[..U]nit 61398, whose well-guarded 12-story white headquarters on the edges of Shanghai became the symbol of Chinese cyberpower, is back in business, according to American officials and security companies.

It is not clear precisely who has been affected by the latest attacks. Mandiant, a private security company that helps companies and government agencies defend themselves from hackers, said the attacks had resumed but would not identify the targets, citing agreements with its clients. But it did say the victims were many of the same ones the unit had attacked before.

The hackers were behind scores of thefts of intellectual property and government documents over the past five years, according to a report by Mandiant in February that was confirmed by American officials. They have stolen product blueprints, manufacturing plans, clinical trial results, pricing documents, negotiation strategies and other proprietary information from more than 100 of Mandiant’s clients, predominantly in the United States.

[...] In interviews, Obama administration officials said they were not surprised by the resumption of the hacking activity. One senior official said Friday that “this is something we are going to have to come back at time and again with the Chinese leadership,” who, he said, “have to be convinced there is a real cost to this kind of activity.” [Source]

Yet a report in the Financial Times points out that the image of Chinese hackers as part of a well-oiled government machine is often off-base. Many hackers, in fact, are just criminals working on their own for their own profit. The article describes one failed attempt by a group of hackers to break into the systems of Foxconn in order to exploit a fight between the company and its competitor, BYD:

“Some assessments seek to create the impression that China conducts cyber espionage in a highly organised way with a tight command structure, but that is just not true,” says an official at a US industry association.

He says the military unit portrayed by Mandiant as a spider at the centre of a giant web is just one actor in a thriving but chaotic Chinese hacking ecosystem with many different private and state actors. “One key driver is a set of national policies that call for innovation and the development and acquisition of new technologies. This means there is an incentive for every company and every government institution to get their hands on IP, whatever it takes.” [Source]

© Sophie Beach for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: BYD, cyberespionage, Foxconn, hacking, Mandiant
Download Tools to Circumvent the Great Firewall

While some recent estimates have more than 90 percent of cyberespionage in the United States originating in China, the accusations relayed in the Pentagon’s annual report to Congress on Chinese military capabilities were remarkable in their directness. Until now the administration avoided directly accusing both the Chinese government and the People’s Liberation Army of using cyberweapons against the United States in a deliberate, government-developed strategy to steal intellectual property and gain strategic advantage.

“In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military,” the nearly 100-page report said.

The report, released Monday, described China’s primary goal as stealing industrial technology, but said many intrusions also seemed aimed at obtaining insights into American policy makers’ thinking. It warned that the same information-gathering could easily be used for “building a picture of U.S. network defense networks, logistics, and related military capabilities that could be exploited during a crisis.”

It was unclear why the administration chose the Pentagon report to make assertions that it has long declined to make at the White House. A White House official declined to say at what level the report was cleared. A senior defense official said “this was a thoroughly coordinated report,” but did not elaborate.

In a blog post for Council on Foreign Relations, Adam Segal lists three interesting points from the report, all relating to the cyberattack accusations. In his final point, he is not optimistic about prospects for reconciliation between China and the U.S. on this issue:

[..D]espite the announcement of a U.S.-China working group on cybersecurity during Secretary of State John Kerry’s visit to China, and General Fang Fenghui’s declaration that China was willing to set up a cyberserurity “mechanism” during a meeting with chairman of the Joint Chiefs of Staff, General Martin E. Dempsey, the report does not give much reason for optimism that the two sides will find common ground on the rules of the road. For the first time, the report calls China out for playing a “disruptive role in multilateral efforts to establish transparency and confidence building measures in international fora such as the Organization for Security and Cooperation in Europe, Association of Southeast Asian Nations Regional Forum, and the United Nations Group of Governmental Experts.”

Indeed, for its part, the Chinese government reacted angrily to the report, calling the accusations “groundless.” From the Los Angeles Times:

Responding to the Pentagon’s annual report on China’s military, released a day earlier, a Foreign Ministry spokeswoman insisted that Beijing was “strongly against any form of hacking activities,” and said China was willing to start a “rational and constructive dialog” with the United States on Internet security issues.

“This kind of baseless accusations and endless finger-pointing would only hurt the efforts and environment for such a dialog,” said the spokeswoman, Hua Chunying.

Beijing’s stiff reaction was expected as it has repeatedly denied charges of cyber-espionage, which has become a growing concern in Washington. U.S. officials have recently stepped up complaints about Chinese cyber-warfare as more large-scale hacking attacks have been traced to China.

Yet some observers warned that by focusing all attention in the cyberbattle on China, the U.S. government may risk missing other important developments. And while the cyber accusations got the lion’s share of press attention, the Wall Street Journal points out that a number of other interesting revelations came to light in the report:

Perhaps the DoD report’s single greatest advancement of public knowledge concerns China’s nuclear submarine programs. It states that China’s three already-operational Type 094 Jin-class nuclear-powered ballistic missile submarines (SSBNs) may be joined by “as many as two more in various stages of construction.” The Type 094, the report says, “will give the PLA Navy its first credible sea-based nuclear deterrent” once its JL-2 – a submarine-launched ballistic missile with a range in excess of 7,400 km – is deployed effectively. “After a round of successful testing in 2012, the JL-2 appears ready to reach initial operational capability in 2013,” DoD asserts. “JIN-class SSBNs based at Hainan Island in the South China Sea would then be able to conduct nuclear deterrence patrols.”

Meanwhile, China’s two already-deployed Type 093 Shang-class nuclear-powered attack submarines will be joined by four improved variants under construction, according to the report. Within 10 years, the DoD projects, “China will likely construct the Type 095 guided-missile attack submarine, which may enable a submarine-based land-attack capability.” The Type 095 will “likely incorporat[e] better quieting technologies” and “fulfill traditional anti-ship roles with the incorporation of torpedoes and anti-ship cruise missiles.” As for conventional attack submarines, DoD states that the Yuan-class (Type 039A), of which China may build as many as twenty, “includes an air-independent power system.”

