Meet Zhang Changhe – He Hacks for Beijing
by Benjamin Carlson - Tuesday, May 28, 2013
by Benjamin Carlson - Tuesday, May 28, 2013
Cyb3rsleuth said he felt like he’d found the face of a ghost when he saw pictures on a blog linked to Zhang Changhe, one of the most famous Chinese military hackers.
96 percent of all cyber-espionage intrusions in 2012 had Chinese hackers behind them, making them the most active source of national and industrial espionage in the world today.
These days, any conversation about hacking and cyber warfare inevitably has to turn to China. The People's Republic is, by just about any measure, home to the world's most relentless, prolific and successful hackers in the world. More cyber-attack traffic comes from China than any other country: over 40 percent of the world total in the last quarter of 2012, according to a new report by Akamai Technologies (Disclosure: Paul Sagan, Akamai's executive vice chairman, is one of GlobalPost's investors). And when it comes to spying, China's preponderance is even more striking.
Verizon estimates that 96 percent of all cyber-espionage intrusions in 2012 had Chinese hackers behind them, possibly making them "the most active source of national and industrial espionage in the world today." Their targets have ranged from Coca Cola and Google to journalists, human-rights lawyers, air-traffic control systems and the Pentagon. To many, hackers are a nuisance who clutter their inboxes with poorly crafted spam, but to the U.S. economy, according to Greg Autry of the Coalition for a Prosperous America, it's a $400 billion problem. The crisis is so great that the White House has begun speaking out publicly against the attacks.
When chairman of the U.S. Joint Chiefs of Staff Martin Dempsey visited Beijing in April, he discussed the matter with Fang Fenghui, chairman of the People's Liberation Army General Staff. While Fang denied that China was hacking the U.S., he stressed the gravity of the issue by saying that cyber-attacks could have consequences "no less serious than a nuclear bomb." In early May, the Pentagon upped the tension, explicitly accusing the Chinese government of cyber espionage targeting US government computers. "China is using its computer network exploitation capability to support intelligence collection against the US diplomatic, economic and defense industrial base sectors," a Pentagon report noted. Chinese officials have long maintained that Beijing has no connection to cyber-espionage, despite mounting evidence to the contrary.
But who are the hackers behind this threat? Are they quasi-anarchist mobs like Anonymous? Organized crime rings? Or just tech-savvy kids with too much free time?
The answer, according to several anti-malware researchers consulted for this article, is none of the above. While many details remain unknown, security experts are convinced that China's most persistent, diligent hackers are inextricably connected to the military and government. The hackers' sloppiness — or indifference — has allowed researchers to uncover some of their individual names and identities. A spate of new reports and discoveries by cyber security firms paint a strikingly detailed composite portrait of some of the individuals behind these attacks. Here's a guide.
How Many Are There?
Estimates of the number of state-sponsored hackers in China range from hundreds to thousands, given the volume of sustained attacks and the amount of support staff that would be needed to maintain servers and technical infrastructure. Joe Stewart, director of malware research at Dell SecureWorks, tracks tens of thousands of websites that have been taken over by Chinese hackers. These websites are used by hackers to communicate with machines infected with their malware.
How Sophisticated Are They?
"Not very," says Stewart. Compared to mafia hackers in Russia and the Ukraine, Chinese hackers tend to use simpler techniques, he says, and make less of an effort to cover their tracks. Their primary tactic for penetrating systems is phishing — sending targets malware-filled emails that pretend to be from a trusted colleague or partner. Though simple, it's undeniably effective. According to the latest Verizon report, this trick is used in 95 percent of state-sponsored espionage attacks. Chinese actors have become particularly ingenious at crafting plausible-sounding emails and attachments.
In fact, after Mandiant released its report tying hackers in Shanghai to the People's Liberation Army, a fake copy of the report was filled with malware and sent to Japanese reporters. "Their tools and techniques are not sophisticated but they are very persistent when it comes to targets," says Cyb3rsleuth, an India-based anti-malware researcher. "[Chinese hackers] are focused. They are best in the business when it comes to hacking."
What's Their Goal?
Unlike Russian criminal syndicates, Chinese groups are not so interested in your credit-card numbers or PayPal password. Their target is information: weapon designs, chemical formulas, product blueprints, negotiating strategies, private emails. They feed this information not only to the military or government, but also to Chinese firms that might profit from it. This, in addition to sheer scale, is what makes China's hackers different. While all governments spy, China's is unique for the degree to which it systemically raids private companies for industrial advantage. The other main goal is security and intimidation. Chinese hackers have been found to target law firms, media organizations, and human-rights groups that deal with "sensitive" issues like Tibet, Taiwan and political dissidents.
What Sort of Life Is It?
Those who track them say that for China's most active groups, hacking is less a secret hobby than a 9-to-5 desk job. The servers used to host malware switch on around 7:00 or 8:00 in the morning, Beijing time, and turn off around 6:00 p.m. During China's two major holiday weeks, Stewart says, the hacking activity typically ceases. Like any American office drones, they also have their complaints. One hacker named Wang whose blog was uncovered by the Los Angeles Times wrote about a litany of grievances. The office was located in one of "the most remote areas of the city." His boss wanted him to improve his English, but forbade him from reading foreign media. His manager hovered over his shoulder early in the mornings. "Fate has made me feel that I am imprisoned," he wrote.
"I want to escape." And like any white-collar worker, of course, he also slacked off. One day, Wang wrote that he "didn't do much" and went for a swim in the afternoon. "As far as work goes, if you master it to a degree, as long as you don't get on the wrong side of the boss, it's okay."
WAR on Cyber Attack:"Cyber Attack is considered Act of WAR"
China - Japan War
China - India War