Private Cybercrime Outfit Exposes Chinese Hackers

Private Cybercrime Outfit Exposes Chinese Hackers

image

"We probably kicked the hornet's nest," says Kevin Mandia, as he publishes a 76 page report on Chinese hacking secrets.

That China is interested in hacking Western networks should come as no surprise, but private cybercrime expert Kevin Mandia of Mandiant has gone the extra step and told us how he thinks they're doing it. A 76 page report, detailing seven year's worth of Mandiant research, has gone up on the web for all to see, and it's a tale of Ugly Gorillas and Harry Potter fans hiding behind the Great Firewall of China, operating out of a bland office block outside Shanghai.

Mandiant profiles the personalities it believes is behind the APT1 group, from Ugly Gorilla - AKA Jack Wang, whose work carries the signature "No Doubt to Hack You" - to DOTA, a possible Defense of the Ancients fan who also loves Harry Potter. Meanwhile SuperHard works for himself as well as China, and offers to sell Trojans to whoever pays. While the group cannot be conclusively linked to the authorities, Mandiant's report points out that "in a State that rigorously monitors Internet use, it is highly unlikely that the Chinese Government is unaware of an attack group that operates from the Pudong New Area of Shanghai ... Therefore the most probable conclusion is that APT1 is able to wage such a long-running and extensive cyber espionage campaign because it is acting with the full knowledge and cooperation of the government."

Mandiant is a recent creation, and for a while in 2004 Kevin Mandia, former military cybercrime investigator, was its sole employee. He'd given up a private sector career because he saw a niche; there wasn't anybody else doing what Mandiant now does, though that has since changed. Now he has over 300 employees, and more than enough work to keep them all busy.

"We probably kicked the hornet's nest," says Mandia, adding that "tolerance is just dwindling. People are tired of the status quo of being hacked with impunity, where there's no risk or repercussion." Mandia's organization is one of many digital forensics private contractors, which takes on work from private companies and governments alike. If you want their services, it'll cost; estimates average around the $400/hour mark. But if you were thinking the time has come to strike back, Mandia urges caution. "The only time [retaliatory hacking] would really work is if we got all the bad guys out of our networks in the first place," Mandia says. "Then you can start playing that game."

If you want to read the Mandiant report, here it is.

Source: Guardian

Permalink

Therefore the most probable conclusion is that APT1 is able to wage such a long-running and extensive cyber espionage campaign because it is acting with the full knowledge and cooperation of the government."

Actually the way it typically works in China is that the government leaves the hackers alone, and the hackers in turn knows that if they find something important, they should 'let someone know'.

So they don't work directly for the government but they do have an implicit understanding.

And this is how you start a WW3....

I knew it, I just knew it! Remember back in Command and Conqueror: Generals where you could get the Chinese hackers as a unit. I knew it struck me as a little too real. Now we have proof. The Chinese have hackers set up to steal our credits and put blackouts on our unit production facilities.

This guy is my new hero. We really do need someone out there fighting back against the people who think they can invade another's privacy just because it's fun. I'd much rather see a private organization doing so than a government body because of how open they can be with their information.

Surely finding out that the Chinese are hacking western governments should provoke something? I think it's stupid that everyone knows what they're doing and they can claim innocent and nothing happens.

Hazzard:
Surely finding out that the Chinese are hacking western governments should provoke something? I think it's stupid that everyone knows what they're doing and they can claim innocent and nothing happens.

Unfortunately China is too important to international trade. Their labor costs are insanely low. It's boarderline slave labor.

This comes as no surprise really.

Information Warfare has been known about for years.

Hell there were news stories in Canada about us getting hacked by China years ago! Shame that no on will do anything about it. Might be funny to see somene like Anonymous go after them though.
Hacker vs Hacker warfare and all that.

wont be long before something sparks off a full scale cyberwar as its seen as a way to attack without all the messy part of dropping bombs, etc

Just saw the video that comes with the Mandiant report...

https://www.youtube.com/watch?v=6p7FqSav6Ho

scary...

tmande2nd:
This comes as no surprise really.

Information Warfare has been known about for years.

Hell there were news stories in Canada about us getting hacked by China years ago! Shame that no on will do anything about it. Might be funny to see somene like Anonymous go after them though.
Hacker vs Hacker warfare and all that.

Wouldn't go well for Anonymous, Anonymous seems to be primarily comprised of script kiddies, these guys seem like the real deal.

