Mandiant claims that the elite unit operates at least 937 servers in 13 countries. One of the key Chinese nationals involved has worked under the code name "UglyGorilla" since 2004, while two other hackers use the names "SuperHard" and "Dota." According to Mandiant, the scope of the evidence leaves little doubt that soldiers with Unit 61398 are behind the hacker attacks. The White House, which was notified in advance, privately confirmed the report's conclusions, while the Chinese denied them. "The Chinese military has never supported any hacking activities," said spokesmen for China's Foreign and Defense Ministries, adding that China is in fact "one of the main victims of cyber attacks."
The dossier publicly emphasizes, for the first time, what has long been claimed in intelligence circles: that the power apparatus of the Chinese government is behind at least some of the attacks. Following the report's publication, European ambassadors in Beijing moved the accusations to the top of their agenda. The diplomats agreed that China has become too large and powerful for a single European Union country to tangle with it.
The US government has now defined the attacks as a key issue, and cyber security is now on the agenda of the Strategic Security Dialogue between Beijing and Washington. China's IT espionage is the biggest "transfer of wealth in history," says General Keith Alexander, head of the US military's Cyber Command. The companies that Mandiant claims were the targets of attacks include one with access to more than 60 percent of the oil and natural gas pipelines in North America. "A hacker in China can acquire source code from a software company in Virginia without leaving his or her desk," says US Attorney General Eric Holder.
Last summer, Holder launched a training program for 400 district attorneys to specifically investigate cyber attacks by foreign countries. And last week, Holder presented the government's plan to prevent the theft of intellectual property. Following the Mandiant report, there have been growing calls in the United States for tougher action, including such steps as entry bans for convicted hackers and laws to enhance the options available to companies to fight data theft under civil law. Referring to Beijing, James Lewis of the Center for Strategic and International Studies told the Wall Street Journal: "You've got to keep pushing on them."
Germany Like a Developing Country
Germany is a long way from increasing pressure on the Chinese. In fact, when it comes to cyberspace, Germany sometimes feels like a developing country. When companies like EADS are attacked, it is a question of coincidence as to whether the German government learns of the incidents. The draft of the country's new IT Security Law, which Interior Minister Hans-Peter Friedrich, a member of the conservative Christian Social Union (CSU) unveiled in early February, at least envisions a reporting requirement for companies that are attacked. But there is a strong chance that the ministries involved in the proposed legislation will destroy the draft before the German national election in September.
The government approved a national cyber security strategy two years ago, and Germany's new Cyber Defense Center has been staffed with a dozen officials since then, but it's little more than a government virus scanner. The center lacks authority and clear policies on how the government intends to handle threats originating from the Internet. The federal agencies are "not even capable of appreciably defending themselves against an attack," scoffs a senior executive in the defense industry.
The country's foreign intelligence agency, the BND, has the most experience with cyber attacks. The agency, based near Munich, is also involved in digital espionage and has used Trojans and so-called keyloggers in more than 3,000 cases. BND President Gerhard Schindler wants to combine previously scattered personnel into a single subsection, and the necessary new positions have already been approved. An official from the Chancellery will likely head the new group.
The BND wants its future capabilities to not only include infiltrating an outside computer system. It also intends to develop a sort of digital second-strike capability to shut down the server of a particularly aggressive attacker.
That would be the worst-case scenario.
REPORTED BY RALPH NEUKIRCH, JÖRG SCHMITT, GREGOR PETER SCHMITZ, HOLGER STARK, GERALD TRAUFETTER, BERNHARD ZAND.
Translated from the German by Christopher Sultan
Stay informed with our free news services:
|All news from SPIEGEL International||Twitter | RSS|
|All news from World section||RSS|
© SPIEGEL ONLINE 2013
All Rights Reserved
Reproduction only allowed with the permission of SPIEGELnet GmbH