UK Markets closed

Chinese Military's 'Global Hacking HQ Found'

(c) Sky News 2013

An unassuming 12-storey building in a suburb of Shanghai has been identified as the possible headquarters of a global hacking operation allegedly run by the Chinese military.

According to Mandiant, an American computer security company, extensive evidence collated over three years points to a white tower block in Datong Road, in the Pudong district of the city.

The building is reportedly the headquarters of the People's Liberation Army Unit 61398.

Mandiant has spent several years working for a number of well-known multinational companies who all believe they have been victims of state-sponsored hacking.

Sky News understands that five UK firms described as 'large companies - brand names' have previously employed the services of Mandiant.

Using evidence passed to its analysts by the multinationals, Mandiant has deciphered codes, analysed IP addresses and conducted a series of reverse-engineering processes.

"The details we have analysed during hundreds of investigations convince us that the groups conducting these (hacking) activities are based primarily in China and that the Chinese Government is aware of them," the report says.

Meanwhile, Jay Carney, a spokesman for the White House, said: "We have repeatedly raised our concerns at the highest levels about cyber theft with senior Chinese officials including in the military and we will continue to do so."

He declined to comment specifically on the contents of the 74-page report, which contains remarkable detail of the hacking operations.

Mandiant has identified 20 separate hacking groups in China which it calls Advanced Persistent Threats (APT (Taiwan OTC: 3682.TWO - news) ).

Its report - called Exposing one of China's Cyber Espionage Units - focuses on just one, APT1, which is believed to operate from inside the Shanghai building.

"From our unique vantage point responding to victims, we tracked APT1 back to four large networks in Shanghai, two of which are allocated directly to the Pudong New Area," the report says.

The company studied the area of Shanghai pinpointed by their analysis and discovered the Chinese military building.

Mandiant was not able physically to prove that the hackers were inside the building but is convinced that they could not be anywhere else.

"Either they are coming from inside Unit 61398 or the people who run the most-controlled, most-monitored internet networks in the world are clueless about thousands of people generating attacks from this one neighbourhood," the Mandiant's founder Kevin Mandia is quoted as saying.

Of significant concern is the suggestion that hackers originating in China, including the APT1 group, are far more prevalent and sophisticated than previously assumed.

Not only had groups linked to China stolen commercial property, but some had also infiltrated US state infrastructure companies giving them the ability, potentially, to manipulate critical infrastructure including power grids and water supplies.

The Chinese government has repeatedly denied having anything to do with state-sponsored hacking.

In January, the New York Times disclosed that Chinese hackers with an alleged Chinese military "footprint" had stolen the corporate passwords of all its employees and gained access to the personal computers of 53 employees.

"Reaching such conclusions for no reason with uncertain evidence and no proof and saying that China participates in relevant online attacks is totally irresponsible," a Chinese foreign ministry spokesman said in response to that allegation.

The alleged New York Times hacking had apparently taken place at the same time as the newspaper ran a report which suggested that outgoing Chinese premiere Wen Jiabao's family had accumulated at least $2.7 bn (£1.7bn) in "hidden riches".

Mandiant believes the activity it has uncovered represents just a tiny part of a massive hacking operation in China.

It said: "Though our visibility of APT1's activities is incomplete, we have analysed the group's intrusions against nearly 150 victims over seven years."

At Tuesday's regular foreign ministry news conference, officials shed little light on the report.

"Hacking is an international problem," Hong Lei told Sky News.

"It is neither professional nor responsible to make groundless accusations without evidence."

When pushed on the fact that the report appears to provide plenty of evidence, the spokesman said: "I don't know how this evidence in the report is tenable."

He did not elaborate.

More From Sky News