mandiant has detected more than 140 Comment Crew intrusions since 2006. American intelligence agencies and private security firms that track many of the 20 or so other Chinese groups every day say those groups appear to be contractors with links to the unit.

And the Chinese Ministry of Foreign Affairs said Tuesday that the allegations were ‘‘unprofessional.’’

‘‘Making unfounded accusations based on preliminary results is both irresponsible and unprofessional, and is not helpful for the resolution of the relevant problem,’’ said Hong Lei, a ministry spokesman. ‘‘China resolutely opposes hacking actions and has established relevant  laws and regulations and taken strict law enforcement measures to defend against online hacking activities.’’

While the unit’s existence and operations are considered a Chinese state secret, Representative Mike Rogers of Michigan, the Republican chairman of the House Intelligence Committee, said in an interview that the Mandiant report was “completely consistent with the type of activity the Intelligence Committee has been seeing for some time.”

 The White House said it was “aware” of the Mandiant report, and Tommy Vietor, the spokesman for the National Security Council, said, “We have repeatedly raised our concerns at the highest levels about cybertheft with senior Chinese officials, including in the military, and we will continue to do so.”

The United States government is planning to begin a more aggressive defense against Chinese hacking groups, starting on Tuesday. Under a directive signed by President Obama last week, the government plans to share with American Internet providers information it has gathered about the unique digital signatures of the largest of the groups, including Comment Crew and others emanating from near where Unit 61398 is based.

But the government warnings will not explicitly link those groups, or the giant computer servers they use, to the Chinese army. The question of whether to publicly name the unit and accuse it of widespread theft is the subject of ongoing debate.

“There are huge diplomatic sensitivities here,” said one intelligence official, with frustration in his voice.

But Obama administration officials say they are planning to tell China’s new leaders in coming weeks that the volume and sophistication of the attacks have become so intense that they threaten the fundamental relationship between Washington and Beijing.

The United States government also has cyberwarriors. Working with Israel, the United States has used malicious software called Stuxnet to disrupt Iran’s uranium enrichment program. But government officials insist they operate under strict, if classified, rules that bar using offensive weapons for nonmilitary purposes or stealing corporate data.

The United States finds itself in something of an asymmetrical digital war with China. “In the cold war, we were focused every day on the nuclear command centers around Moscow,” one senior defense official said recently. “Today, it’s fair to say that we worry as much about the computer servers in Shanghai.”

A Shadowy Unit

Unit 61398 - formally, the 2nd Bureau of the People’s Liberation Army’s General Staff Department’s 3rd Department - exists almost nowhere in official Chinese military descriptions. Yet intelligence analysts who have studied the group say it is the central element of Chinese computer espionage. The unit was described in 2011 as the “premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence” by the Project 2049 Institute, a nongovernmental organization in Virginia that studies security and policy issues in Asia.

While the Obama administration has never publicly discussed the Chinese unit’s activities, a secret State Department cable written the day before Barack Obama was elected president in November 2008 described at length American concerns about the group’s attacks on government sites. (At the time American intelligence agencies called the unit “Byzantine Candor,” a code word dropped after the cable was published by WikiLeaks.)

The Defense Department and the State Department were particular targets, the cable said, describing how the group’s intruders send e-mails, called “spearphishing” attacks, that placed malware on target computers once the recipient clicked on them. From there, they were inside the systems.

American officials say that a combination of diplomatic concerns and the desire to follow the unit’s activities have kept the government from going public. But Mandiant’s report is forcing the issue into public view.

For more than six years, Mandiant tracked the actions of Comment Crew, so named for the attackers’ penchant for embedding hidden code or comments into Web pages. Based on the digital crumbs the group left behind - its attackers have been known to use the same malware, Web domains, Internet protocol addresses, hacking tools and techniques across attacks - Mandiant followed 141 attacks by the group, which it called “A.P.T. 1” for Advanced Persistent Threat 1.

“But those are only the ones we could easily identify,” said Mr. Mandia. Other security experts estimate that the group is responsible for thousands of attacks.

