“We are in a State of War on the

Internet”

James D. BrownChief Engineer and Senior Fellow

Information Resource Management L-3 Communications

WE LIVE IN A CYBER WORLD

Cyber Addiction Cyber Bullying Cyber Cafe Cyber Crime Cyber Critic Cyber Dating Cyber Espionage Cyber Identity Cyber Porn Cyber Punk

Cyber Safety Cyber Security Cyber Sex Cyber Space Cyber Speak Cyber Stalking Cyber Technology Cyber Text Cyber Terrorism CYBER WARFARE

2008 US Commerce Committee Report “China is aggressively pursuing cyber warfare

capabilities that may provide it with an asymmetric advantage against the United States. In a conflict situation, this advantage would reduce current U.S. conventional military dominance.”

“Cyber space is a critical vulnerability of the U.S. government and economy, since both depend heavily on the use of computers and their connection to the Internet. The dependence on the Internet makes computers and information stored on those computers vulnerable.”

The conceptual framework currently guiding PLA IW strategy is called “IntegratedNetwork Electronic Warfare” a combined application of computer network operations and electronic warfare used in a coordinated or simultaneous attack on enemy networks and other key information systems. The objective is to deny an enemy access to information essential for continued combat operations.

Figure 1: General Staff Department of the People's Liberation Army51

Capability of the People’s Republic of China toConduct Cyber Warfare and Computer Network Exploitation

October 9, 2009

Mandiant Report“China’s economic espionage has reached an intolerable level and I believe that the United States and our allies in Europe and Asia have an obligation to confront Beijing and demand that they put a stop to this piracy.

Beijing is waging a massive trade war on us all, and we should band together to pressure them to stop. Combined, the United States and our allies in Europe and Asia have significant diplomatic and economic leverage over China, and we should use this to our advantage to put an end to this scourge.”— U.S. Rep. Mike Rogers, October, 2011

Mandiant Report Summary APT1 is believed to be the 2nd Bureau of the People’s Liberation Army (PLA) General Staff

Department’s (GSD) 3rd Department ,which is most commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398.

APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations, and has demonstrated the capability and intent to steal from dozens of organizations simultaneously.

APT1 maintains an extensive infrastructure of computer systems around the world. In over 97% of the 1,905 times Mandiant observed APT1 intruders connecting to

their attack infrastructure, APT1 used IP addresses registered in Shanghai and systems set to use the Simplified Chinese language.

The size of APT1’s infrastructure implies a large organization with at least dozens, but potentially hundreds of human operators.

In an effort to underscore that there are actual individuals behind the keyboard, Mandiant is revealing three personas that are associated with APT1 activity.

Mandiant is releasing more than 3,000 indicators to bolster defenses against APT1 operations.

Home of APT - 61398

Advanced Persistence Threat It was defined by the US Air Force and Mandiant It is a special class of targeted coordinated attacks They are highly specialized and extremely sophisticated Very stealthy (under the radar) Very hard to detect and remove Mainly aimed at US Defense Contractors Used by foreign governments and organized crime (China

and Russia) Takes advantage of US companies lackadaisical attitude

toward network security Targets are now spreading to areas of the Internet

How Do APT’s Work