Fappy:

Hazzard:
Surely finding out that the Chinese are hacking western governments should provoke something? I think it's stupid that everyone knows what they're doing and they can claim innocent and nothing happens.

Unfortunately China is too important to international trade. Their labor costs are insanely low. It's boarderline slave labor.

"Borderline"? They have to hang nets on the factory walls so the workers won't jump off the roof.

1. 'Reveal' (already reported) hacking by Chinese nationals
2. Collude Lulzsec, Anonymous, etc with Chinese hacking
3. Reintroduce CISPA and other security 'safety' measures
4. ???
5. Profit

*footnote: step 5 does not apply to 99.9% of citizens

Good on this guy, but this was common knowledge over a year ago, I recall reading about it in a dentist's office in PC Today or something.

Hazzard:
Surely finding out that the Chinese are hacking western governments should provoke something? I think it's stupid that everyone knows what they're doing and they can claim innocent and nothing happens.

I think there is a general understanding between all countries that each and everyone of them is surreptitiously hacking and spying on one another. A good dose of plausible deniability, back room bickering, and a general fear of escalating the problem stops these things from getting too out of hand.

Ever notice how Iran keeps relatively quiet, considering the sophisticated super viruses they keep getting? Same sort of thing. Iran can't actually prove the US or IDF are behind it, so all it can do is commit to counter espionage.

wombat_of_war:
wont be long before something sparks off a full scale cyberwar as its seen as a way to attack without all the messy part of dropping bombs, etc

Yet...

Any Cyber-war that starts online, will most likely end in a real-world war. All it would take is one side finding the other sides hackers. Then comes the "precession strikes", then comes more posturing, which usually breaks down in to a real war.

Tick-Tock, Tick-Tock, Tick-Tock, the Doomsday Clock goes Tick-Tock.

Strazdas:
And this is how you start a WW3....

Gilhelmi:

wombat_of_war:
wont be long before something sparks off a full scale cyberwar as its seen as a way to attack without all the messy part of dropping bombs, etc

Yet...

Any Cyber-war that starts online, will most likely end in a real-world war. All it would take is one side finding the other sides hackers. Then comes the "precession strikes", then comes more posturing, which usually breaks down in to a real war.

Tick-Tock, Tick-Tock, Tick-Tock, the Doomsday Clock goes Tick-Tock.

I'm sorry, but 2012 came and went. Can we drop the 'end of the world' schtick, guys? I'll never understand this morbid curiosity people have with wondering how they'll snuff it. Why not use that energy on figuring out how we'll LIVE instead, the ultimately more likely scenario? I may like Fallout, but I don't see it happening any time soon.

RobfromtheGulag:
1. 'Reveal' (already reported) hacking by Chinese nationals
2. Collude Lulzsec, Anonymous, etc with Chinese hacking
3. Reintroduce CISPA and other security 'safety' measures
4. ???
5. Profit

*footnote: step 5 does not apply to 99.9% of citizens

Good on this guy, but this was common knowledge over a year ago, I recall reading about it in a dentist's office in PC Today or something.

Curious, who profits from CISPA?

dmase:

Curious, who profits from CISPA?

Companies that gain the power to easily block their competitors essentially running many of them out of any share from internet advertisement and business.

FalloutJack:

I'm sorry, but 2012 came and went. Can we drop the 'end of the world' schtick, guys? I'll never understand this morbid curiosity people have with wondering how they'll snuff it. Why not use that energy on figuring out how we'll LIVE instead, the ultimately more likely scenario? I may like Fallout, but I don't see it happening any time soon.

Says a guy named FalloutJack....
The ultimate fear is nonexistence, death. This is why people make up scenarios for this to be false, whether its god, reincarnation, eternal life though science, take your pick. When people are afraid of something, they want to find the reason to avoid it, often going overboard. In oder to avoid, first you need to know what to avoid, so people end up being fascinated with it.
Another theory is the evolutionary lag from civilization. we now move at a massive pace, have massive amount of information going though. however our genes still remember the stone age. we long for times when things were simpler, slower and more manageable, apocalypse to many means return to that simplified version of life. we logicically know its not good, but subconsciously we want this "unnatural" civilization to stop hitting us with enormous amount of things to process every day.
There are many more scientific reasons why humans are fascinated with end-of-all scenarios but i think you can easily google them up so no point in typing it out now. I beleive i got the main point across.