© Sophie Beach for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: cyberattacks, cyberespionage, hacking, Mandiant, pentagon, People's Liberation Army, U.S. relations
Download Tools to Circumvent the Great Firewall

THIRTEEN YEARS AGO Bill Clinton, then America’s president, said that trying to control the internet in China would be like trying to “nail Jell-O to the wall”. At the time he seemed to be stating the obvious. By its nature the web was widely dispersed, using so many channels that it could not possibly be blocked. Rather, it seemed to have the capacity to open up the world to its users even in shut-in places. Just as earlier communications technologies may have helped topple dictatorships in the past (for example, the telegraph in Russia’s Bolshevik revolutions in 1917 and short-wave radio in the break-up of the Soviet Union in 1991), the internet would surely erode China’s authoritarian state. Vastly increased access to information and the ability to communicate easily with like-minded people round the globe would endow its users with asymmetric power, diluting the might of the state and acting as a force for democracy.

Those expectations have been confounded. Not only has Chinese authoritarian rule survived the internet, but the state has shown great skill in bending the technology to its own purposes, enabling it to exercise better control of its own society and setting an example for other repressive regimes. China’s party-state has deployed an army of cyber-police, hardware engineers, software developers, web monitors and paid online propagandists to watch, filter, censor and guide Chinese internet users. Chinese private internet companies, many of them clones of Western ones, have been allowed to flourish so long as they do not deviate from the party line.

If this special report were about the internet in any Western country, it would have little to say about the role of the government; instead, it would focus on the companies thriving on the internet, speculate about which industries would be disrupted next and look at the way the web is changing individuals’ lives. Such things are of interest in China too, but this report concentrates on the part played by the government because that is the most extraordinary thing about the internet there. The Chinese government has spent a huge amount of effort on making sure that its internet is different, not just that freedom of expression is limited but also that the industry that is built around it serves national goals as well as commercial ones.

The report’s contents:

• The machinery of control: Cat and mouse — How China makes sure its internet abides by the rules, including CDT’s ‘Directives from the Ministry of Truth‘.
• Microblogs: Small beginnings — Microblogs are a potentially powerful force for change, but they have to tread carefully.
• The Great Firewall: The art of concealment — Chinese screening of online material from abroad is becoming ever more sophisticated.
• E-commerce: Ours, all ours — A wealth of internet businesses with Chinese characteristics. (See also recent Economist cover story ‘Alibaba: China’s king of e-commerce.’)
• Cyber-hacking: Masters of the cyber-universe — China’s state-sponsored hackers are ubiquitous—and totally unabashed. The Economist is also hosting a debate, set to conclude next week, on the motion “Is industrial cyber-espionage the biggest threat to relations between America and China?” BDA China chairman and founder Duncan Clark is arguing for, and Claremont McKenna College’s Minxin Pei against, with the Council on Foreign Relations’ Adam Segal also contributing.
• Internet controls in other countries: To each their own — China’s model for controlling the internet is being adopted elsewhere.
• Assessing the effects: A curse disguised as a blessing? — The internet may be delaying the radical changes China needs.
• Shutting down the internet: Thou shalt not kill — Turning off the entire internet is a nuclear option best not exercised.

Epstein discusses the report in a short audio podcast:

© Samuel Wade for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: cyberespionage, democracy, Directives from the Ministry of Truth, e-commerce, golden shield, Great Firewall, hackers, hacking, Internet, Internet censorship, microblogs, weibo
Download Tools to Circumvent the Great Firewall

While the publicity given to China’s alleged hacking of U.S. companies has put the spotlight on the issue, Mr. Cohen said in an interview, it’s now time for private negotiations between the U.S. and China. “If you continue to simply shout in public, we’re likely to get a negative reaction” from Beijing, he said

At issue, he added, is drafting “rules of the road and rules of engagement” concerning cyber activity, particularly what “threshold” of cyber activity should prompt a home government to crack down on perpetrators. “What level of activity can be tolerated by any country?” Mr. Cohen asked.

[…] The former defense secretary, who now runs a consulting firm [with some dealings in China], said multilateral negotiations on cybersecurity could play a role, but could take years to yield results. The U.S. needs to figure out before then “how to take measures to suppress activity that threatens our industry and critical infrastructure,” he said.

“My hope,” he added, “is that we can undertake this process in a fashion that prevents megaphone diplomacy from taking root and the adverse consequences that can flow from it.”

Such consequences might ultimately include self-fulfilling prophecies of cyberconflict. From Kim Zetter at Wired:

Referring to [the] announcement by the U.S. director of national intelligence that cyberattacks were the biggest threat the nation faced, Martin Libicki, senior management scientist at the RAND Corporation, told the House Homeland Security Committee that making strong statements about cyberattacks “tends to compel the United States to respond vigorously should any such cyberattack occur, or even merely when the possible precursors to a potential cyberattack have been identified. Having created a demand among the public to do something, the government is then committed to doing something even when doing little or nothing is called for.”

Put in perspective, cyber attacks might disrupt life, but they cannot be used to occupy another nation’s capital or force regime change. No one has yet died from a cyberattack either, he noted. Therefore, a cyberattack in and of itself, “does not demand an immediate response to safeguard national security,” Libicki said during a hearing on cyberthreats against critical infrastructure from China, Russia and Iran.

[…] “[W]e are right to be worried about a ’9/11 in cyberspace,’ but we also ought to worry about what a ’9/12 in cyberspace’ would look like,” he said.

Security guru Bruce Schneier has also struck a note of caution about the tone of rhetoric on cybersecurity:

Our nationalist worries have recently been fueled by a media frenzy surrounding attacks from China. These attacks aren’t new-cyber-security experts have been writing about them for at least a decade, and the popular media reported about similar attacks in 2009 and again in 2010-and the current allegations aren’t even very different than what came before. This isn’t to say that the Chinese attacks aren’t serious. The country’s espionage campaign is sophisticated, and ongoing. And because they’re in the news, people are understandably worried about them.

[…] Unfortunately, both the reality and the rhetoric play right into the hands of the military and corporate interests that are behind the cyberwar arms race in the first place. There is an enormous amount of power at stake here: not only power within governments and militaries, but power and profit amongst the corporations that supply the tools and infrastructure for cyber-attack and cyber-defense. The more we believe we are “at war” and believe the jingoistic rhetoric, the more willing we are to give up our privacy, freedoms, and control over how the Internet is run.

Nationalism is rife on the Internet, and it’s getting worse. We need to damp down the rhetoric and-more importantly-stop believing the propaganda from those who profit from this Internet nationalism. Those who are beating the drums of cyberwar don’t have the best interests of society, or the Internet, at heart.

