Chinese hackers

According to a report released by cybersecurity firm Mandiant, a recent rash of digital attacks on the servers of private and public American firms could be attributed to a splinter group operating under the Chinese government.

This development comes nearly a week after President Barack Obama signed into effect an executive order on improving critical infrastructure cybersecurity. The executive order seeks to locate priority critical infrastructures and implement a plan towards bolstering their defense from cyberattacks. The order also seeks the input of private firms toward a creation of a framework for bolstering the integrity of the nation’s cybersecurity.

According to a U.S. press briefing on Feb. 19, the White House has acknowledged the cybersecurity report from Mandiant. They are aware that China is being labeled as a lead perpetrator of attacks on U.S. firms. However, the White House has released no official plans on their assessment of the situation. White House Press Secretary Jay Carney refused to comment beyond the Mandiant assessment, but acknowledged that the U.S. government is taking an active approach to addressing the issue of cyber theft.

Mandiant is a cyber-security firm based out of Alexandria, Va. The firm specialize in working with firms to bolster their defenses in the cyber world, using techniques such as locating vulnerabilities in a company’s servers and analyzing the extent of a possible attack. They recently released a report detailing the extent of the breach made from this cybercriminal group, dubbed Advanced Persistent Threat 1.

According to the Mandiant report, APT1 is “…a single organization of operators that has conducted a cyber-espionage campaign against a broad range of victims since at least 2006.” Through advanced tracking capabilities, Mandiant has traced APT1 to four large networks in Shanghai. And through further deduction and research, Mandiant has found APT1 to be similar in mission and capabilities to the People’s Liberation Army Unit 61398.

PLA Unit 61398 is believed to be China’s second Bureau of the PLA’s General Staff Department’s third Department. They are believed to engage in “Computer Network Operations,” but no official records could be had from the search engine Google to back those claims up. Mandiant, however, found indexed references to Unit 61398 in online forums and documents. This leads Mandiant to believe that Chinese officials could have had references to Unit 61398 expunged from Google search results.

A video complementing the report shows a methodology of an APT1 “actor” (user perpetrating the cybercrime). In the video, the actor is shown to create multiple e-mail accounts. One such account’s inbox shows notifications of other e-mail accounts created with similar nomenclature to the previously created one, as well as bounced e-mail notifications. The outbox in the video also shows attempts at “spear-phishing” (solicitation of vital information targeted towards specific individuals and companies). The video also shows an attempt by the APT1 actor to gain control of a victim’s computer remotely.

According to the Washington Post, China is denying allegations that it is partaking in cybercriminal acts against the U.S. The U.S. is also weighing retaliatory action against China in the form of fines and trade actions in this event.

So what does this mean to the average U.S. citizen? Everyone who uses a computer and does business on the Internet on a daily basis could be affected. More specifically, in the Mandiant report, APT1’s basis of attacks comes from phishing. To prevent from becoming a victim, always practice good Internet usage habits, especially with regards to e-mail.

Mike Conners, an information science major said he noticed an influx of spam recently.

“I have been getting a lot of random spam lately on one of my e-mail accounts” Conners said. “I do believe something needs to be done about it.”

An article written by Scott Greaux , vice president of product management and services for security training firm PhishMe, for ComputerWeekly.com offers up some insight on spear-phishing attacks. Scott said if an email’s message or subject sounds too good to be true, it is probably malicious. He also suggests keeping an eye out for who the sender of the email is and whether you were expecting the email.

With a vigilant attention to your computing environment and habits, you can prevent yourself from becoming a possible statistic in this ongoing conflict against cybercrime.