China's APT-12, The Entity That May Be Behind The New York Times Hack

 @mflorcruzm.florcruz@ibtimes.com on January 31 2013 2:51 PM
Chinese Hacking
China's cyberespionage entity known as APT-12 seems to be behind the attack on the New York Times. What else do we know about APT-12? Reuters

The New York Times has had a rough year with China. After publishing an article about the secret wealth of Chinese Premier Wen Jiabao, the New York Times website was blocked in mainland China and on the country's social media. Following that, one of the paper's Beijing-based correspondents, Chris Buckley, was given a difficult time obtaining a press visa and had to temporarily leave the country. Now, the Times found out it has been persistently attacked by Chinese hackers for the past four months.

The nature of the hack had experts believing it was coming from a Chinese cyberattack group, dubbed APT-12 in the U.S. for Advanced Persistent Threat 12. An APT essentially means hackers are able to have access to a system for an extended or continuous amount of time, accessing the information whenever they please.

According to the New York Times, the computer systems and passwords of several reporters and other employees, including the email account of Shanghai bureau chief David Barboza, who wrote the initial report on Wen Jiabao’s family wealth, were accessed by APT entities. The Times believes that the hack was initiated only to seek information pertaining to the reporting on the Wen family.

The Times hired information security firm Mandiant to track and stop the hack, which was eventually traced to Chinese sources. Mandiant advisors are under the impression that the attacks came from the same computers used to attack United States military contractors in the past, an action that may have come from the Chinese military.

Dmitri Alperovitch, a technology security expert and co-founder of CrowdStrike, a cybersecurities company, once said, “There are two kinds of Fortune 500 companies: those that know they’ve been hacked and those that don’t know yet.” Mandiant Chief Security Officer Richard Bejtlich estimates that Chinese APT intruders alone have likely infiltrated 30 percent to 40 percent of Fortune 500 companies.

Mandiant is well-versed in hacking attacks from China. The company does extensive research on hacking patterns and has defined a general configuration for what Chinese APT activity looks like. For the most part, China’s APT hackers tend to infiltrate industries or companies aligned with the strategic objectives of the local government.

“We at Mandiant have considered the strategic impact this change will have on APT groups and the current cyberespionage campaign that has been traced back to the PRC,” Christopher Lew, a senior strategic analyst at the U.S. Department of Defense and an expert on Chinese military history and thought, wrote in a report for Mandiant.

Mandiant experts have reason to believe that China’s new leadership will only further the nation’s commitment to using intelligence coming from APT attacks, especially to benefit Chinese state-owned enterprises. 

For example, Chinese state-owned companies have had the unusual ability to increase the speed and efficiency of “manufacturing and development processes for high-tech products, negotiate acquisitions or service deals on highly favorable terms or force competing companies to change their business plans altogether,” Lew reported. Impressively fast developments have been seen in the nation’s weapon systems in the past year, like the nation’s first advanced ballistic missile and new J-14 warplane. Though many believe this is a result of China’s booming economy and shift toward domestic innovation, Mandiant believes APT espionage on foreign entities contributed to China’s remarkable technological advancement. 

“If one takes into account the ... data stolen by APT groups that Mandiant has seen during its engagements, the leaps and bounds that PRC companies have made is much more feasible and explainable,” Lew explained.

On a commercial level, the aggressive business culture in China coupled with the scarce effectiveness of intellectual property laws has created a market for corporate espionage.

“The availability of trained personnel, tools, methodology and companies that are willing to cut corners or to not ask questions regarding the sources of information make for a profitable hacking industry,” Lew said.

Of course, there is no publicly confirmed proof of PRC government-sponsored cyberespionage. Beijing has openly addressed, and dismissed, accusations of government-led network spying; Hong Lei, a Chinese Foreign Ministry spokesperson, called U.S. government reports suggesting Chinese spying “unprofessional and irresponsible.”

Join the Discussion