© Samuel Wade for China Digital Times (CDT), 2013. | Permalink | 2 comments | Add to del.icio.us
Post tags: cyberattacks, cybersecurity, cyberwar, diplomacy, hackers, hacking, United States
Download Tools to Circumvent the Great Firewall

The apparent working relationship between the PLA unit and Shanghai Jiaotong is in contrast to common practice in most developed nations, where university professors in recent decades have been reluctant to cooperate with operational intelligence gathering units.

…

There is no evidence to suggest any Shanghai Jiaotong academics who co-authored papers with Unit 61398 worked with anyone directly engaged in cyber-espionage operations, as opposed to research.

“The issue is operational activity – whether these research institutions have been involved in actual intelligence operations,” said James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies. “That’s something the U.S. does not do.”

“(In the U.S.) there’s a clear line between an academic researcher and people engaged in operational (intelligence gathering) activities.”

Shanghai Jiaotong has long had an elite reputation within the computer science field in China, and was under scrutiny in 2010 when a hacking attack on Google was reportedly traced to computers on its campus. While Shanghai Jiaotong has no official links to China’s military, and while neither Shanghai Jiaotong or the PLA commented on the Reuters story, it adds yet another wrinkle to an issue that has grown more sensitive for both the Obama administration and the Xi Jinping regime. Following the report by security firm Mandiant, which linked the PLA a series of hacking incidents on U.S. companies and government organizations since 2006, the two sides have traded public accusations of cyber intrusions in recent weeks. Last week, the White House demanded that China start negotiating rules for proper behavior in cyberspace.

© Scott Greene for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: Barack Obama, cyberespionage, cybersecurity, hacking, People's Liberation Army, Shanghai Jiaotong University, U.S. relations, Xi Jinping
Download Tools to Circumvent the Great Firewall

Original post: South Korean authorities have revealed that malware used in a major cyberattack against Korean banks and broadcasters has been traced to an IP address in China. (For a detailed description of the attack, see Sean Gallagher’s account at Ars Technica.) The attack came amid North Korean threats of “catastrophic” retaliation if the U.S. persisted in flying B-52 bombers over the peninsula, however, and Pyongyang is widely regarded as the chief suspect. From Choe Sang-hun at The New York Times:

The Korea Communications Commission said Thursday that the disruption originated at an Internet provider address in China but that it was still not known who was responsible.

Many analysts in Seoul suspect that North Korean hackers honed their skills in China and were operating there. At a hacking conference here last year, Michael Sutton, the head of threat research at Zscaler, a security company, said a handful of hackers from China “were clearly very skilled, knowledgeable and were in touch with their counterparts and familiar with the scene in North Korea.”

But there has never been any evidence to back up some analysts’ speculation that they were collaborating with their Chinese counterparts. “I’ve never seen any real evidence that points to any exchanges between China and North Korea, ” said Adam Segal, a senior fellow who specializes in China and cyberconflict at the Council on Foreign Relations.

From Bloomberg News:

“Discovering that the code was from China makes it more likely that the attack was from North Korea, because a lot of North Korean hackers operate there,” said Ryou Jae Cheol, a professor of computer engineering and securities at Chungnam National University. “Who else would be making this kind of attack at this scale and timing other than North Korea?”

[…] “It’s highly probable that North Korea used Chinese IPs for the attacks,” said Lim Jong In, dean of Korea University’s Graduate School of Information Security. “These are sentimental attacks, aimed at spreading confusion to the whole society by paralyzing media and financial institutions. But it will take some time to exactly track who’s behind this as China is unlikely to actively cooperate.”

At Reuters, Ju-min Park described the difficulty of assessing North Korea’s cyberwarfare capabilities:

Jang Se-yul, a former North Korean soldier who went to a military college in Pyongyang to groom hackers and who defected to the South in 2008, estimates the North has some 3,000 troops including 600 professional hackers in its cyber unit.

[…] The North’s professional “cyber-warriors” enjoy perks such as luxury apartments for their role in what Pyongyang has defined as a new front in its “war” against the South, Jang told Reuters.

[…] “North Korea can’t invest in fighter jets or warships, but they have put all their resources into raising hackers. Qualified talent matters to cyber warfare, not technology,” said Lee Dong-hoon, an information security expert at Korea University in Seoul.

© Samuel Wade for China Digital Times (CDT), 2013. | Permalink | 3 comments | Add to del.icio.us
Post tags: cyberattacks, cyberwar, hackers, hacking, North Korea, south korea, United States
Download Tools to Circumvent the Great Firewall

When downloaded, the tainted versions would allow hackers to remotely control infected computers after users attempted to read the report which was released last week by U.S. IT security vendor, Mandiant.

A blog post by Symantec said hackers used the report as “bait”, embedding a malware called, Trojan.Pidief, into fake reports which displayed a blank PDF document when opened. Unbeknownst to users, the tainted report would trigger the exploit code for Adobe Acrobat and Reader Remote Code Execution Vulnerability.

Symantec highlighted an e-mail in Japanese purported to be from someone in the media industry which contained a PDF attachment of the fake Mandiant report.

Cybersecurity has become a wedge in Sino-U.S. relations in recent years, and lately the two sides have traded accusations of hacking. The New York Times’ David Sanger reported earlier this week that the Obama administration is more willing than ever to call out the Chinese directly over the hacking issue:

Defining “enemies” in this case is not always an easy task. China is not an outright foe of the United States, the way the Soviet Union once was; rather, China is both an economic competitor and a crucial supplier and customer. The two countries traded $425 billion in goods last year, and China remains, despite many diplomatic tensions, a critical financier of American debt. As Hillary Rodham Clinton put it to Australia’s prime minister in 2009 on her way to visit China for the first time as secretary of state, “How do you deal toughly with your banker?”

In the case of the evidence that the People’s Liberation Army is probably the force behind “Comment Crew,” the biggest of roughly 20 hacking groups that American intelligence agencies follow, the answer is that the United States is being highly circumspect. Administration officials were perfectly happy to have Mandiant, a private security firm, issue the report tracing the cyberattacks to the door of China’s cybercommand; American officials said privately that they had no problems with Mandiant’s conclusions, but they did not want to say so on the record.

…

In the next few months, American officials say, there will be many private warnings delivered by Washington to Chinese leaders, including Xi Jinping, who will soon assume China’s presidency. Both Tom Donilon, the national security adviser, and Mrs. Clinton’s successor, John Kerry, have trips to China in the offing. Those private conversations are expected to make a case that the sheer size and sophistication of the attacks over the past few years threaten to erode support for China among the country’s biggest allies in Washington, the American business community.