PrinceOfShapeir:
Wouldn't go well for Anonymous, Anonymous seems to be primarily comprised of script kiddies, these guys seem like the real deal.

Im pretty sure there are a few real deal ones around that would be albe to do it. its jut that these folks are smart enough not to go around boosting "hey look at me im haxor". If they will do something we wont hear it in the news, we wont read it on the escapist, we probably wont be aware of it at all.

Strazdas:

dmase:

Curious, who profits from CISPA?

Companies that gain the power to easily block their competitors essentially running many of them out of any share from internet advertisement and business.

Explain and source. I've heard a lot of things about CISPA that seems new.

dmase:

Strazdas:

dmase:

Curious, who profits from CISPA?

Companies that gain the power to easily block their competitors essentially running many of them out of any share from internet advertisement and business.

Explain and source. I've heard a lot of things about CISPA that seems new.

Ah, sorry, Cispa is the spy act, mixed it up with another one.

Strazdas:
Donk

Yes, I know irony can be pretty ironic at times. However, just because (for example) I'm Catholic doesn't mean I have to be obsessed with the end of the mortal coil. Granted, some people are, but I believe it's the quality of life that was the point, not how soon death occurs. Live well and enjoy yourself. Be a good guy and try not to kill anyone. Wasn't that the message of George Carlin? Yes, I know this is a pasttime to some people. Doesn't mean I have to like it. Much like my obvious connection to Fallout, it's just a thing.

FalloutJack:

Strazdas:
Donk

Yes, I know irony can be pretty ironic at times. However, just because (for example) I'm Catholic doesn't mean I have to be obsessed with the end of the mortal coil. Granted, some people are, but I believe it's the quality of life that was the point, not how soon death occurs. Live well and enjoy yourself. Be a good guy and try not to kill anyone. Wasn't that the message of George Carlin? Yes, I know this is a pasttime to some people. Doesn't mean I have to like it. Much like my obvious connection to Fallout, it's just a thing.

You know, there is a reason i keep the theme of mayana apocalypse around, falling dogs from the sky FTW :D
but humans are obsessive in thier nature. we obsess over small things all the time. look at the hate ME3 crowd, hate EA crowd, love nintendo crowd, PS4 rage discussion crowd (though admitedly this was much more tame than i expected it to be). we obsess over great many things, not just death.

Strazdas:
Point

You are right, of course, though the groups you mentioned are not merely obsession but cases of Unpleasable Fanbase, Justifiable Homicide, Rabid Fanhood, and speculating over too many possibilities and not enough facts. I've kept out of the last one because nothing is definite there unless we see a released product.

Of course, MOST of this site hates EA's guts, so it's a fair assumption to say that some of them have a good reason. And really, the amount of things we hop all over are - many times - dumb things they said or commented on. See, I don't think EA is the devil, per se. I just think they're morons. If they're evil, then it's Dr. Evil who is only quasi-good at his job, unless he's actualy a villain who obsfucates for the fun of it. I don't need to hate 'em, just agree that not everything they've said or done is for me. I still have Red Alert 3 and Swtor (though I don't pay money for the latter).

Anyway, obsessions will always happen, but do we really need the MORBID ones? I am a mad creator of abomination who enjoys Poe, Lovecraft, King, and so on. I have developed creature and god, or mortal and demon - lunacy across the board as I choose with terrible things afoot. I sing the body horrific and celebrate the macabre. It still does not follow that I should obsess over it if I don't want to. Other people flood us with this stuff. It makes one yearn for light-hearted comedy to counter it.

FalloutJack:
text

You are correct, but i never claimed that we should encourage it. merely that it exists and there are reasons for it.

P.S. capcha is no exception, its opsesed too: "this is sparta"

Strazdas:
And this is how you start a WW3....

nope. the chinese have been doing this since hackers became a word.
they were just neglected in favor of the "evil" russian hackers.

and also because china trying to buy out hollywood and other media for propaganda.
see red dawn remake and its production history.

rhizhim:

Strazdas:
And this is how you start a WW3....

nope. the chinese have been doing this since hackers became a word.
they were just neglected in favor of the "evil" russian hackers.

and also because china trying to buy out hollywood and other media for propaganda.
see red dawn remake and its production history.

