U.S. Security Company Tracks Hacking To Chinese Army Unit Cyberattacks on dozens of American companies appear to have originated in an area of Shanghai that houses a Chinese military unit, according to a report out Tuesday from the U.S. cybersecurity company Mandiant. The company says the group behind the attacks is the most prolific it's ever found.

U.S. Security Company Tracks Hacking To Chinese Army Unit

  • Download
  • <iframe src="https://www.npr.org/player/embed/172373133/172373280" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript


Cyber attacks on dozens of American companies appear to have originated in an area of Shanghai that houses a Chinese military unit. That's according to a report out today from a U.S. cyber security company, which says the group behind the attacks is the most prolific it's ever followed. The hacking has been going on since at least 2006. The 60-page document was first divulged by the New York Times. NPR's Frank Langfitt has more.

FRANK LANGFITT, BYLINE: The security company, Mandiant, says it's been tracking a giant hacking group nicknamed Common Crew, for years. Dan McWhorter of Mandiant's threat intelligence unit says the real name is this.

DAN MCWHORTER: The PLA unit 61398.

LANGFITT: PLA, as in China's People's Liberation Army. McWhorter says the unit has a complex on the outskirts of Shanghai and it's very aggressive.

MCWHORTER: They've compromised over 141 corporations across 20 different industries and stolen just a wealth of intellectual property.

LANGFITT: Mandiant says most of those companies were American. McWhorter adds the hackers seem to be trying to steal intellectual property to compete against American and other foreign firms.

MCWHORTER: In China, you know, the government's very intimately involved with industry, so I think the PLA's motivated to take these types of documents for huge economic gain.

LANGFITT: At a briefing today, China's foreign ministry dismissed the report. Hong Lei, the ministry's spokesman, questioned anyone's ability to track down hackers with certainty.

HONG LEI: (Through translator) Cyber attacks are anonymous and transnational, and it's hard to trace the origin of attacks, so I don't know how the findings of the report are credible.

LANGFITT: Hong said China has also suffered from hacking. In 2012, he said, foreign hackers seized control of 14 million computers in China. He seemed to point the finger at America, if not the U.S. government.

LEI: (Through translator) China is also a victim of cyber attacks. In the attacks mentioned above, the number of attacks originating from the U.S. ranks first.

LANGFITT: McWhorter says tracking the attacks to the PLA wasn't that hard, because the volume of data stolen was enormous and the operation had been going on for years.

MCWHORTER: We just sort of followed the data, followed the bread crumbs. And all the network communication kept going back to Shanghai again and again, in particular, the Pudong new area. And so then we started doing our research as far as like what types of organizations could be that large doing this type of activity. And that's what lead us to discover unit 61398.

LANGFITT: I've come to the People Liberation Army compound that in the report and it's a big - looks like a 12-story big block building. There are hardly any signs out front, just something that says it's military and you're not allowed to take pictures. I also notice that there's a plain-clothes police officer walking back and forth on the street on a cell phone, keeping any eye out for anybody who's coming to watch.

Now, this is a normal sort of neighborhood in the outskirts of Shanghai, with karaoke clubs and little restaurants and hotels. Nothing out of the ordinary, except for this big building. Beyond corporate espionage, Mandiant found hacking that was more worrisome, infiltration of crucial U.S. infrastructure, including electric power grids and gas lines.

Dan McWhorter said there's no sign Chinese hackers tried to disable such operations, but the ability was there.

MCWHORTER: The same level of access they need to steal the IP, they can also do damage. If you have the ability to steal the documents, you just as easily could have crashed the hard drives. From a national security standpoint, that's very scary.

LANGFITT: In his State of the Union address, President Obama referenced the threat without naming China.


LANGFITT: The president said the nation could not look back years from now and wonder why it didn't do anything to stop it. Frank Langfitt, NPR News, Shanghai.

Copyright © 2013 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.