BEIJING – China’s defense ministry Wednesday rebuffed a report linking its People’s Liberation Army to sophisticated cyberattacks on US firms, saying there was no internationally agreed definition of hacking.
The 74-page analysis by the American Internet security firm Mandiant provided one of the most detailed accounts of large-scale hacking operations that many Western experts have long believed receive official Chinese support.
Security was stepped up at the 12-storey office building in Shanghai identified by Mandiant as the headquarters of the military cyberspying Unit 61398, with officers temporarily detaining journalists in the area.
Defense ministry spokesman Geng Yansheng said in a statement that Mandiant’s claims had “no factual basis” and insisted there was no consensus on what qualified as hacking.
“There has been no clear internationally agreed definition for ‘cyber attacks’,” he said, adding that the report “subjectively deduced” that online activities amounted to cyberspying.
He reiterated previous arguments by Beijing officials that attacks traced to Chinese IP addresses did not necessarily originate in the country.
“Cyberattacks are by nature transnational, anonymous and deceptive, and the origin of attacks is highly uncertain,” he said.
“It’s widely known that using stolen IP addresses to carry out hacking attacks is happening practically every day.”
In its report, Mandiant alleged the hacking group “APT1” — from the initials “Advanced Persistent Threat” — was a branch of Unit 61398 and had stolen hundreds of terabytes of data from at least 141 organisations across 20 industries.
The US said in response to the document that it regularly raises hacking concerns with China, with State Department spokeswoman Victoria Nuland saying it comes up “in virtually every meeting we have with Chinese officials”.
At a regular press briefing on Wednesday, China’s foreign ministry spokesman Hong Lei did not respond directly to a question about whether Washington had discussed the issue with Beijing.
He said instead that both sides “have maintained communication” and referred reporters to the defense ministry statement.
Security outside the building in Shanghai’s northern suburb of Gaoqiao that was said to house the military-led hacking group was tightened Wednesday after it became the object of media attention.
An AFP photographer was detained for half an hour while shooting video outside the complex, while another international news agency photographer was also briefly held.
Six Chinese soldiers in uniform pulled the AFP photographer out of a car and brought him to the guardhouse, where they searched his bag and seized his camera’s memory card before allowing him to leave with a warning.
Speaking in English, the apparent leader of the group told him no photography was allowed since it was a military installation.
Related Reading: A Convenient Scapegoat – Why All Cyber Attacks Originate in China