中國解放軍網路偷襲美國--美國將反擊

網路攻擊 美頭號安全威脅 〔編譯陳成良／綜合報導〕美國情報部門十二日公布全球威脅年度報告，指出網路攻擊對國家安全和經濟安全的威脅正日益加劇。美國國家情報首長克萊伯更首度指出，網路攻擊和網路間諜活動已取代恐怖主義，成為美國的頭號安全威脅。 在此同時，美國國防部網路指揮部指揮官亞歷山大十二日在參議院軍事委員會的聽證會上，也罕見地承認美國軍方發動網路作戰的實力。他表示，美國遭網路攻擊的情況日趨嚴重，華爾街銀行遭網路攻擊的次數顯著增加，五角大廈已成立專業部隊處理。 美軍反擊 成立作戰小組 亞歷山大透露，網路指揮部最遲將在二○一五年秋天成立十三個攻擊小組，以捍衛美國免於受到來自海外的大型網路攻擊，另有二十七個小組支援網路行動。他說，美軍總共有三個網路軍事小組，首先是網路國家任務部隊，負責對應全國性威脅；其次是網路戰鬥任務部隊，負責行動控制；最後是網路保護部隊，直接負責網路環境安全。他說，這些部隊有三分之一會在九月前成立，另外三分之一則要一年後才就緒。 另外，在參院情報委員會聽證會上，克萊伯、聯邦調查局局長穆勒和中央情報局局長布瑞南也就全球威脅問題作證。這些高級情報官員還前所未有的將這一問題與全球恐怖主義引發的危險更直接地加以比較，並對電腦科技迅速演變，安全專家難以趕上，表示關切。 他們指出，美國很容易受到網路間諜、網路犯罪以及徹底破壞電腦網路行動的影響，這些都來自於精心策劃的、政府支持的攻擊行動，以及駭客犯罪集團和網路恐怖份子。 網攻黑手 歐巴馬點名中國 美國總統歐巴馬也在十三日播出的電視專訪中指出，針對美國企業和基礎設施而來的網路攻擊，部分是由「國家資助」，「我們已向中國和其他若干國家表明，我們期望他們能遵循國際規範和國際規定」，「我們已和他們展開強硬的談判」。白宮表示，歐巴馬十三日將與企業領袖商討如何加強美國商業網路安全。 美資安報告／襲美駭客 來自中國解放軍 61398部隊 美國資訊安全公司Mandiant報告指稱發動對美國政府機關、企業網路攻擊的中國解放軍「六一三九八部隊」總部所在大樓。（法新社） 〔編譯管淑平／綜合報導〕美國資訊安全公司Mandiant追蹤近年入侵美國政府機關和企業的駭客攻擊，直指其中逾一百起攻擊來自中國解放軍秘密單位「六一三九八部隊（Unit 61398）」。調查指出，這些攻擊有很大比例發自上海浦東新區一棟十二層大樓內部或周邊，而這棟大樓正是六一三九八部隊總部所在地。 中國網軍上海浦東秘密基地曝光 Mandiant十九日發表的這份七十四頁報告指出，這棟辦公大樓位於上海浦東新區大同路上，美國情報單位挖掘解放軍此一秘密單位活動多年，越來越多經官方證實的證據顯示，近年入侵美國企業、組織與政府機關的駭客攻擊，有非常大比例源自這棟大樓內部，或小範圍內的周邊區域。 首次追蹤到解放軍單位總部門前 這是美國資安公司追蹤被稱為「評論團（Comment Crew）」或「上海集團」的中國最頂尖駭客集團各個成員活動，首次追蹤到解放軍單位總部門前。Mandiant的調查未能直接證明駭客就在這棟十二層樓大樓中，但認為別無其他合理解釋，為何這麼大比例的攻擊出自一個相對小區域。 Mandiant曾受紐時委託調查該報遭中國駭客攻擊事件。其他追蹤Comment Crew的資安公司也認為，這個團體受到國家支持；最近一份彙整美國十六個情報單位共識的機密級「國家情報評估」報告指出，這些駭客集團不是由軍方人員運作，就是承包像六一三九八這種單位的業務，奉命行事。Comment Crew之名來自其成員偏好在網路留言中暗藏密碼訊息。 Mandiant追蹤Comment Crew活動，鎖定其中自二○○六年以來一百四十一起由其中被稱為「APT1」團體發動的攻擊，APT為「進階持續性滲透攻擊」縮寫。Mandiant追蹤APT1網路位址發現有超過九成源自六一三九八總部所在區域，促使他們認定「APT1就是六一三九八部隊」。調查也發現，國營中國電信公司以國防名義，提供六一三九八總部專用高速光纖網路線路。 六一三九八部隊是中國網軍大本營之一，隸屬於負責情報蒐集的解放軍總參謀部第三部第二局，其對美國企業、政府機關的攻擊行動平均持續一年，有一案例長達四年又十個月，對象包括軍方承包商、化學、礦業、衛星電信企業等二十種重要產業，最令調查人員憂慮的是，近期攻擊重點已不只竊取資訊，還包括掌握控制電力網等重要基礎設施的能力。 中國國防部則駁斥這份報告與事實不符，表示軍方從未支持駭客入侵行動，並稱中國也是網路攻擊的最大受害者之一。   US ready to strike back against China cyberattacks By LOLITA C. BALDOR | Associated Press – 3 mins 26 secs ago Associated Press - The building housing “Unit 61398” of the People’s Liberation Army is seen in the outskirts of Shanghai, Tuesday Feb. 19, 2013. Cyberattacks that stole information from 141 targets in the …more U.S. and other countries have been traced to the Chinese military unit in the building, a U.S. security firm alleged Tuesday. According to the report by the Virginia-based Mandiant Corp., it has traced the massive amount of hacking back to the 12-story office building run by “Unit 61398”, and that the attacks targeted key industries including military contractors and companies that control energy grids. China dismissed the report as "groundless."(AP Photo) less WASHINGTON (AP) — As public evidence mounts that the Chinese military is responsible for stealing massive amounts of U.S. government data and corporate trade secrets, the Obama administration is eyeing fines and other trade actions it may take against Beijing or any other country guilty of cyberespionage. According to officials familiar with the plans, the White House will lay out a new report Wednesday that suggests initial, more-aggressive steps the U.S. would take in response to what top authorities say has been an unrelenting campaign of cyberstealing linked to the Chinese government. The officials spoke on condition of anonymity because they were not authorized to speak publicly about the threatened action. The White House plans come after a Virginia-based cybersecurity firm released a torrent of details Monday that tied a secret Chinese military unit in Shanghai to years of cyberattacks against U.S. companies. After analyzing breaches that compromised more than 140 companies, Mandiant has concluded that they can be linked to the People's Liberation Army's Unit 61398. Military experts believe the unit is part of the People's Liberation Army's cyber-command, which is under the direct authority of the General Staff Department, China's version of the Joint Chiefs of Staff. As such, its activities would be likely to be authorized at the highest levels of China's military. The release of Mandiant's report, complete with details on three of the alleged hackers and photographs of one of the military unit's buildings in Shanghai, makes public what U.S. authorities have said less publicly for years. But it also increases the pressure on the U.S. to take more forceful action against the Chinese for what experts say has been years of systematic espionage. "If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three or four times, the president would be on the phone and there would be threats of retaliation," said former FBI executive assistant director Shawn Henry. "This is happening thousands of times a day. There needs to be some definition of where the red line is and what the repercussions would be." Henry, now