A Feb. 19 report from computer security firm Mandiant Corp. asserts that the Chinese government is involved in a major cyber-espionage campaign to steal sensitive data from organizations in the United States and other countries.
The report from Alexandria, Va.-based Mandiant said that since at least 2006 a hacking group in China has stolen hundreds of terabytes of data from as many as 141 organizations. According to the report, the hacking group used internet protocol addresses registered in Shanghai and appears to be linked to a Chinese military unit.
China's Ministry of Foreign Affairs Feb. 19 posted a statement that the Chinese government opposes cyber-attacks and that speculation and accusations will not help to solve the problem.
Without commenting on the specific details in the report, White House spokeswoman Caitlin Hayden told BNA Feb. 19 that the Obama administration has repeatedly raised cybertheft concerns with senior Chinese officials, including in the military, and will continue to do so.
“The United States and China are among the world's largest cyber actors and it is vital that we continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace,” she said.
The Mandiant report comes as the Obama administration is moving ahead with a plan to bolster U.S. cyberdefenses through an executive order (12 PVLR 257, 2/18/13) and key members of Congress are pushing for quick legislative action on the issue.
Stewart Baker, a partner in the Washington office of Steptoe & Johnson LLP, told BNA Feb. 19 the Mandiant report is likely to provide increased impetus for legislative action.
The report “clearly demonstrates the need to pass cybersecurity legislation as soon as possible,” Sen. Dianne Feinstein (D-Calif.), chairman of the Senate Select Committee on Intelligence, said in a Feb. 19 statement.
House Intelligence Committee Chairman Mike Rogers (R-Mich.) said in a Feb. 19 statement that the report provides vital insights into the Chinese government's economic cyber-espionage campaign against U.S. companies.
Rogers and Ranking Member C. A. “Dutch” Ruppersberger (D-Md.) Feb. 13 reintroduced a cybersecurity bill (H.R. 624) that seeks to improve cyberthreat information-sharing in the United States between the government and private sector (12 PVLR 273, 2/18/13). Among other provisions the bill would provide liability protection to firms that share information with the government.
Mandiant is the same firm that South Carolina officials recently contracted to conduct an independent review analyzing a massive hacking attack on the state Department of Revenue's taxpayer database (11 PVLR 1730, 12/3/12).
By Alexei Alexis with additional reporting by Michael Standaert (Shenzhen, China)
The Mandiant report “Mandiant Intelligence Center Report APT1: Exposing One of China's Cyber Espionage Units,” and its appendix are available for download at http://intelreport.mandiant.com/.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).