‘Undeniable’ report accuses another Chinese military unit of hacking
By Joseph Menn
SAN FRANCISCO (Reuters) – A private U.S. cybersecurity company on Monday accused a unit of China’s military of conducting far-reaching hacking operations to advance the country’s satellite and aerospace programs.
Security company CrowdStrike said Shanghai-based unit 61486 of the People’s Liberation Army 12th bureau has attacked networks of Western government agencies and defense contractors since 2007.
CrowdStrike said the hacking targeted the U.S. space, aerospace and communications sectors. The cyberspying targeted “popular productivity applications such as Adobe Reader and Microsoft Office to deploy custom malware through targeted email attacks,” CrowdStrike said.
Less than three weeks ago the U.S. Justice Department took the unprecedented step of unsealing indictments against five members of another People’s Liberation Army unit that allege they stole trade secrets.
CrowdStrike said it was publicizing a report previously sent to clients to show that the issue was broader than many realize.
“After the Chinese response, where they basically said this is all fabricated, we said why don’t we unleash something that’s undeniable,” said CrowdStrike co-founder Dmitri Alperovitch. He said the company had briefed U.S. intelligence agencies before publishing its report.
CrowdStrike said an individual named Chen Ping registered website domain names used in some of the intrusions. Chen’s personal blog appears to put his age as 35, and he identified himself as a soldier, the report said.
Chen’s email is tied to profiles, blogs and forum postings, CrowdStrike said. Among material on those sites was a photo album titled “office” that includes a building CrowdStrike identified as the Shanghai headquarters of the military unit in question.
Chen did not respond to requests for comment sent to the email addresses provided by CrowdStrike.
But a spokeswoman for China’s foreign ministry poured scorn on the report, saying she had a strong sense of “déjà vu” about the allegations, adding it was ridiculous to suggest any hacker would openly advertise what he did.
“I think this is both curious and puzzling. Have you ever seen a thief in the street who advertises on his chest that he is a thief? Honestly speaking, I think what the U.S. has done here cannot be accepted as correct,” spokeswoman Hua Chunying told a daily news briefing in Beijing.
Revelations by former U.S. intelligence contractor Edward Snowden that the United States carried out widespread online surveillance showed that the U.S. had no right to point fingers when it came to hacking, she added.
“The United States cannot pretend that it is the victim. They are a hacker empire. I think everyone in the world knows this,” Hua said.
CrowdStrike was founded by former senior executives at big antivirus company McAfee, now part of Intel . It has contracts and other ties to the U.S. government.
The new report is likely to add to the escalating tensions over cybersecurity issues between the world’s two largest economies.
Chinese officials have already responded sharply to last month’s indictments, pulling out of talks on hacking issues and accusing the United States of plundering Chinese political and military secrets.
However, China on Monday confirmed that it will participate for the first time in a major U.S.-hosted naval drill being held near the Pacific island of Guam later this month. China is sending four ships including a destroyer and frigate, regardless of deep mistrust on both sides.
(This refiled version of the story changes translation to “hacker empire” from “hacker enemy state” in paragraph 13)
(Additional reporting by David Brunnstrom in Washington and Ben Blanchard in Beijing; Editing by Cynthia Osterman and Simon Cameron-Moore)