In Digital Assassination (p. 111), we reported how the People’s Liberation Army of China supports a thriving network of hackers who regularly raid the systems of U.S. businesses and government institutions. Now we have an address for one of the PLA’s official units – not just a digital address, but a physical one.
The willingness of official sources to disseminate Mandiant’s detective work in identifying the large, sophisticated hackers in Unit 61398 of the People’s Liberation Army of China – right down to an actual office tower in Shanghai – is a rightful show of anger over years of extreme provocation.
But naming names is just a start.
Unit 61398 has not only stolen proprietary information (including Coca-Cola’s negotiating strategy in a failed attempt to buy China’s Huiyan Juice Group), it’s also showing a troubling propensity for seeking the digital keys to critical infrastructure – chemical plants, pipelines, and the electrical grid.
“Right now there is no incentive for the Chinese to stop doing this,” Rep. Mike Rogers, (R-AK), Chairman of the House Intelligence Committee told The New York Times. “If we don’t create a high price, it’s only going to keep accelerating.”
In the meantime, spearphishing has become so sophisticated that it is all but impossible to counter. The Times reports that a part-time employee received an email seemingly from his boss in perfect English, “discussing security weaknesses in critical infrastructure systems, and asked the employee to click a link to a document for more information.”
Which was, of course, the attack itself.