president of the security firm CrowdStrike, said that rather than tell companies to increase their cybersecurity the government needs to focus more on how to deter the hackers and the nations that are backing them. James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said that in the past year the White House has been taking a serious look at responding to China, adding that "this will be the year they will put more pressure on, even while realizing it will be hard for the Chinese to change. There's not an on-off switch." The Chinese government, meanwhile, has denied involvement in the cyber-attacks tracked by Mandiant. Instead, the Foreign Ministry said that China, too, is a victim of hacking, some of it traced to the U.S. Foreign Ministry spokesman Hong Lei cited a report by an agency under the Ministry of Information Technology and Industry that said in 2012 alone that foreign hackers used viruses and other malicious software to seize control of 1,400 computers in China and 38,000 websites. "Among the above attacks, those from the U.S. numbered the most," Hong said at a daily media briefing, lodging the most specific allegations the Chinese government has made about foreign hacking. Cybersecurity experts say U.S. authorities do not conduct similar attacks or steal data from Chinese companies, but acknowledge that intelligence agencies routinely spy on other countries. China is clearly a target of interest, said Lewis, noting that the U.S. would be interested in Beijing's military policies, such as any plans for action against Taiwan or Japan. In its report, Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a white 12-story office building run by the PLA's Unit 61398. Mandiant said there are only two viable conclusions about the involvement of the Chinese military in the cyberattacks: Either Unit 61398 is responsible for the persistent attacks or they are being done by a secret organization of Chinese speakers with direct access to the Shanghai telecommunications infrastructure who are engaged in a multi-year espionage campaign being run right outside the military unit's gates. "In a state that rigorously monitors Internet use, it is highly unlikely that the Chinese government is unaware of an attack group that operates from the Pudong New Area of Shanghai," the Mandiant report said, concluding that the only way the group could function is with the "full knowledge and cooperation" of the Beijing government. The unit "has systematically stolen hundreds of terabytes of data from at least 141 organizations," Mandiant wrote. A terabyte is 1,000 gigabytes. The most popular version of the new iPhone 5, for example, has 16 gigabytes of space, while the more expensive iPads have as much as 64 gigabytes of space. The U.S. Library of Congress' 2006-2010 Twitter archive of about 170 billion tweets totals 133.2 terabytes. "At some point we do have to call the Chinese out on this," said Michael Chertoff, Homeland Security secretary under President George W. Bush and now chairman of the Chertoff Group, a global security firm. "Simply rolling over and averting our eyes, I don't think is a long-term strategy." Richard Bejtlich, the chief security officer at Mandiant, said the company decided to make its report public in part to help send a message to both the Chinese and U.S. governments. "At the government level, I see this as a tool that they can use to have discussions with the Chinese, with allies, with others who are concerned about this problem and have an open dialogue without having to worry about sensitivities around disclosing classified information," Bejtlich said. "This problem is overclassified." He said the release of an unclassified report that provides detailed evidence will allow authorities to have an open discussion about what to do. Mandiant's report is filled with high-tech details and juicy nuggets that led to its conclusion, including the code names of some of the hackers, like Ugly Gorilla, Dota and SuperHard, and that Dota appears to be a fan of Harry Potter because references to the book and movie character appear as answers to his computer security questions. The White House would not comment on the report expected Wednesday. "We have repeatedly raised our concerns at the highest levels about cybertheft with senior Chinese officials, including in the military, and we will continue to do so," said Caitlin Hayden, spokeswoman for the National Security Council. "The United States and China are among the world's largest cyber actors, and it is vital that we continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace." Sen. Dianne Feinstein, D-Calif., chairman of the Senate Intelligence Committee, said the report reinforces the need for international agreements that prohibit cybercrimes and have a workable enforcement mechanism.