As Mandiant mapped the Internet protocol addresses and other bits of digital evidence, it all led back to the edges of Pudong district of Shanghai, right around the Unit 61398 headquarters. The group’s report, along with 3,000 addresses and other indicators that can be used to identify the source of attacks, concludes “the totality of the evidence” leads to the conclusion that “A.P.T. 1 is Unit 61398.”

 Mandiant discovered that two sets of I.P. addresses used in the attacks were registered in the same neighborhood as Unit 61398’s building.

“It’s where more than 90 percent of the attacks we followed come from,” said Mr. Mandia.

The only other possibility, the report concludes with a touch of sarcasm, is that “a secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multiyear enterprise-scale computer espionage campaign right outside of Unit 61398’s gates.”

The most fascinating elements of the Mandiant report follow the keystroke-by-keystroke actions of several of the hackers who the firm believes work for the P.L.A. Mandiant tracked their activities from inside the computer systems of American companies they were invading. The companies had given Mandiant investigators full access to rid them of the Chinese spies.

One of the most visible hackers it followed is UglyGorilla, who first appeared on a Chinese military forum in January 2004, asking whether China has a “similar force” to the “cyber army” being set up by the American military.

By 2007 UglyGorilla was turning out a suite of malware with what the report called a “clearly identifiable signature.” Another hacker, called “DOTA” by Mandiant, created e-mail accounts that were used to plant malware. That hacker was tracked frequently using a password that appeared to be based on his military unit’s designation. DOTA and UglyGorilla both used the same I.P. addresses linked back to Unit 61398’s neighborhood.

Mandiant discovered several cases in which attackers logged into their Facebook and Twitter accounts to get around China’s firewall that blocks ordinary citizen’s access, making it easier to track down their real identities.

Mandiant also discovered an internal China Telecom memo discussing the state-owned telecom company’s decision to install high-speed fiber-optic lines for Unit 61398’s headquarters.

China’s defense ministry has denied that it is responsible for initiating attacks. “It is unprofessional and groundless to accuse the Chinese military of launching cyberattacks without any conclusive evidence,” it said last month, one of the statements that prompted Mandiant to make public its evidence.

Escalating Attacks

Mandiant believes Unit 61398 conducted sporadic attacks on American corporate and government computer networks; the earliest it found was in 2006. Two years ago the numbers spiked. Mandiant discovered some of the intrusions were long-running. On average the group would stay inside a network, stealing data and passwords, for a year; in one case it had access for four years and 10 months.

Mandiant has watched the group as it has stolen technology blueprints, manufacturing processes, clinical trial results, pricing documents, negotiation strategies and other proprietary information from more than 100 of its clients, mostly in the United States. Mandiant identified attacks on 20 industries, from military contractors to chemical plants, mining companies and satellite and telecommunications corporations.

Mandiant’s report does not name the victims, who usually insist on anonymity. A 2009 attack on Coca-Cola coincided with the beverage giant’s failed attempt to acquire the China Huiyuan Juice Group for $2.4 billion, according to people with knowledge of the results of the company’s investigation.

As Coca-Cola executives were negotiating what would have been the largest foreign purchase of a Chinese company, Comment Crew was busy rummaging through their computers in an apparent effort to learn more about Coca-Cola’s negotiation strategy.

 The attack on Coca-Cola began, like hundreds before it, with a seemingly innocuous e-mail to an executive that was, in fact, a spearphishing attack. When the executive clicked on a malicious link in the e-mail, it gave the attackers a foothold inside Coca-Cola’s network. From inside, they sent confidential company files through a maze of computers back to Shanghai, on a weekly basis, unnoticed.

Two years later, Comment Crew was one of at least three Chinese-based groups to mount a similar attack on RSA, the computer security company owned by EMC, a large technology company. It is best known for its SecurID token, carried by employees at United States intelligence agencies, military contractors and many major companies. (The New York Times also uses the firm’s tokens to allow access to its e-mail and production systems remotely.) RSA has offered to replace SecurID tokens for customers and said it had added new layers of security to its products.

