Chinese Hackers Targeted U.S. Higher Education

The Shanghai-based Chinese hacker group dubbed "APT1" definitely targeted two higher education institutions in the United States, according to security firm Mandiant, which recently published the widely circulated report "APT1: Exposing One of China's Cyber Espionage Units."

The report, formally released Tuesday, revealed that 141 businesses, government agencies, and other organizations had been hacked by APT1, which may have stolen "hundreds of terabytes of data" in ongoing operations "beginning as early as 2006." The report alleges that APT1 is a group operating out of the Chinese military, specifically People's Liberation Army Unit 61398.

Mandiant informed Campus Technology that two of those organizations affected by APT1's activities were higher education institutions, including "one college and one scientific research institution connected to a U.S. university." The names of all of the affected organizations have been witheld owing to concerns over confidentiality, a spokesperson for Mandiant told us.

The specific purpose of the attacks isn't clear.

"We don't have direct evidence regarding why they targeted either organization," the spokesperson explained. "However, the research institution does projects for both government and private industry in several areas that match APT1's targeted industries, including high-tech networking, communications, and manufacturing technologies."

The Mandiant report itself details tactics and tools used by APT1 and reveals more than 3,000 APT1 "indicators" in an effort to "expose and degrade APT1's infrastructure and allow organizations to bolster their defenses against APT1's arsenal of digital weapons. The indicators ... include domain names, MD5 hashes of malware and X.509 encryption certificates."

The unique report also provides video showing operations conducted by APT1, such as the one below.


Mandiant video showing alleged APT1 hacker "dota" and others engaged in various hacking activities.

Since its publication, the Mandiant report has been condemned by the Chinese government as flawed and "irresponsible."

The report comes on the heels of the 2013 National Intelligence Estimate that was leaked the the Washington Post just days prior to President Obama's State of the Union address last week, in which the President used the intelligence data to support his administration's cyber espionage policy agenda. The latest NIE fingered China "as the country most aggressively seeking to penetrate the computer systems of American businesses and institutions to gain access to data that could be used for economic gain," according to the Post.

The NIE, produced by the members of the American intelligence community, is an annual report whose findings are occasionally declassified and made available to the public to support policy positions, such as the 2002 NIE, whose findings about weapons of mass destruction were used in part to help justify the invasion of Iraq.

Both the 2013 NIE and the Mandiant report are now being used by the Obama administration and Congress to support controversial measures that provide the federal government with additional mechanisms to circumvent online privacy in the name of cyber security, notably the Cyber Intelligence and Sharing Protection Act (CISPA). President Obama recently signed an executive order authorizing a number of provisions contained in the previously defeated CISPA legislation.

The original CISPA, introduced in 2011, passed the House last year before reaching the Senate, where public opposition and competing legislation caused the bill to lose steam. President Obama had originally pledged to veto CISPA over concerns about privacy.

Following the revelations in the 2013 NIE, CISPA has been reintroduced in the U.S. House of Representatives. Mandiant CEO and founder Kevin Mandia spoke at a Congressional hearing on CISPA earlier this month prior to the public release of the APT1 report and around the time of the reintroduction of CISPA in the House.

CISPA has been opposed by a number of groups with ties to education, such as the American Association of University Professors and the American Library Association, as well as indvidual university faculty members. CISPA supporters have fallen largely into the categories of telecommunications, banking, aerospace, security, technology manufacturers, and other large businesses with significant financial and regulatory ties to the federal government. Facebook was also a supporter of the original bill.

The complete report and appendices from Mandiant can be downloaded in PDF form from the security firm's site.

 

Featured