In a move to counter recent reports claiming that a special unit in the Chinese Army is behind repeated cyber attacks on U.S. institutions, the nation Thursday claimed its military and defense ministries websites are routinely hacked from IP addresses originating within the United States.
More than 144,000 hacking attempts per month are targeted at the China Military Online and Defense Ministry websites, Defense Ministry spokesman Geng Yansheng said at a news conference, Reuters reports. Close to two-thirds of those attacks (62.9 percent) originated in the United States, Yansheng said.
The problem with numbers like that is they include almost any network activity as an attack, says Richard Stiennon, chief research analyst with IT-Harvest, a cyber defense industry research firm in Birmingham, Mich. “Everybody in the industry knows those numbers include port scans and probes, which don’t make an attack,” he said in an interview.
He recalled a cyber attack scare that erupted in 2010 when a Congressional committee was told 1.8 billion cyber attacks per month were launched against Congress and government institutions.
“Any kid in a basement can probe a computer in China,” Stiennon noted. “For that matter, Google probes every IP address every day, so you can’t call that an attack.”
Yansheng did not mention a direct link between the cyber attacks and the U.S. government—only that the attacks originated in the United States. He did note, however, that China is concerned with reports that the United States is planning to expand its cyber warfare capabilities.
Last week, a report by Mandiant, a cyber security firm based in Alexandria, Virginia, cited evidence that the Chinese military is actively supporting elite cyber warfare units whose purpose is to steal information from institutions and companies around the world. Mandiant assisted the New York Times in the wake of its breach. The report traced a hacker group Mandiant called APT1 and claimed the attackers are supported by “Unit 61398” of China’s People’s Liberation Army. Since 2006, APT1 has hacked into 141 companies in 20 major industries, Mandiant claims.
The report noted that 87 percent of the companies are headquartered in countries where English is the native language, and are in industries that China has identified as strategic.
China called the accusations in Mandiant’s report “groundless.” Chinese officials noted that China is attacked daily from IP addresses originating within the United States at that time as well. “But we have not blamed the U.S. side for this,” it said.
China, though, is a little disingenuous when it proclaims its innocence in true cyber attacks on U.S. companies, Stiennon maintained.
“I’d love to see China issue a report on how many well-crafted Mandarin emails with malicious attachments are sent to government officials or industrial executives,” he said. “That would tell us if China is under the same level of attack that the U.S. is from China.”
John Mello writes on technology and cyber security for a number of online publications and is former managing editor of the Boston Business Journal and Boston Phoenix. Disclosure: He also writes for Hewlett-Packad's marketing website TechBeacon.