China breaks ceasefire, restarts hacking US government

After a three-month hiatus, Chinese hackers are once again targeting US government sites, according to government officials and the security firm that first uncovered the attacks.

"They dialed it back for a little while, though other groups that also wear uniforms didn't even bother to do that," Kevin Mandia, the chief executive of Mandiant, told The New York Times. "I think you have to view this as the new normal."

Mandiant identified the hacking attacks as coming from Unit 61398 (also known as the 2nd Bureau of the People's Liberation Army's General Staff Department's 3rd Department). The attack team has used its time off to tweak its code slightly, the company said, and has set up new command and control servers. Attacks are at about 70 per cent of prior levels, Mandiant reports.

Unit 61398 is thought to be behind the attacks on the NYT, as well as successfully infiltrating RSA's SecureID system to enable a break-in at Lockheed Martin's servers. After being publicly identified, the group went dark, and the Chinese government insisted that it was more sinned against than sinning.

Government officials who spoke to the NYT said that patience with the Chinese hackers is running out. A report recommending action is due out on Wednesday from President Obama's former director of national intelligence, Dennis Blair, and former ambassador to China and Republican presidential candidate Jon Huntsman.

"Jawboning alone won't work," Mr. Blair said on Saturday. "Something has to change China's calculus."

Quite what the administration is prepared to do, however, remains in question. While the Pentagon has said it views some hacking attacks as worthy of a physical response, it's hard to imagine any such action would be taken against China or other nations engaging in hacking.

"It is becoming ever clearer that nation-states are institutionalizing cyberespionage and cyberwarfare," Torsten George, VP at security risk management vendor Agiliance told El Reg.

"Government secrets, high-value infrastructure assets, corporate data, IP, customer data are all continually at risk. Incoming threats are not volleys, they are akin to silent AK-47 automatic rifle fire, continuous and destructive."

It's not as though the US doesn't engage in this sort of behavior itself, as we've seen with the Stuxnet attacks. Admittedly, the US hasn't embraced such attacks for purely economic advantage (that we know about for sure) but the government seems to have had enough with China.

"This is something we are going to have to come back at time and again with the Chinese leadership," an official told the NYT, saying China will "have to be convinced there is a real cost to this kind of activity." ®