“America’s biggest global firms have been ballast in the relationship” with China, said Kurt M. Campbell, who recently resigned as assistant secretary of state for East Asia to start a consulting firm, the Asia Group, to manage the prickly commercial relationships. “And now they are the ones telling the Chinese that these pernicious attacks are undermining what has been built up over decades.”

Meanwhile, Ezra Klein of the Washington Post reports that Chinese hackers may be wrong to focus on the U.S. capital as much as they do:

The Chinese look at Washington, and they think there must be some document somewhere, some flowchart saved on a computer in the basement of some think tank, that lays it all out. Because in China, there would be. In China, someone would be in charge. There would be a plan somewhere. It would probably last for many years. It would be at least partially followed. But that’s not how it works in Washington.

What the Chinese hackers are looking for is the great myth of Washington, what I call the myth of scheming. You see it all over. If you’ve been watching the series “House of Cards” on Netflix, it’s all about the myth of scheming. Things happen because the Rep. Frank Underwood has planned for them to happen. And when they don’t happen, it’s because someone has counterplanned against him.

…

I almost feel bad for the Chinese hackers. Imagine the junior analysts tasked with picking through the terabytes of e-mails from every low-rent think tank in Washington, trying to figure out what matters and what doesn’t, trying to make everything fit a pattern. Imagine all the spurious connections they’re drawing, all the fundraising bluster they’re taking as fact, all the black humor they’re reading as straight description, all the mundane organizational chatter they’re reading.

They’re missing our real strength, the real reason Washington fails day-to-day but has worked over years: It’s because we don’t stick too rigidly to plans or rely on some grand design. That way, when it all falls apart, as it always does and always will, we’re okay.

© Scott Greene for China Digital Times (CDT), 2013. | Permalink | One comment | Add to del.icio.us
Post tags: Barack Obama, cyberattacks, cyberespionage, cybersecurity, hackers, hacking, Mandiant, People's Liberation Army, PLA, Washington
Download Tools to Circumvent the Great Firewall

Since then, netizens have continued to point out evidence from across the Chinese Internet–including this Xinhua article from August 2008 [zh] that states PLA Unit 61398 specifically installed flooring for use in high-security environments:

Everyone knows that Anxin Flooring is a renowned brand in China’s wooden flooring industry. They entered the large-scale realty project business very early on. Plus, at the very beginning, they specialized in working with clients that had very strict standards for their building materials, such as national organs and foreign embassies. The PLA General Political Department building, the General Staff Meteorological Bureau, the General Staff Surveying and Mapping Bureau, the Unit 61587 Commander Building, the General Staff Headquarters Satellite Positioning Center Residential Building, Unit 61398, the State Administration of Taxation, the Beijing Cultural Palace of Nationalities, CNPC Overseas Staff Dormitory, the Bulgarian Embassy office building, and the Wenzhou Municipal Government building were all early buyers of Anxin flooring for major projects.

How does Anxin Flooring relate to PLA-sponsored cyber attacks? One netizen explained the correlation on his Sina blog [zh]:

Chinese netizen: Unit 61398 is most likely conducting IT-related work in their office building. There’s still a report up on the web about Anxin Flooring. The report states “army units that require very strict guidelines for their building materials, the General Staff Headquarters Satellite Positioning Center Residential Building, and Unit 61398” all used their flooring. Anxin is an American wholly foreign-owned company, and its leading product–wooden flooring–is known to protect against static electricity. Anyone in the IT industry would know that without a computer room, there would be no need for this kind of anti-static flooring.

Of course, one could argue all office buildings house computers. However, not all office buildings house PLA international relations and intelligence experts, like Colonel Zhou Jianping. An announcement for a public lecture by Zhou Jianping [zh] displays his affiliation with Unit 61398:

Public Announcement for the Pudong Forum Lecture Series

[Source: Pudong News. Published December 15, 2010]
–The Situation on the Korean Peninsula and the Border Security Environment

Topic: The Situation on the Korean Peninsula and the Border Security Environment
Lecturer: Director of the China Institute of International Relations and researcher at the Shanghai City Strategic Studies Association, Zhou Jianping.
Time: 1:30pm December 25, 2010.
Location: Pudong Library’s 600-person lecture hall

Zhou Jianping
Researcher of the People’s Liberation Army General Staff Headquarters Unit #61398, rank of Colonel. Director of the China Institute of International Relations and researcher at the Shanghai Strategic Studies Association. From 1979-2001, he taught international relations at the People’s Liberation Army Foreign Languages Institute. In 2001, he was redeployed to Shanghai to work in intelligence research.

Professor Zhou worked long-term in the field of international relations education. He is especially knowledgeable in the fields of Chinese border security and hot button issues of international relations. He has published academic articles in these fields. In recent years, his research has centered mainly on border security and the Taiwan issue. He has also conducted deep research into the fields of Sino-American relations and U.S. political, diplomatic, and strategic military issues.

An academic paper published in the Journal of PLA University of Science and Technology (Natural Science Edition) coauthored by a member Unit 61398, titled “Novel Method to Calculate Causal Correlation Belief Values of Network Alerts.” Keywords: network security, alert correlation, attack time expense, and correlation belief. You can view the paper’s cover page, which includes an English abstract, through this link.

Chinese IT and Internet information portal Cecb2b.com reported on this paper [zh] in light of the New York Times piece:

Cecb2b Net. On February 19, The New York times and numerous western media reported that a 60-page report released by U.S. cyber security company Mandiant linked recent cyber attacks experienced by many western media organizations with China’s People’s Liberation Army. Hackers were traced back to “the headquarters of People’s Liberation Army Unit 61398, located in a 12-story building in Pudong, Shanghai.”

Using Baidu’s literature search function, we found an article coauthored by Song Sigen of PLA Unit 61398 regarding the detection of intrusion by hackers, titled “Novel Method to Calculate Causal Correlation Belief Values of Network Alerts” (see images on Baidu Literature). The article was published in the June 2009 edition of the Journal of PLA University of Science and Technology (Natural Science Edition), volume 10 issue 3.

Translated by Little Bluegill.

