In a dusty, run-down suburb of Shanghai, this white 12-story building looks like nothing out of the ordinary. But according to US surveillance, it's actually the base of the Chinese Army's cyberwarriors.
The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence - confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years - leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.
An unusually detailed 60-page study... tracks for the first time individual members of the most sophisticated of the Chinese hacking groups - known to many of its victims in the United States as "Comment Crew" or "Shanghai Group" - to the doorstep of the military unit's headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.
Since 2006, Mandiant has detected over 140 internet attack by the Comment Crew, originating from this building. Reports from other bodies suggest that even attacks by 20 or so other Chinese groups now appear to be undertaken under contracts—with links back to this white building.
Of course, the unit is considered a Chinese state secret. But if evidence like this is anything to go by—and a spokesman from the House Intelligence Committee says this report is "completely consistent with the type of activity [we've] been seeing for some time"—then that might not be the case for long. Go read the full write up by the New York Times here (or, if you want more detail, the Madiant report is here). [Mandiant via New York Times]