As in the Coca-Cola case, the attack began with a targeted, cleverly fashioned poisoned e-mail to an RSA employee. Two months later, hackers breached Lockheed Martin, the nation’s largest defense contractor, partly by using the information they gleaned from the RSA attack.

Mandiant is not the only private firm tracking Comment Crew. In 2011, Joe Stewart, a Dell SecureWorks researcher, was analyzing malware used in the RSA attack when he discovered that the attackers had used a hacker tool to mask their true location.

When he reverse-engineered the tool, he found that the vast majority of stolen data had been transferred to the same range of I.P. addresses that Mandiant later identified in Shanghai.

Dell SecureWorks says it believed Comment Crew includes the same group of attackers behind Operation Shady RAT, an extensive computer espionage campaign uncovered in 2011 in which more than 70 organizations over a five-year period, including the United Nations, government agencies in the United States, Canada, South Korea, Taiwan and Vietnam were targeted.

Infrastructure at Risk

What most worries American investigators is that the latest set of attacks believed coming from Unit 61398 focus not just on stealing information, but obtaining the ability to manipulate American critical infrastructure: the power grids and other utilities.

Staff at Digital Bond, a small security firm that specializes in those industrial-control computers, said that last June Comment Crew unsuccessfully attacked it. A part-time employee at Digital Bond received an e-mail that appeared to come from his boss, Dale Peterson. The e-mail, in perfect English, discussed security weaknesses in critical infrastructure systems, and asked the employee to click a link to a document for more information. Mr. Peterson caught the e-mail and shared it with other researchers, who found the link contained a remote-access tool that would have given the attackers control over the employee’s computer and potentially given them a front-row seat to confidential information about Digital Bond’s clients, which include a major water project, a power plant and a mining company.

Jaime Blasco, a security researcher at AlienVault, analyzed the computer servers used in the attack, which led him to other victims, including the Chertoff Group. That firm, headed by the former secretary of the Department of Homeland Security, Michael Chertoff, has run simulations of an extensive digital attack on the United States. Other attacks were made on a contractor for the National Geospatial-Intelligence Agency, and the National Electrical Manufacturers Association, a lobbying group that represents companies that make components for power grids. Those organizations confirmed they were attacked but have said they prevented attackers from gaining access to their network.

Mr. Blasco said that, based on the forensics, all the victims had been hit by Comment Crew. But the most troubling attack to date, security experts say, was a successful invasion of the Canadian arm of Telvent. The company, now owned by Schneider Electric, designs software that gives oil and gas pipeline companies and power grid operators remote access to valves, switches and security systems.

 Telvent keeps detailed blueprints on more than half of all the oil and gas pipelines in North and South America, and has access to their systems. In September, Telvent Canada told customers that attackers had broken into its systems and taken project files. That access was immediately cut, so that the intruders could not take command of the systems.

Martin Hanna, a Schneider Electric spokesman, did not return requests for comment, but security researchers who studied the malware used in the attack, including Mr. Stewart at Dell SecureWorks and Mr. Blasco at AlienVault, confirmed that the perpetrators were the Comment Crew.

“This is terrifying because - forget about the country - if someone hired me and told me they wanted to have the offensive capability to take out as many critical systems as possible, I would be going after the vendors and do things like what happened to Telvent,“ Mr. Peterson of Digital Bond said. “It’s the holy grail.”

Mr. Obama alluded to this concern in the State of the Union speech, without mentioning China or any other nation. “We know foreign countries and companies swipe our corporate secrets,” he said. “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing.”

Mr. Obama faces a vexing choice: In a sprawling, vital relationship with China, is it worth a major confrontation between the world’s largest and second largest economy over computer hacking?

A few years ago, administration officials say, the theft of intellectual property was an annoyance, resulting in the loss of billions of dollars of revenue. But clearly something has changed. The mounting evidence of state sponsorship, the increasing boldness of Unit 61398, and the growing threat to American infrastructure are leading officials to conclude that a far stronger response is necessary.

“Right now there is no incentive for the Chinese to stop doing this,” said Mr. Rogers, the House intelligence chairman. “If we don’t create a high price, it’s only going to keep accelerating.”

0 コメント: