|A Chinese People's Liberation Army soldier stands guard in front of "Unit 61398", a secretive Chinese military unit, in the outskirts of Shanghai, Feb. 19, 2013. REUTERS/Carlos Barria
International hackers thrive in nameless obscurity. But for one Chinese government branch of suspected cyber-spies, accused of stealing hundreds of terabytes from at least 141 organizations in Canada, the U.K. and the U.S., things have become very public.
Right down to the building, outside Shanghai, where they seem to be clocking in for work.
If the newest intelligence agents count on technical prowess to work undetected in a tangle of wires and international data connections, APT1 — which U.S. security firm Mandiant named in a damning investigation released Tuesday — hasn't been as well hidden as it may have hoped.
"Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China's cyber threat actors," the report from the security firm reads, adding APT1 is believed to be the second bureau of the People's Liberation Army General Staff Department's third department, which is most commonly known as Unit 61398.
Most troubling, experts say, is the hackers seem to have gone from stealing industrial secrets to focusing on systems that could bring down critical infrastructure, such as energy pipelines.
"Not that they would use (the capability), but they could use it," Queen's University online security expert David Skillicorn said Tuesday.
Dozens — if not hundreds — of human operators are likely behind the prolific and sustained hacking of a broad range of industries in English-speaking countries, Mandiant concluded after following digital fingerprints.
China maintains it is not involved, and last month the country's defence ministry said it is unprofessional to accuse the nation of hacking.
APT1 is among dozens of groups Mandiant tracks around the world, and among an estimated 20 similar units working in China, Kevin Mandia, Mandiant's chief executive officer, said.
Industries attacked include telecom, energy, aerospace, information technology and public administration.
The Canadian arm of Televent, now named Schneider Electric, is listed as a victim. The company operates remote control systems of pipelines in North America. The hacking group also has three servers listed in Canada, according to the report.
"Our government takes cyber security seriously and operates on the advice of security experts," Julie Carmichel, spokeswoman for Public Safety Minister Vic Toews, said. "Our government recently made significant investments ($245 million) in a cyber security strategy designed to defend against electronic threats, hacking and cyber espionage."
Skillicorn believes the public naming won't deter the hackers.
"It's not as if anyone will get into trouble over what they've been doing."