Further to this question at another post,
Which of the crises listed by Mr Ricks gets the least attention from the Canadian government?..
one does hope this extensive NY Times story will get Ottawa’s attention. First from near the end:
Chinese Army Unit Is Seen as Tied to Hacking Against U.S.
…the most troubling attack to date, security experts say, was a successful invasion of the Canadian arm of Telvent. The company, now owned by Schneider Electric, designs software that gives oil and gas pipeline companies and power grid operators remote access to valves, switches and security systems.
Telvent keeps detailed blueprints on more than half of all the oil and gas pipelines in North and South America, and has access to their systems. In September, Telvent Canada told customers that attackers had broken into its systems and taken project files. That access was immediately cut, so that the intruders could not take command of the systems.
Martin Hanna, a Schneider Electric spokesman, did not return requests for comment, but security researchers who studied the malware used in the attack, including Mr. Stewart at Dell SecureWorks and Mr. Blasco at AlienVault, confirmed that the perpetrators were the Comment Crew.
“This is terrifying because — forget about the country — if someone hired me and told me they wanted to have the offensive capability to take out as many critical systems as possible, I would be going after the vendors and do things like what happened to Telvent,“ Mr. Peterson of Digital Bond said. “It’s the holy grail.”..
Back to the start:
On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.
The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.
An unusually detailed 60-page study, to be released Tuesday [Feb. 19] by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
Other security firms that have tracked “Comment Crew” say they also believe the group is state-sponsored, and a recent classified National Intelligence Estimate, issued as a consensus document for all 16 of the United States intelligence agencies, makes a strong case that many of these hacking groups are either run by army officers or are contractors working for commands like Unit 61398, according to officials with knowledge of its classified content [see also: "Dragon Top Cyber Security Threat – by Far"]…
Contacted Monday, officials at the Chinese embassy in Washington again insisted that their government does not engage in computer hacking, and that such activity is illegal…
Well they would say that, wouldn’t they? More from the Washington Post:
Report ties 100-plus cyberattacks on U.S. computers to Chinese military
A U.S. security firm has linked more than a hundred cyberattacks on U.S. corporations to China’s military, according to a report released Tuesday.
The 60-page study by investigators at the Alexandria-based Mandiant security firm presents one of the most comprehensive and detailed analysis to date tracing corporate cyber-espionage to the doorstep of Chinese military facilities. And it calls into question China’s repeated denials that its military is engaged in such activities…
“We have figured things out in an unclassified way that the government has known through classified means,” said Richard Bejtlich, Mandiant Chief Security Officer, adding that the company shared the study with U.S. intelligence agencies before it was released.
The unit is just one of dozens working for the Chinese military in cyber-espionage all over the country, analysts say. There are other units within the army’s General Staff Department’s 2nd Department, which conducts military intelligence, and within the Ministry of State Security, which conducts internal counterintelligence and external espionage, according to analysts…
Thank goodness one senior person in Ottawa has been speaking out:
More background–an excerpt from a Conference of Defence Associations’ newsletter:
A panel of authors from the Rand Corporation present a thorough analysis of the different types of cyber security threats and describe the cyber security measures that are currently in place in ten different countries, including Canada…
Meanwhile something else Beijing is up to:
China takes control of strategic Pakistani port
China took over operational control of a strategic deep-water Pakistani seaport Monday that could serve as a vital economic hub for Beijing and perhaps a key military outpost.
Control of Gwadar port on Pakistan’s southwestern coast was transferred to a state-owned Chinese company, China Overseas Ports Holding Company Ltd., in a signing ceremony in Islamabad that was broadcast on TV.
Gwadar will soon be a “hub of trade and commerce in the region,” Pakistani President Asif Ali Zardari said at the ceremony. “It holds the key to bring together the countries of Central Asia” and will further improve Pakistan-China relations, he said…
Mark Collins, a prolific Ottawa blogger, is a Research Fellow at the Canadian Defence & Foreign Affairs Institute