China hits back at hacking claims: 'US is our top cyber-attacker'

China hits back at hacking claims: 'US is our top cyber-attacker'

Summary: Chinese officials say a US report claiming China is behind US cyberattacks is lacking a technical basis for its allegations.


Chinese officials have dismissed claims that its military is behind the vast majority of cyberattacks on the US.

The allegations, published in a report by US security company Mandiant on Tuesday, claimed a 12-storey building in Shanghai was home to a government-sponsored online espionage group. Known as APT1, the group has been targeting US businesses, government organisations and individuals, according to the company.

"The sheer number of APT1 IP addresses concentrated in these Shanghai ranges, coupled with Simplified Chinese keyboard layout settings on APT1's attack systems, betrays the true location and language of the operators," the report said (PDF).

China has refuted the claims, saying IP addresses are not a reliable enough basis for the assertions against it.

The Ministry of Defence said in a statement on Tuesday the report lacks a technical basis to conclude the source of the attacks were from China.

The Ministry said it is common knowledge hackers take over control of an IP address and that well-known uncertainties around attributing online attacks made it irresponsible of Mandiant to publish the allegations. Another problem is that there is no clear legal definition of a network attack, it said.

If IP addresses are evidence, most cyberattacks on China originate from the US, Chinese Foreign Ministry spokesman Hong Lei said on Tuesday, according to China's official news bureau, Xinhua. Beijing also claims a top target is the China People's Liberation Army, Xinhua added.

The country's officials are now highlighting how many attacks originating from foreign nations it suffers. The Foreign Ministry points to figures from China's Computer Emergency Response Team (CNCERT) showing that 73,000 offshore IP addresses controlled 14 million PCs in China and 32,000 IP addresses had control over 38,000 Chinese websites. 

In addition, the China's Ministry of National Defence claims its websites had been hit by 240,000 cyberattacks between January and March last year.

Topics: Security, Government, China

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Mandiant APT1 report has flaws

    1) Geolocation based on IP is utterly unreliable. Pudong is a huge area with economic zone for multi-nationals, and all the IP blocks Mandiant listed contain proxy servers hosted by China Telecom (look on hidemyass dot com for proof) which means you don’t need to be in Shanghai or even China.

    2) The hacker identity “DOTA” Mandiant cited has been public since 2010, after Anonymous hacked HBGary and leaked documents. Google “2j3c1k d0ta010” and see how Anonymous already outted this guy in 2010 – who’d reuse compromised identity?

    3) Mandiant’s report contains many other errors, from big ones like above, to nuanced cultural misidentification. Mandiant insists “Mei Qiang” means “China Strong”, but seemingly unaware of the reference “Mei”, or plum flower, is the national symbol for ROC(Taiwan) not PRC.
  • VPN in China

    goto http dot html

    VPN are blocked since 2011 except for the selected few?
  • More Chinese crap

    "73,000 offshore IP addresses controlled 14 million PCs in China and 32,000 IP addresses had control over 38,000 Chinese websites". Yup. Those are all those with hacked copies of Windows XP who don't update and protect their machines because they believe Microsoft will disable their system and a bunch of web masters who put up a web site but don't know how to protect them. Oh even the math doesn't add up.
    If you have a hacked site, you get it shut down.
    China seems to think that everyone else are ganging up on them.
    China wasn't only singled out. Russia [not surprised there] and India as well.
    • US intelligence says China is hacked 5 times as much as us

      Consider this fact from US-based IC source, China has the most compromised servers and attacked networks in the world, e.g. 3 days ago 437 measurable attacks on Chinese networks in 24 hours compared to about 80 on US networks.