At the time he worked out his theories on "The Art of War", Sun Tzu could not have imagined the reality of our days. Nowadays, next to the traditional domains in which human civilization develops, the so-called infosphere has been added1. It is a dimension that also includes the cybernetic space, which in turn is an artificial reality, that is, created by man, but not virtual, because the information it contains concerns the real world and therefore their use can have concrete consequences. Those who have collected the heritage of the famous Chinese philosopher and warrior are well aware of this and have adapted it to today's world, including the cyber dimension in the "battlefield" idealized by Sun Tzu. And who did it, created a particularly efficient elite unit, not just any military department.
Can a single cyber cell be able to penetrate information systems around the world and steal confidential military, political, financial information and above all industrial secrets and intellectual property? Can this unit bring governments to their knees and harm companies to the point of bankruptcy? Yes, according to some world-class information security companies, some intelligence services and the US Department of Justice, this unit exists and will occupy an anonymous twelve-story building located on the outskirts of Shanghai. Specifically, it would be the 61398 Unit of the Chinese Army (People Liberation Army - PLA), also known as APT (Advanced Persistent Threat) 1 and, properly, can be considered a real "army" of "warriors" "Cyber.
The start of APT1's activities, as happened for many other groups of hackers, would date back to the early 2000 years, or the years when the Internet began to expand all over the globe at an exponential rate. However, it is only in the 2013 that the evidence on the activities of the Chinese cyber cell has been made public, collected and analyzed over the years by experts in the sector. In particular, the computer security company Mandiant published a detailed and accurate report in February, in which the illegal activities of the APT1 group were connected to the Chinese intelligence and, precisely, to the aforementioned unit of the PLA. Although globally Mandiant has identified other groups of Chinese hackers, the company in the document indicated APT1 as the most "prolific" cell in all, capable of conducting massive cyber espionage campaigns and accessing amounts of information not found elsewhere. In his analysis Mandian indicated that he had confidently identified three operators of the 61398 unit, who undoubtedly acted on the basis of precise orders given by their superiors. In fact, in view of the extension of cyber espionage campaigns attributed to APT1, the report concluded with reasonable certainty that it was a group consisting of tens or, more likely, hundreds of people between specialists and officers. According to the report it would therefore be a cell that operates on behalf of a government that, for its part, supports its cyber campaigns in every aspect (financial, logistical, personnel selection and training, etc.). In particular, the data reported about the activities of APT1 from 2006 to 2013 impresses by number of:
- targets hit (including more 140 companies), almost all located in western Anglo-Saxon countries (87%);
- command and control infrastructures used for cyber operations (at least a thousand servers);
- malware variants (about 40 families) developed and used to penetrate the defenses of the targets.
However, there are two other aspects that leave you stunned more than others, namely:
- the huge amount of data that the group is able to steal in every operation (for example 6.5 terabytes of compressed data, taken in 10 months of activity against a single company);
- the ability to conduct extremely persistent operations over time. In particular, the unit would be able to penetrate the networks and systems of the objectives and to carry out uninterrupted operations for an average time of about one year. The most striking case is represented by an operation that, on the whole, has developed for well 4 years and 10 months before being discovered.
In the 2014, also on the basis of the aforementioned Mandiant report, the US authorities have identified and accused five Chinese citizens, believed to be linked to the 61398 unit, guilty of having committed several serious cybercrimes against North American companies and government agencies. In fact, the five operators of APT1 would have made some mistakes in the field of cyber operations, thus allowing the investigators to trace their identities. Even the best are wrong. However, Mr. Wen and the other colleagues still remain sought after by the Federal Bureau of Investigation.
Reporting a list of APT1 cyber operations that is even remotely exhaustive is extremely complicated. However, in order to better understand how far the Chinese cyber cell is able to go and with what effects it is useful to examine the emblematic stories of three great American companies that, despite themselves, were victims of the cyber unit in question. This is Westinghouse, world leader in the development and construction of nuclear power plants, Solarworld, solar panel manufacturing giant and ATI metals, a large company operating in the metallurgical sector. Or rather, they were such until a few years ago. In fact, all these companies have been the subject of APT1 operations between the 2011 and the 2014 with disastrous effects. The first two, following the declaration of bankruptcy, in a few years have disappeared from the market, while the third has seen almost halved its value. How could all this have happened in such a short time? A survey showed that all the companies mentioned were involved in the prodigious Chinese energy development program, aimed at drastically reducing dependence on fossil fuels. Westinghouse, for example, should have built 40 nuclear power plants in China, but the contract was suddenly terminated after the completion of the fourth plant. The reason is as simple as it is incredible: the Chinese local industry in a few months became able to build the plants themselves and this happened, according to the investigation, because the American company's industrial secrets were stolen from the US company by 61398 unit. The same fate has hit Solarworld, whose leadership in the field of solar panels has been snatched from a competing Chinese company that, in a very short time, has acquired increasingly large slices of the market, up to forcing the former bankruptcy to be declared. world leader. Also in this case, it was discovered that in the 2011-2014 period the US company was the subject of cyber espionage by APT1. ATI metals, on the other hand, despite being able to save itself from bankruptcy, had to sell to Chinese competing companies huge shares of the world steel market, previously held.
A final reflection
An article by the Wall Street Journal of some time ago divided the nations into three categories, based on the degree of cyber capability development achieved, ie nations that:
- they have been consolidating them for some time and are currently using them to support their national strategies;
- they are still developing them in some form (offensive, defensive or both);
- they have not yet begun to develop them.
As can be easily understood, China has belonged to the first category for at least a decade and the existence of units such as APT1 are a clear demonstration of this. It is also easy to imagine the sad fate that most probably belongs to those who, instead, fall into the last category or who are not working hard enough to implement concrete cyber skills. In both cases, in fact, we risk succumbing to those who have had the intelligence and the foresight to grasp, in the expansion of cybernetic space, a unique opportunity to support their more or less aggressive strategies.
Events such as those of Westinghouse, Solarworld and ATI metals, although emblematic, do not represent isolated cases. In this context, countries like ours, whose economies, crushed by globalization, are now almost exclusively based on "niche" productions, should bear in mind the teachings of the Chinese general and philosopher. So they should "run" more than ever in order to achieve their own cyber skills. On the other hand, among the many maxims attributed to the aforementioned Sun Tzu, there is one that reads "Those who are not fully aware of the damages deriving from the application of the strategies, can not even be aware of the advantages deriving from their application" !
1A term coined a few years ago in the field of information philosophy, to indicate the totality of the information space. It includes, inter alia, the Internet and telecommunications media, as well as "classic" media (books, newspapers, magazines, etc.).
(photo: web / FBI)
Main sources:
https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-a...
https://www.telegraph.co.uk/news/worldnews/asia/china/10842093/China-hac...
https://amp.thehackernews.com/thn/2015/03/china-cyber-army.html?m=1
https://www.fbi.gov/wanted/cyber/wang-dong
https://www.countercept.com/our-thinking/apt1-what-happened-next
https://www.justice.gov/usao-wdpa/pr/us-charges-five-chinese-military-ha...
https://amp.thehackernews.com/thn/2015/03/china-cyber-army.html?m=1