Im not talking about doing this, im talking about ousting this to general public. that creates much more conflict than the actual fact of hacking.
China is pretty good on making their own porpaganda movies as well. and them movies are damn great (IP man for example) anyway.
And as if there isnt enough "america fuck yeah" propaganda in hollywood anyway :P

Strazdas:

rhizhim:

Strazdas:
And this is how you start a WW3....

nope. the chinese have been doing this since hackers became a word.
they were just neglected in favor of the "evil" russian hackers.

and also because china trying to buy out hollywood and other media for propaganda.
see red dawn remake and its production history.

Im not talking about doing this, im talking about ousting this to general public. that creates much more conflict than the actual fact of hacking.
China is pretty good on making their own porpaganda movies as well. and them movies are damn great (IP man for example) anyway.
And as if there isnt enough "america fuck yeah" propaganda in hollywood anyway :P

yes, but they starting to outsource "fuck yeah, china!" to america and europe.
kinda ironic all that outsourcing...

anyways, he is just leaking something that anybody who spend more than 20 hours a week on the internet should know or already knows.
its like leaking that (traditional) cheese is made of milk. some people might be suprised, but still most people know and those who dont will hardly try to disprove it, since its damn plausable.

FalloutJack:

Strazdas:
And this is how you start a WW3....

Gilhelmi:

wombat_of_war:
wont be long before something sparks off a full scale cyberwar as its seen as a way to attack without all the messy part of dropping bombs, etc

Yet...

Any Cyber-war that starts online, will most likely end in a real-world war. All it would take is one side finding the other sides hackers. Then comes the "precession strikes", then comes more posturing, which usually breaks down in to a real war.

Tick-Tock, Tick-Tock, Tick-Tock, the Doomsday Clock goes Tick-Tock.

I'm sorry, but 2012 came and went. Can we drop the 'end of the world' schtick, guys? I'll never understand this morbid curiosity people have with wondering how they'll snuff it. Why not use that energy on figuring out how we'll LIVE instead, the ultimately more likely scenario? I may like Fallout, but I don't see it happening any time soon.

I never believed the 2012 theory.

I do live for today, Carpe Diem, harvest you fields today for tomorrow it might storm causing you to lose your crop. I prepare today because I see storm clouds in the sky. History is repeating itself, over and over again. I have studied history, I have seen it before. Before WW2, Before WW1, Before the American Civil War, all these things seem to be coalescing again. Rising tensions between the US and China, a weakening world economy, five different groups in the US considering another "Bleeding Kansas" (both extreme liberal and conservative) heightened violence.

There is still time though, but if the situation does not resolve in 10-15 years though. War will break out.

Gilhelmi:

I do live for today, Carpe Diem, harvest you fields today for tomorrow it might storm causing you to lose your crop. I prepare today because I see storm clouds in the sky. History is repeating itself, over and over again. I have studied history, I have seen it before. Before WW2, Before WW1, Before the American Civil War, all these things seem to be coalescing again. Rising tensions between the US and China, a weakening world economy, five different groups in the US considering another "Bleeding Kansas" (both extreme liberal and conservative) heightened violence.

There is still time though, but if the situation does not resolve in 10-15 years though. War will break out.

There were different reasons for all those wars, i am iffy on your American civil war. Anyways i have always wondered if a modern World War would be LESS devastating because of nuclear weapons.

Spuds:

Gilhelmi:

I do live for today, Carpe Diem, harvest you fields today for tomorrow it might storm causing you to lose your crop. I prepare today because I see storm clouds in the sky. History is repeating itself, over and over again. I have studied history, I have seen it before. Before WW2, Before WW1, Before the American Civil War, all these things seem to be coalescing again. Rising tensions between the US and China, a weakening world economy, five different groups in the US considering another "Bleeding Kansas" (both extreme liberal and conservative) heightened violence.

There is still time though, but if the situation does not resolve in 10-15 years though. War will break out.

There were different reasons for all those wars, i am iffy on your American civil war. Anyways i have always wondered if a modern World War would be LESS devastating because of nuclear weapons.

The Firefly and Battlestar Galactica are different TV shows but they have similar themes. The stories are different, but the are the same genre of TV show.

Likewise, in the year preceding War, people take similar actions. As the Ancient saying goes "the Wind and Trees are trembling with fear".

During Bleeding Kansas, Kansas had a civil war of its own. The Pro-North vs the Pro-South. Crimes ranging from Voter Fraud all the way up to murder, were committed.

I hope I am wrong, but I will keep my emergency supplies ready. Just in Case.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here