Tuesday, February 19, 2013

The source of cyberattacks to major editions of the USA is found

The company Mandiant has published thorough 60-page report of the investigation of recent hacker attacks on the websites of the largest periodicals USA: New York Times, Wall Street Journal and the Washington Post.

The investigation was commissioned by the New York Times and found that the vast majority of such attacks come from the same 12-storey building in Shanghai. This is the building is the headquarters of the military unit № 61398 People's Liberation Army (PLA). Experts from the company Mandiant even recorded a video in which a working session filmed allegedly by Chinese hackers.

American experts attribute the large building on the outskirts of Shanghai with many cyber attacks on corporate networks of companies, government agencies and organizations in the USA. It is assumed that it employs hacker group, known as the "Comment Crew" or "Shanghai group". The report of Mandiant says that according to the results of a series of expert hackers traces lead to this building. At the same time, American experts can not prove the presence of hackers is inside this building, which stands surrounded by inexpensive restaurants and massage parlors.

In any case, Mandiant convinced that a / h 61 398 PLA is responsible for numerous attacks against the United States because it is "the only reasonable explanation." As explained by Kevin Mandia, founder and CEO of the company, or attacks come out of this building, or those who are in charge of the most controlled and censor Internet in the world, have no idea of ​​the thousands of people who engage in risky network attacks from one tiny area of ​​Shanghai .

Together with the report detailed company Mandiant released a video showing the actual attack sessions (recorded from the desktop hacker). Ostensibly, these attacks were carried out by members of hacker group, which the company calls APT1 (Advanced Persistent Threat group 1). According to experts Mandiant, there is every reason to believe that APT1 supported by the government and is one of the most dangerous factors of Chinese cyber-threats. At the same time, the government of China continues to completely deny any involvement in the hacking attacks, including the attack on the site New York Times.

Described the investigation began last month when the New York Times said that after four months of its website suffered massive attack. During the attack, were stolen passwords employees. Presumably, the hackers tried to obtain information on sources and contacts used in writing the article about the Prime Minister of China Wen Jiabao. According to the Times, hacking techniques were similar to other recorded attacks by the PLA. The Wall Street Journal and the Washington Post also reported similar attacks on their sites. They began their own investigation, but found only that the group Comment Crew implicated in attacks.

Mandiant company said that following the group Comment Crew for over six years. Almost all traces of the group and used IP-address (90%) had the same general area, the headquarters of a / h 61 398. It is noteworthy that the report Mandiant appeared just at the time when the U.S. is starting a more aggressive policy against cyber attacks of this kind. According to a recent decree by President Obama, U.S. companies are entitled to share confidential information about hackers with government agencies without supervision. In particular, companies can directly transfer to the competent authorities unique digital signature crackers without regard to the rules for handling personal data.

Mandiant, detailed the allegations in a 60-page report: http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf

No comments:

Post a Comment