Not hard evidence
I have read the report and I don't see much hard evidence. There are a lot of facts in the report, but how they are linked together or where the facts come from stays a mystery. Not much substance and some dubious assumptions, in my humble opinion.
For example, how do they link the attacks to PLA's Unit 61398?
- They found that all attacks come from 4 /16 IPv4 net blocks (a total of 262k addresses), all owned by China Unicom. China Unicom is the 3rd largest telco in the world, with 273 million (!) customers in 2008.
- Then they link the netblocks to a city, Shanghai (the largest city in China, population of 23 million).
- Next they conclude that because the office of the Unicom engineer listed as contact person for the netblock is in the Pudong area
- The PLA Unit 61398 is also in the Pudong area
- Hence the IP addresses must belong to the PLA and is the source of the attack
Let me translate this into English:
- Suspect IP address belongs to a netblock owned by BT and is used in greater London area
- The BT engineer's office is in the centre of London according to whois
- MI6 is in the centre of London
- Hence the attack came from MI6.