When the Obama administration last week circulated to Internet providers a lengthy, confidential list of computer addresses linked to a hacking group that has stolen terabytes of data from American corporations, it left out one crucial fact: that nearly every one of the digital addresses could be traced to the neighborhood in Shanghai that is headquarters to Unit 61398, the Chinese military's cybercommand.
That deliberate omission underscored the huge sensitivities inside the Obama administration over just how directly to confront China's new, untested leadership as it escalates demands that a halt be put to state-sponsored attacks that China insists are not its doing. It is only one indication of how the worsening cyber-Cold War that is playing out daily between the two largest economies in the world is so different from more familiar superpower conflicts of the past. In some ways, the conflict is less dangerous, but in other ways, it is more complex and pernicious.
Administration officials insist that they are now more willing to call out the Chinese directly -- as Attorney General Eric H. Holder Jr. did last week in announcing a strategy to combat the theft of intellectual property. But Mr. Obama himself deliberately avoided mentioning China -- or Russia and Iran, the other two countries the president most worries about -- when he declared in the State of the Union address that "we know foreign countries and companies swipe our corporate secrets," adding: "Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems."
The problem is that China is not an unalloyed foe the way the Soviet Union once was, much less an outright enemy. It is both a competitor and a crucial supplier and customer . Trade in goods alone between the two countries was $425 billion, and that does not include the intellectual property at stake in the cyberbattles. China also is a critical financier of American debt. As Hillary Rodham Clinton put it to Australia's prime minister on the way to her first trip to China as secretary of state four years ago, "How do you deal toughly with your banker?"
In the case of the evidence that the People's Liberation Army is the likely force behind "Comment Crew," the biggest of roughly 20 hacking groups that American intelligence agencies follow, the answer was that the U.S. is being highly indirect. Officials were perfectly happy to have Mandiant, a private security company, put out the report taking the cyberattacks to the door of Unit 61398. American officials said on background that they had no problems with Mandiant's conclusions, but they did not want to go on the record themselves. (continued...)
© 2013 International Herald Tribune under contract with MarketWatch. All rights reserved.
Posted: 2013-03-01 @ 2:22pm PT
There's a reason the Obama administration isn't supporting Mandiant's "state actor" attribution - it has issues.
Has anyone fact checked the content of the Mandiant APT1 report? The "state actor" assertion is weak at best; the report has many mistakes:
- Hebei is not a borough of Shanghai, it's some 500 miles away
- Geolocation based on IP registration is unreliable. The IP blocks Mandiant cited all contain proxy servers
- The address of supposed Unit 61398, 208 Datong Road, is the address of the Unit 61398 Kindergarden that is open to the public.
Google "site:starbaby.cn 61398" and see for yourself.
- One of the hackers, DOTA, was already outted by Anonymous in 2011, when Anonmymous attacked security firm HBGary and leaked their work. Google who hacker d0ta010 at hotmail is.
It's reasonable to believe that China is doing everything we're doing, but to pin this on the Chinese military, more concrete evidence is demanded.