© Little Bluegill for China Digital Times (CDT), 2013. | Permalink | 3 comments | Add to del.icio.us
Post tags: cyberattacks, cyberespionage, hacking, new york times, People's Liberation Army, unit 61398
Download Tools to Circumvent the Great Firewall

This 12-story building on the outskirts of Shanghai is the headquarters of Unit 61398 of the People’s Liberation Army. China’s defense ministry has denied that it is responsible for initiating digital attacks. (New York Times)

China’s Ministry of National Defense quickly denied charges outlined in a widely circulated report from information security firm Mandiant that exposed a specific unit of the People’s Liberation Army as responsible for hacking against the U.S. and other countries.

Reuters reports a statement published on the Ministry’s official website called into question the evidence put forth by The New York Times, saying, “The report, in only relying on linking IP address to reach a conclusion the hacking attacks originated from China, lacks technical proof.”

Well, thanks to the shrewd detective work of Chinese netizens, we now have further evidence–a 2004 notice, still viewable on the website of Zhejiang University (at the time of this article’s publication), titled “China’s People’s Liberation Army Unit 61398 Recruiting Graduate Students” [zh].

The Graduate School has received notice that Unit 61398 of China’s People’s Liberation Army (located in Pudong District, Shanghai) seeks to recruit 2003-class computer science graduate students. Students who sign the service contract will receive a 5,000 yuan per year National Defense Scholarship. After graduation, students will work in the same field within the PLA.

Interested Zhejiang University 2003-class graduate students should please contact Teacher Peng in the Graduate Division before May 20. (Cao Guangbiao room 108; phone: 87952168)

Graduate Division
May 13, 2004

Via CDT Chinese. Translated by Little Bluegill.

© Little Bluegill for China Digital Times (CDT), 2013. | Permalink | 10 comments | Add to del.icio.us
Post tags: hacking, Ministry of Defense, People's Liberation Army, weibo
Download Tools to Circumvent the Great Firewall

[…] Mandiant has watched the group as it has stolen technology blueprints, manufacturing processes, clinical trial results, pricing documents, negotiation strategies and other proprietary information from more than 100 of its clients, mostly in the United States. Mandiant identified attacks on 20 industries, from military contractors to chemical plants, mining companies and satellite and telecommunications corporations.

[…] What most worries American investigators is that the latest set of attacks believed coming from Unit 61398 focus not just on stealing information, but obtaining the ability to manipulate American critical infrastructure: the power grids and other utilities.

[…] A few years ago, [U.S.] administration officials say, the theft of intellectual property was an annoyance, resulting in the loss of billions of dollars of revenue. But clearly something has changed. The mounting evidence of state sponsorship, the increasing boldness of Unit 61398, and the growing threat to American infrastructure are leading officials to conclude that a far stronger response is necessary.

“Right now there is no incentive for the Chinese to stop doing this,” said Mr. Rogers, the House intelligence chairman. “If we don’t create a high price, it’s only going to keep accelerating.”

The Mandiant report provides details of three “personas” believed to be part of APT1, “in an effort to underscore there are actual individuals behind the keyboard.” (See also Bloomberg Businessweek’s recent ‘A Chinese Hacker’s Identity Unmasked’, via CDT, on an alleged hacker identified as a teacher at a P.L.A. university.) The most dramatic of the released materials is a narrated video purportedly showing one of these hackers at work:

Searches for “Unit 61398″ were quickly blocked on Sina Weibo, while a BBC team filming near the unit’s headquarters was detained and had their footage confiscated. The Telegraph’s Tom Phillips also visited the area:

Large propaganda posters are pinned to walls around the base between Shanghai’s Datong and Tonggang roads. “Everyone has the duty to defend our country and our home!” reads one poster, featuring a group of young soldiers crawling through mud.

Another poster shows a line of PLA tanks and four fighter jets and is emblazoned with the slogan: “Security and peace protects hundreds of thousands of households!”

Opposite the building identified by Mandiant is a street of hardware shops and a salon carrying a bright pink sign with the name: “Slender Beauty.”

[…] On Tuesday afternoon, a woman who identified herself as a member of ‘Unit 61398’ but refused to produce any identification reprimanded the Daily Telegraph for taking notes on a nearby street corner.

Reuters was also there, and escaped with its video intact:

Mandiant has previously drawn criticism for declining to share information with others in the security community, according to a profile at Bloomberg Businessweek earlier this month. In the report, the authors explain the reasoning for releasing their findings this time(PDF).

The decision to publish a significant part of our intelligence about Unit 61398 was a painstaking one. What started as a “what if” discussion about our traditional non-disclosure policy quickly turned into the realization that the positive impact resulting from our decision to expose APT1 outweighed the risk to our ability to collect intelligence on this particular APT group. It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively. The issue of attribution has always been a missing link in publicly understanding the landscape of APT cyber espionage. Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns. We hope that this report will lead to increased understanding and coordinated action in countering APT network breaches.

At the same time, there are downsides to publishing all of this information publicly. Many of the techniques and technologies described in this report are vastly more effective when attackers are not aware of them. Additionally, publishing certain kinds of indicators dramatically shortens their lifespan. When Unit 61398 changes their techniques after reading this report, they will undoubtedly force us to work harder to continue tracking them with such accuracy. It is our sincere hope, however, that this report can temporarily increase the costs of Unit 61398’s operations and impede their progress in a meaningful way.

We are acutely aware of the risk this report poses for us. We expect reprisals from China as well as an onslaught of criticism.

Criticism has already started to emerge. Security analyst Jeffrey Carr has written that the report contains “critical analytical flaws”: Mandiant, he argues, failed to prove that APT1 and Unit 61398 are one and the same, or to consider alternative explanations for their observations.

In summary, my problem with this report is not that I don’t believe that China engages in massive amounts of cyber espionage. I know that they do – especially when an executive that we worked with traveled to Beijing to meet with government officials with a clean laptop and came back with one that had been breached while he was asleep in his hotel room.

My problem is that Mandiant refuses to consider what everyone that I know in the Intelligence Community acknowledges – that there are multiple states engaging in this activity; not just China. And that if you’re going to make a claim for attribution, then you must be both fair and thorough in your analysis and, through the application of a scientific method like ACH, rule out competing hypotheses and then use estimative language in your finding. Mandiant simply did not succeed in proving that Unit 61398 is their designated APT1 aka Comment Crew.

