Mad Magazine, the NSA and Chinese Army Hackers

A quick follow up to yesterday’s post, continuing the “Jeez, you just can’t keep a good secret anymore” meme for the week.  If you follow politics or business news you may have seen lots (and lots and lots) of headlines lately regarding US economic losses, political wrangling and business executives’ hand-wringing over enormous, far-reaching and, by all accounts, incredibly effective Chinese hacking and cyber penetration of American companies, research labs and government agencies.  (Reading like a list of B-grade spy movies, feel free to read about “Operation Shady Rat” or “Byzantine Foothold” for some eye-opening facts and figures if this stuff isn’t your normal beat.)


Recently, there was great sturm und drang after the folks over at Mandiant produced a very detailed and revealing public report about just how big, bad, widespread and effective these efforts have been (which wasn’t entirely news to those in the know), and much more interestingly, great specifics on how it was done, and by whom, (which was).


A division of the Chinese People’s Liberation Army known by the not-entirely-inspirational moniker of “PLA Unit 61398” has since been the topic of much discussion in the press, the government and the security community.  (Not that a sexy moniker is all that important I suppose.  I hear it’s a great place to work with great benefits.  You can read one of their recruiting notices here if you’d like – see aforementioned “Jeez, can’t anybody keep a secret anymore?” discussion.)


Not to be outdone, (and in a piece that made me feel a bit like I was seeing a media version of the old Spy vs. Spy cartoons) FP just published a story headlined “Inside the NSA’s Ultra-Secret China Hacking Group”.  When the article includes a description of the inside of the building and the door into the room housing said “Ultra-Secret” unit, I’m pretty sure the folks who work there had a pretty significant hand in un-secreting it.


Still, given that the Chinese have long said they have their own mountains of data that we’ve been doing the same to them, perhaps this was just a timely PR use of information that, like Unit 61398, was about to enter the public conversation anyway.  The more I think about it, the more resonant that old cartoon strip seems.  They do it to us.  We do it to them.  Both sides know it, and the game goes on.  My guess is that what is a little bit different now is that both sides have to learn to play a game of shadows on a field that’s far more brightly lit than ever before.


IMO, China’s welcome to lead the world in some things…

A week or so ago, I noted, via an awesome slide from Bit9 Security, that Chinese hackers are just workin’ stiffs like the rest of us.  Then I had a quick piece that even here in the West we see increasing indications they face some of the same concerns we do with regard to the trouble of keeping information bottled up.  (This was further emphasized today by the stories, backed by pretty strong evidence, claiming that a hacker going by “Hardcore Charlie” has penetrated China Electronics Import & Export Corporation or “CEIEC”, China North Industries Corporation, WanBao Mining, and others.)

Well, today, (OK it was actually Friday, but apparently I forgot to hit “Publish” before I sat down to dinner on Friday) another in the trickle of “China has now surpassed the US” stories, and this one they’re welcome to.

The Anti-Phishing Working Group reported today that China’s e-commerce site “Surpasses PayPal as the World’s Most Phished Brand“. Seems not even the (I should say alleged) world leaders in the theft of sensitive information are immune to the even the simplest forms of stealing sensitive data. This includes both intentional dOxxing like Hardcore Charlie, and the inadvertent revelations that simply can’t be stopped in world full of camera phones and Twitter (and Weibo) accounts.  (See the TV documentary that caught Chinese army personnel using click-to-play Cyber attack tools in the background as a fun example.)

Being trained in macroeconomics and generally favoring the Darwinian benefits of competition, I have to say this is one crown I’m happy to hand over.

Thanks again to the APWG for some very useful stats and reporting in today’s release.  Full report is at:

Disclaimer: The views expressed on this blog are mine alone, and do not represent the views, policies or positions of Cyveillance, Inc. or its parent, QinetiQ-North America.  I speak here only for myself and no postings made on this blog should be interpreted as communications by, for or on behalf of, Cyveillance (though I may occasionally plug the extremely cool work we do and the fascinating, if occasionally frightening, research we openly publish.)

Well it’s nice to know our adversaries are just workin’ stiffs like the rest of us.

I happened across this in a deck from Bit9 Security from this week’s TechSecurity Conference, and just thought this was too good not to share. It’s a timeline pattern for attacks they guys at Bit9 see/detect.  I think it pretty much speaks for itself.  Awesome.

Bit9 Timeline Image









(The deck’s a good read by the way.  Well OK it’s a good read if you’re the type of nerd who’s into this stuff.)

%d bloggers like this: