Like HowStuffWorks on Facebook!

Is the Chinese army hacking American computers?

Chinese Cyber Attacks and U.S. Targets
This Shanghai tower is believed to be the origin point of recent cyberattacks.
This Shanghai tower is believed to be the origin point of recent cyberattacks.
© Imaginechina/Corbis

Despite the recent outcry that Chinese hackers have targeted U.S. companies and government entities, the attempts aren't isolated to one nation. Chinese hackers have reportedly infiltrated the Australian Reserve Bank, as well as government entities in Taiwan, Brunei, Myanmar, Vietnam and other countries [sources: Saarinen, Taipei Times].

In a method markedly similar to attacks characteristic of the Chinese military, a group of hackers targeted the New York Times by routing e-mails through computers at U.S. universities. American intelligence officials confirmed the cyberattacks were traced to a specific IP address -- a point of origin so narrow, that in the whole of China and its 1.3 billion residents, it could be pinpointed to a 12-story office building on the edge of Shanghai. Not only did the attacks on the New York Times launch from this building, so did the majority of malware targeting U.S. companies and government entities. Interestingly, the same building houses the People's Liberation Army Unit 61398, which has led to speculation that an elite group of hackers, known as the Comment Crew or the Shanghai Group, are actually sponsored by the Chinese army.

A 60-page report released by Mandiant, a U.S.-based computer security firm, details the cyber threats posed by the hackers working with PLA 61398 and categorizes their activity as APT1 -- Advanced Persistent Threat No. 1. According to the report, the Shanghai hackers have spent the last few years waging a largely undetectable and notably effective cyberespionage war against most of the developed world. In doing so, they've stolen data from at least 141 U.S. organizations equaling hundreds of terabytes. Just one terabyte equals about 220 million pages of text [source: Mandiant].

These breaches in cyber security are costly. In fact, it can be expensive even if the hackers aren't particularly successful in their efforts. It takes an average of 18 days to repair and restore systems after a cyberattack, and each attack costs an estimated $415,000. The defense industry, for example, spent nearly $20 million on cyberattacks in 2011 alone [source: Rodriguez].

Unfortunately, the costs could be far greater. An American company with direct access to more than 60 percent of North America's oil and gas pipelines has been a target of Chinese hackers. So has RSA, a computer security firm with access to passcodes that lead to sensitive corporate and government information [source: Sanger].

Although attention is focused on the Shanghai-based Comment Crew, there are other hacker cells to worry about, too. Beijing Group, for example, is believed to include dozens of people, including translators, analysts and programmers. One thing is certain: These attacks are not the work of amateurs. The scope of the cyberattacks is too large -- and too well organized -- to be the work of freelancers flexing their technological muscles [source: Lawrence].

Ironically, amateur hackers could be these groups' undoing. In the weeks after the People's Liberation Army 61398 was tied to widespread hacking, amateur cyber sleuths uncovered additional evidence. Amateur Internet detectives outed a hacker known as DOTA (after the video game "Defense of the Ancients") on Twitter. Turns out, the hacker's telephone number had been listed in a 2009 advertisement for an apartment rental just 656 yards (600 meters) from Unit 61398's Shanghai headquarters [source: Perlroth].