When questioned about the report on Tuesday, a Ministry of Foreign Affairs spokesman issued a customary denial. From Ben Blanchard and Joseph Menn at Reuters:

“Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don’t know how the evidence in this so-called report can be tenable,” spokesman Hong Lei told a daily news briefing.

“Arbitrary criticism based on rudimentary data is irresponsible, unprofessional and not helpful in resolving the issue.”

Hong cited a Chinese study which pointed to the United States as being behind hacking in China.

“Of the above mentioned Internet hacking attacks, attacks originating from the United States rank first.”

© Samuel Wade for China Digital Times (CDT), 2013. | Permalink | One comment | Add to del.icio.us
Post tags: cyberattacks, cyberespionage, cybersecurity, hackers, hacking, infrastructure, Mandiant, Ministry of Foreign Affairs, People's Liberation Army, PLA, Shanghai
Download Tools to Circumvent the Great Firewall

In one case that has unfolded over the past two years, however, a trail of reused email addresses and aliases led to the business website and personal QQ and Kaixin accounts of a teacher at the P.L.A.’s Information Engineering University. At Bloomberg Businessweek, Dune Lawrence and Michael Riley describe and build researchers Joe Stewart’s and Cyb3rsleuth’s investigations of suspected hacker Zhang Changhe.

Computer attacks from China occasionally cause a flurry of headlines, as did last month’s hack on the New York Times (NYT). An earlier wave of media attention crested in 2010, when Google (GOOG) and Intel (INTC) announced they’d been hacked. But these reports don’t convey the unrelenting nature of the attacks. It’s not a matter of isolated incidents; it’s a continuous invasion.

[…] Investigators at dozens of commercial security companies suspect many if not most of those hackers either are military or take their orders from some of China’s many intelligence or surveillance organizations. In general, they say the attacks are too organized and the scope too vast to be the work of freelancers. Secret diplomatic cables published by WikiLeaks connected the well-publicized hack of Google to Politburo officials, and the U.S. government has long had classified intelligence tracing some of the attacks to hackers linked to the People’s Liberation Army (PLA), according to former intelligence officials. None of that evidence is public, however, and China’s authorities have for years denied any involvement.

Up to now, private-sector researchers such as Stewart have had scant success putting faces to the hacks. There have been faint clues left behind—aliases used in domain registrations, old online profiles, or posts on discussion boards that give the odd glimpse of hackers at work—but rarely an identity. Occasionally, though, hackers mess up. Recently, one hacker’s mistakes led a reporter right to his door.

[…] Outing one person involved in the hacking teams won’t stop computer intrusions from China. Zhang’s a cog in a much larger machine and, given how large China’s operations have become, finding more Zhangs may get easier. Show enough of this evidence, Stewart figures, and eventually the Chinese government can’t deny its role. “It might take several more years of piling on reports like that to make that weight of evidence so strong that it’s laughable, and they say, ‘Oh, it was us,’ ” says Stewart. “I don’t know that they’ll stop, but I would like to make it a lot harder for them to get away with it.”

Meek confessions from China do seem a long way off for now, as Adam Segal of the Council on Foreign Relations wrote shortly after the Times hacking was revealed:

Several commentaries and an article in the People’s Daily all suggest that Beijing is not reacting to the public announcements with anything approaching shame. In fact, they all portray the claims as part of an effort to discredit China and distract from the offensive actions the United States is taking in cyberspace. The People’s Daily notes that while the United States is portraying itself as the “patron saint of the free Internet” it has plans to expand U.S. Cyber Command fivefold. He Hui, deputy director at the Communication University of China, argues that the claims about Chinese hacking are getting tiresome and in fact serve three alternate purposes: they raise suspicion about China’s rise in the United States and the rest of the world; help raise defense budgets, especially for cyber weapons; and justify protectionist trade measures against Chinese firms that are beginning to challenge the big American companies.

Other recent news may do little to dispel these views. The New York Times reported early this month, for example, that a secret legal review had authorized pre-emptive strikes in response to “credible evidence of a major digital attack looming from abroad”. From David E. Sanger and Thom Shanker:

One senior American official said that officials quickly determined that the cyberweapons were so powerful that — like nuclear weapons — they should be unleashed only on the direct orders of the commander in chief.

[…] “While this is all described in neutral terms — what are we going to do about cyberattacks — the underlying question is, ‘What are we going to do about China?’ ” said Richard Falkenrath, a senior fellow at the Council on Foreign Relations. “There’s a lot of signaling going on between the two countries on this subject.”

China is not alone in its wariness of U.S. policy. At The New Republic, Thomas Rid argued that the Obama administration’s “lousy” record on cyber security includes neglecting defensive in favor of offensive capabilities.

Indeed, the Obama administration has been so intent on responding to the cyber threat with martial aggression that it hasn’t paused to consider the true nature of the threat. And that has lead to two crucial mistakes: first, failing to realize (or choosing to ignore) that offensive capabilities in cyber security don’t translate easily into defensive capabilities. And second, failing to realize (or choosing to ignore) that it is far more urgent for the United States to concentrate on developing the latter, rather than the former.

[…] So amid all the activity, little has been done to address the country’s major vulnerabilities. The software that controls America’s most critical infrastructure—from pipeline valves to elevators to sluices, trains, and the electricity grid—is often highly insecure by design, as the work of groups like Digital Bond illustrates. Worse, these systems are often connected to the internet for maintenance reasons, which means they are always vulnerable to attack. Shodan, a search engine dubbed the Google for hackers, has already made these networked devices searchable. Recently a group of computer scientists at the Freie Universität in Berlin began to develop their own crawlers to geo-locate these vulnerable devices and display them on a map. Although the data are still incomplete and anonymized, parts of America’s most vulnerable infrastructure are now visible for anyone to see.

Defending these areas ought to be the government’s top priority, not the creation of a larger Cyber Command capable of going on the offense. Yet the White House has hardly complained that the piece of legislation that would have made some progress towards that goal, the Cybersecurity Act of 2012, has stalled indefinitely in the Senate.

On Tuesday, however, the Associated Press reported that fear of “America […] losing cyber war to China” might help drive legislation through an otherwise gridlocked Congress:

Declaring that America is losing an aggressive cyber-espionage campaign waged from China, administration officials and lawmakers on Wednesday agreed to push legislation that would make it easier for the government and industry to share information about who is getting hacked and what to do about it.

