Cyber crime experts in the UK tell Sky News a suspected Chinese hacking group linked to a military unit has been “reactivated”.9:49am UK, Wednesday 24 April 2013
By Alistair Bunkall and Mark Stone, Sky News A group of Chinese hackers suspected of being behind a cyber attack on the New York Times earlier this year may be restarting its campaign. BAE Systems, the defence contractor, says it has unearthed evidence that indicates the group is active for the first time since February, when the hackers were accused of being linked to a **Chinese military unit in Shanghai**. Although the connection has not been proven, the hacking group went immediately quiet on the day the allegation was made. Now analysts believe the hackers are ready to strike again. David Garfield, managing director of cyber security at Detica, a BAE Systems subsidiary, told Sky News: “The activity we have detected indicates that the espionage group was lying low until the attention around their activities died down, before getting back to ‘business-as-usual’. “Detica researchers have obtained a copy of malware that has all the hallmarks of being crafted by this espionage group. “This malware was created in the last week and contains a PDF which contains the agenda of an upcoming US defence conference which is consistent with the mode of operation of these particular attackers. “The conference, taking place at the end of this month, fits with the style of event which is commonly used as a ‘lure’ for this group, and others of its kind.”
For four months, towards the end of 2012 and into early 2013, hackers repeatedly infiltrated the New York Times, obtaining staff passwords among other things. Security consultants found that some of the attacks were being routed through US universities to divert the blame away from the source, a method commonly associated with Chinese hackers. The newspaper said the attacks were probably motivated by work reporters had been carrying out concerning senior figures in the Chinese government. In February the American computer security company Mandiant published several years of research which it claimed pinpointed the hacking to one building in the Pudong district of Shanghai. The building was reportedly the headquarters of the People’s Liberation Army Unit 61398. Mandiant represents the cyber-security interests of several major multinational companies, all of whom believe they are the victims of Chinese hackers.
On Monday, the Chinese army’s chief of the general staff, General Fang Fenghui, was asked about cyber security at a rare news conference with the visiting US chairman of the joint chiefs of staff, General Martin Dempsey. General Fang issued an alarming warning on the dangers of hacking. “Cybersecurity, if it is uncontrolled, the effects can be, and I don’t exaggerate, at times no less than a nuclear bomb,” he said. General Fang also reiterated a longstanding Chinese government assertion that China is also a victim of cyber attacks and that it is “strongly against any kind of cyber attacks”. China is not the only country connected with cyber attacks – the US, Russia, Israel and Iran are all suspected of developing cyber weapons. Most Western countries are believed to be doing the same. Both BAE Systems Detica and Mandiant have commercial interests in highlighting the dangers of cyber crime. The Chinese government has not responded to the latest allegations.
:: The Syrian Electronic Army has made an uncorroborated claim that it hacked the Twitter feed of the Associated Press news organisation. On Tuesday, the AP feed falsely stated that an attack on the White House had left the US president injured.
:: Australian police have arrested the self-proclaimed leader of non-state global hacking group LulzSec, which its members have said was responsible for breaching the CIA’s external website.