posted on Feb, 21 2013 @ 04:00 PM
I realize this is a conspiracy board - but guys - this is the real deal.
Did any of you actually read the Mandiant report? I did - it's required reading because I'm a Federal Government employee working in the field of IT
/ Information Assurance / Cyber security.
Mandiant has, with a doubt, accurately traced these attacks back to China.
In the security world, we refer to "things" like this as "APT" - or "Advanced Persistent Threats". In the report, Mandiant refers to the Chinese
unit "61398" as "APT1". Their data is well founded, and definitely points to the Chinese Government (specifically the PLA - Peoples Liberation
Army) as the culprits.
I see that a lot of you are making jokes about this - but make no mistake - this is cyber warfare on an unprecedented scale. Unit 61398 (at a minimum)
has 1000+ systems they use as purely attack machines.
That means that on top of the daily use computers these "cyber warriors" have, they have an ADDITIONAL 1000+ machines they use as attack
Mandiant refers to these machines as their attack "infrastructure". Of these, over 3000+ fully qualified domain names have been assigned to the
machines in this infrastructure. That is staggering gentleman.
Unit 61398 writes custom backdoors, rootkits and exploits. They are designing sophisticated trojan horses and malware in house. One such example is a
backdoor they use that communicates from a victim machine back to it's C2 (C2 = Comand and Control) machine via a webserver. The webserver issues
commands to the victim via hidden fields in the HTML page it serves up. This is unlike any other backdoor ever seen before in the wild.
Unit 61398 targets Government, and certain specific fields in the private sector (intentionally) to steal sensitive and propietary data. Then they use
what they have stolen as advantage in the real world defense sector (like stealing data on the F-22 Raptor or Joint Strike Fighter and it's
associated technologies) or business sector to give them a leg up on competitors (like us).
Of what we know so far, they have stolen something like 40 TERABYTES of data.
The thing you have to take into account is - these hackers need resources. They need computer systems, connectivity, food, housing, etc etc. Who pays
for all this? The Chinese Government does. And they are completely denying it.
Right now - at least the defense sector - is still just trying to play catch up to secure our systems. We are not in attack mode. This is what makes
this report so crucial. The United States is scrambling to defend itself from the onslaught of Government sponsored hackers (like Unit 61398),
hacktivists (like Anonymous), and other script kiddies who want to make a name at the Governments expense.
It's scary stuff guys, and it's hurting our economy and our way of life more than you realize.