They say this new partnership, codified by law and buoyed by President Barack Obama’s new executive order, is critical to keeping countries like China, Russia and even Iran from rummaging in American computer networks and targeting proprietary data they can use to wreak havoc or compete against U.S. businesses.

[…] “Until Congress acts, President Obama will be fighting to defend this country with one hand tied behind his back,” said Senate Majority Leader Harry Reid, D-Nev., who promised Wednesday to advance a bipartisan proposal “as soon as possible.”

The threat from China has already proven lucrative for some in the private sector. Previously at Businessweek, Brad Stone and Michael Riley profiled security firm Mandiant, enlisted by both The New York Times and The Washington Post to exorcise suspected Chinese intrusions. The company’s $100 million business has been built in large part on the threat of attacks from China.

In one large central control room, dubbed the Bridge, a dozen security analysts peer quietly at their computer monitors, looking for anomalous activity on the computer networks of Mandiant’s hundreds of corporate clients around the world. A large computer display on the wall shows an image of the earth, seen from space, that highlights inbound and outbound network activity in each country. Mandiant monitors the entire planet, yet a printout taped to the desk of one analyst suggests that these days, the company has a more specific focus. “To accuse the Chinese military of launching cyberattacks without solid proof is unprofessional and baseless,” reads an excerpt from a recent Chinese government statement. Jennifer Ayers, who manages the Redwood City facility, removes the printout and folds it in half. “We’re not supposed to editorialize,” she says.

[…] For the first few years, [Mandia's] company remained small and relatively unknown outside computer security circles. But it was in the right place at the right time. In 2011, as anxieties about attacks by China spread, the company raised $70 million from venture capital firm Kleiner Perkins Caufield & Byers and the investment arm of JPMorgan Chase (JPM). […]

See also a ChinaFile conversation on recent hackings between CDT founder Xiao Qiang, Orville Schell, James Fallows, Bill Bishop and others, and more on hacking and cyber security via CDT.

© Samuel Wade for China Digital Times (CDT), 2013. | Permalink | One comment | Add to del.icio.us
Post tags: Barack Obama, congress, cyberattacks, cyberespionage, cybersecurity, cyberwar, Eric Schmidt, hackers, hacking, PLA, Rupert Murdoch
Download Tools to Circumvent the Great Firewall

China, Schmidt and Cohen write, is “the world’s most active and enthusiastic filterer of information” as well as “the most sophisticated and prolific” hacker of foreign companies. In a world that is becoming increasingly digital, the willingness of China’s government and state companies to use cyber crime gives the country an economic and political edge, they say.

[…] But for all the advantages China gains from its approach to the Internet, Schmidt and Cohen still seem to think its hollow political center is unsustainable. “This mix of active citizens armed with technological devices and tight government control is exceptionally volatile,” they write, warning this could lead to “widespread instability.”

In the longer run, China will see “some kind of revolution in the coming decades,” they write.

In a separate post, Gara takes a broader overview of the book’s contents, including real-name registration, “automated and machine-precise” haircuts, and the view that “we’re already living in an age of state-led cyber war, even if most of us aren’t aware of it.” See also Schmidt’s daughter Sophie’s account of their recent trip to North Korea.

© Samuel Wade for China Digital Times (CDT), 2013. | Permalink | One comment | Add to del.icio.us
Post tags: books, cyberutopianism, cyberwar, Eric Schmidt, Google, hacking, real name registration, revolution
Download Tools to Circumvent the Great Firewall

On Thursday, The Wall Street Journal revealed that it, too, has suffered attacks focused on its coverage of China. From Siobhan Gorman, Devlin Barrett and Danny Yadron:

In the most recent incident, the Journal was notified by the FBI of a potential breach in the middle of last year, when the FBI came across data that apparently had come from the computer network in the Journal’s Beijing bureau, people familiar with the incident said.

[…] Among the targets were a handful of journalists in the Beijing bureau, including Jeremy Page, who wrote articles about the murder of British businessman Neil Heywood in a scandal that helped bring down Chinese politician Bo Xilai, people familiar with the matter said. Beijing Bureau Chief Andrew Browne also was a target, they said.

[…] “Evidence shows that infiltration efforts target the monitoring of the Journal’s coverage of China and are not an attempt to gain commercial advantage or to misappropriate customer information,” Paula Keve, a spokeswoman for Journal publisher Dow Jones, said in a written statement Thursday. Dow Jones is a unit of News Corp.

The Times noted that Bloomberg News had also been attacked following its investigation of Xi Jinping’s family last year, and that security firm Mandiant had compiled a list of other targeted journalists. The Globe and Mail’s Mark MacKinnon added on Twitter that a 2011 intrusion into his own computer had also been aimed at “specific China-related files”. Numerous other targets have been identified elsewhere; in fact, wrote Adam Segal of the Council on Foreign Relations, the “sweeping cyber espionage campaign […] appears endemic”. From Foreign Policy:

As with many cases of cyber espionage, the break-in is assumed to have started with a spear-phishing email, a socially engineered message containing malware attachments or links to hostile websites. In the case of the attack on the security firm RSA in 2011, for example, an email with the subject line “2011 Recruitment Plan” was sent with an attached Excel file. Opening the file downloaded software that allowed attackers to gain control of the user’s computers. They then gradually expanded their access and moved into different computers and networks.

[…] Evidence that the hackers are China-based in all of these cases is suggestive, but not conclusive. Some of the code used in the attacks was developed by Chinese hacker groups and the command and control nodes have been traced back to Chinese IP addresses. Hackers are said to clock in in the morning Beijing time, clock out in the afternoon, and often take vacation on Chinese New Year and other national holidays. But attacks can be routed through many computers, malware is bought and sold on the black market, groups share techniques, and one of the cherished clichés of hackers is that they work weird hours.

Perhaps the most compelling evidence has been the type of information targeted. The emails and documents of the office of the Dalai Lama and Tibetan activists, defense industries, foreign embassies, journalists, and think tanks are not easily monetized and so would apparently have little attraction to criminal hackers. The information contained in them would be of much greater interest to the Chinese government.

Graham Cluley at Sophos’ Naked Security blog summed up the attribution debate:

Security experts brought in by the newspaper have pointed the finger of blame at China. And, in all likelihood, they’re right.

