China Claims IP Hijack After Hacking Allegations

China has hit back at reports that government-backed hackers are targeting Western organisations

China has come out fighting after a report suggested a team of Chinese hackers linked to its military had been battering English-speaking firms with advanced attacks.

The Chinese denial came after security company Mandiant, which worked with the New York Times when it was recently hit, supposedly by Chinese hackers, claimed the People’s Liberation Army was likely backing the group.

The security company firmly identified a major hacking group known as APT1 as being behind the attack.

China allegations

According to Mandiant, it has observed the APT1 hackers steal countless gigabytes of sensitive data from many worldwide businesses and organisations over the years.China © Stephen Finn, Shutterstock 2012

Mandiant said it had traced the hacking attacks to four networks near Shanghai, and apparently identified a building on Datong Road as the source. This building is also reportedly the headquarters of Unit 61398, a secret wing of the People’s Liberation Army.

It is “one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen”, Mandiant said in its report.

“The details we have analysed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them,” the security firm said.

But the Chinese government has moved quickly to denounce the allegations, claiming Mandiant’s report was groundless both in facts and legal basis.

IP hijacking?

“China’s laws ban any activities disrupting cyber security and Chinese government always cracks down on cyber crimes,” Geng Yansheng, spokesman with Ministry of National Defense, said at a briefing.


The government spokesman claimed the Mandiant report was based on spurious arguments, because although the IP addresses were traced to China, it claimed it was common practice to steal or hijack IP addresses.

“First, as known to all, it is a common sense and method on the Internet to conduct hacking attacks by peculating IP addresses,” the spokesman said. “It happens almost everyday.”

The spokesman then curiously went on to dispute what legally constitutes a cyber attack.

“Second, there has been no clear and consistent definition on cyber attacks around the world,” said the Chinese spokesman. “The report [lacks] legal basis to assert cyber espionage only by collecting some routine cyber activities.

“Third, cyber attacks [are] transnational, anonymous and deceptive with its source often difficult to be identified. Releasing irresponsible information will not help solve problems.”

China has long stood accused of being behind many cyber attacks, although it has repeatedly denied accusations it is sponsoring hacks on US companies. In 2011 for example, the US Office of the National Counterintelligence Executive warned that Russia and China were the “most aggressive collectors” of US economic and technology secrets.

Hacking concerns

And in August 2011, F-Secure spotted actual video proof of Chinese hacking when it saw footage of Chinese military systems hacking a US target. The footage of that alleged hack was seen during a Chinese military TV documentary.

Perhaps one of the most famous cases came against Google following the Aurora attacks. In early 2010 a diplomatic incident was triggered when Google threatened to withdraw from China because of damaging attacks against it during 2009.

Are you a security expert? Try our quiz!