However, it must be remembered that it is extremely difficult to prove who is behind an internet attack like this. That’s because it’s so easy to use compromised computers around the world to route attacks through – disguising the true origin.

Of course, even if China is identified as the starting point of an attack – it doesn’t necessarily prove that it the operation is backed by the Chinese government or intelligence services. It could just as easily be a patriotic group of skilled, independent Chinese hackers upset with how the Western media is portraying their country’s rulers.

But let’s not be too naive… In all probability, the New York Times’s conclusion is correct, and this attack was sanctioned by the powers that be in Beijing.

NPR’s Neal Conan raised a third possibility: that the campaign might have been initiated privately by a member of Wen’s family, to investigate the investigation.

According to The Times report, the organization’s Symantec anti-virus software detected only one of 45 pieces of intruding malware. Symantec would not comment for the article itself, but in a later statement suggested that the newspaper had simply not bought enough of its products:

“Advanced attacks like the ones the New York Times described in the following article, (http://nyti.ms/TZtr5z), underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions. The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough.”

While some dissected the NYT attack itself, others pondered its broader significance. The New Yorker’s Evan Osnos viewed it in light of Xi Jinping’s professed crusade against official corruption:

The timing of all this is significant for anyone interested in the prospect of reform: this attack has unfolded at the very moment that the new Chinese leadership, under Xi Jinping, has pledged to root out corruption before it destroys the Party. Xi has been making so many gestures of reform that he has persuaded some longtime China-watchers to take him seriously.

[…] The renewed commitment to combating corruption isn’t looking as sincere. On the contrary, this case feels like déjà vu for the Times: in 2004, the Chinese government detained the Times researcher Zhao Yan, accusing him of leaking state secrets. As evidence, the investigators cited a photocopy of one of Zhao’s handwritten notes; the Times pointedly noted, “questions remain about how security agents obtained a copy of the note. One possibility is that agents entered The Times’s Beijing bureau without permission.”

This time, the newspaper claims, the intruders have been exorcised, and no sensitive data was taken. The Times has always maintained that the Wen exposé was based on public records, not human sources. Nevertheless, some feared, the recent episode might raise doubts about its ability to protect such sources in future. At Slate, Farhad Manjoo suggested that a deterrent effect might even have been one of the attackers’ goals:

The most important outcome here might be the chilling effect: Now that a Chinese attack on the New York Times is international news, any dissident or potential whistle-blower in China will be wary of talking to journalists at the paper—or, for that matter, all journalists.

In other words, the hack worked. […]

© Samuel Wade for China Digital Times (CDT), 2013. | Permalink | One comment | Add to del.icio.us
Post tags: Bo Xilai, computer security, cyberattacks, cybersecurity, Dalai Lama, hackers, hacking, journalism, Neil Heywood, new york times, news media, newspapers, Wen Jiabao, Xi Jinping
Download Tools to Circumvent the Great Firewall

Investigators still do not know how hackers initially broke into The Times’s systems. They suspect the hackers used a so-called spear-phishing attack, in which they send e-mails to employees that contain malicious links or attachments. All it takes is one click on the e-mail by an employee for hackers to install “remote access tools” — or RATs. Those tools can siphon off oceans of data — passwords, keystrokes, screen images, documents and, in some cases, recordings from computers’ microphones and Web cameras — and send the information back to the attackers’ Web servers.

[…] The attackers were particularly active in the period after the Oct. 25 publication of The Times article about Mr. Wen’s relatives, especially on the evening of the Nov. 6 presidential election. That raised concerns among Times senior editors who had been informed of the attacks that the hackers might try to shut down the newspaper’s electronic or print publishing system. But the attackers’ movements suggested that the primary target remained Mr. Barboza’s e-mail correspondence.

“They could have wreaked havoc on our systems,” said Marc Frons, the Times’s chief information officer. “But that was not what they were after.”

What they appeared to be looking for were the names of people who might have provided information to Mr. Barboza.

I would like to apologize to the NYT computer support folks I snapped at after they reset my password without warning nytimes.com/2013/01/31/tec…

— John Schwartz — NYT (@jswatz) January 31, 2013

© Samuel Wade for China Digital Times (CDT), 2013. | Permalink | One comment | Add to del.icio.us
Post tags: cyberattacks, cybersecurity, hackers, hacking, journalism, new york times, news media, newspapers, Wen Jiabao
Download Tools to Circumvent the Great Firewall

Wow, my Twitter account just got hacked. Party Congresses are such fun.

— Patrick Chovanec (@prchovanec) November 8, 2012

Hmm. Just notified by Twitter that others were attempting access to cmphku account.

— China Media Project (@cmphku) November 8, 2012

Count me among those reporting their twitter accts were hacked/compromised in the last hour. also @cmphku @prchovanec

— Adam Minter (@AdamMinter) November 8, 2012

@tulletilsynet I got kicked off Twitter with a message that account had been compromised, sent me an email link to reset password

— Patrick Chovanec (@prchovanec) November 8, 2012

And me. Should I feel proud? @adamminter: Count me among those reporting twitter accts were hacked in the last hour also @cmphku @prchovanec

— Offbeat China (@OffbeatChina) November 8, 2012

@larsonchristina @prchovanec @offbeatchina @adamminter @cmphku Me too. And I’m not even in Beijing this week.

— Mara Hvistendahl (@MaraHvistendahl) November 8, 2012

At The Next Web, Josh Ong has posted a screenshot of the warning sent to China Media Project, as well as background on similar cases and other current disruptions.

Twitter’s support pages offer suggestions for keeping your account secure, including the following basics:

• Use a strong password.
• Watch out for suspicious links, and always make sure you’re on Twitter.com before you enter your login information.
• Don’t give your username and password out to untrusted third-parties, especially those promising to get you followers or make you money.
• Make sure your computer and operating system is up-to-date with the most recent patches, upgrades, and anti-virus software.

Updated on November 8th at 10:55 PST: As the number of reports increased, it became clear that the forced password resets were not limited to China or those with links to it. Twitter has issued a statement explaining that the number of warnings issued was inflated by mistake. The company has not said where the epicentre of actually suspected attacks lay.

We’re committed to keeping Twitter a safe and open community. As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.

In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused.

© Samuel Wade for China Digital Times (CDT), 2012. | Permalink | 2 comments | Add to del.icio.us
Post tags: 18th party congress, hacking, security, Twitter
Download Tools to Circumvent the Great Firewall