Cyber War: China is the Cyber Espionage Capital Of the World


China has long been considered by computer security experts to be one of the most active state actors in cyberspace, especially for its alleged widespread use of cyber espionage to steal economic and technological secrets from the U.S. and its economic rivals across the world.

Though China has long been regarded as an active cyberspace power with a long track record in cyber espionage around the world, this accusation comes with some new details: the People's Liberation Army (PLA) is directly involved with cyber espionage against the U.S.

In the past few days, Mandiant, a Virginia-based information security firm, has accused one of China's secret military units of conducting cyber espionage on a wide scale, including the theft of data from 141 companies in 20 important industries.

The details of this stern accusation are detailed in a 60-page report highlighting the work of this secret Chinese cyberwarfare unit operating out of Shanghai, which will do little to to improve China's reputation in cyberspace and beyond.

China's cyber reputation:

In the 21st century, the three great powers in cyberspace are China, America, and Russia. All three nations have all used cyberspace to advance their intersts at home and abroad.

The Russians spy on their adversaries and the Americans have their cyber weapons programs and cyber espionage programs, which were on display during the recent "Flame" incident.

China, on the other hand, stands out as the most "persistent collector" of U.S. and Western economic secrets.

Ellen Nakashima and Craig Timberg of The Washington Post report that most Washington, D.C. institutions have been hacked by the Chinese.

James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, put the situation aptly: "The dark secret is there is no such thing as a secure unclassified network. Law firms, think tanks, newspapers — if there’s something of interest, you should assume you’ve been penetrated [by Chinese hackers]."

U.S. government agencies, defense contractors, major U.S. companies (Google, Coca-Cola and others), newspapers (the New York Times, Washington Post, and Wall Street Journal) have all been the subject of Chinese hacking.

This type of activity has been going on for years, including multiple cyber campaigns against U.S. and Western targets with the end goal of making China a competitive economic and political powerhouse in this century.

In short, China has a bad reputation for using cyberspace to "borrow" economic and technological secrets from the U.S. and the world, all to further develop its national power and standing in the 21st century.

Unit 61398 of Shanghai:

The recent Mandiant report identifies a secret People's Liberation Army cyberwarfare unit operating out of Shanghai on "Datong Road in Gaoqiaozhen, which is located in the Pudong New Area," which has been codenamed "Unit 63198" of the PLA's 3rd Department.

The Unit uses at least 1000 servers, demonstrating the size of their operation, and they have connections to China Telecom, a state-owned eneterpise. They also "used IP addresses registered in Shanghai and systems set to use the simplified Chinese language," which have been traced back to the neighborhood where Unit 63198 operates out of.

The 3rd General Staff Department is responsible for signals intelligence within the PLA and "tasked with the network defense and possibly exploitation missions." Unit 63198 is supposed to be secret and its known mission is to "to function as the Third Department's premier entity targeting the United States and Canada [through computer network operations], most likely focusing on political, economic, and military-related intelligence" and also all other countries where English is the primary language.

The video below, provided by Mandiant, gives a brief overview of Unit 63198's activities:

Moreover, the Mandiant report notes that "all industries related to China’s strategic priorities are potential targets of [Unit 63198's] comprehensive cyber espionage campaign [and] our observations confirm that APT1 has targeted at least four of the seven strategic emerging industries that China identified in its 12th Five Year Plan."

The Unit has taken a range of specific things from its targets, including 115 thefts from the U.S.; the files taken include business plans, manufacturing technology, policy positions, product development information, user IDs, and the passwords and emails of executive level officials.

This secret hacker unit doesn't steal money or any of the common activities of non-government hackers or organized cyber crime organizations. It goes after strategic objectives that the Chinese government are interested in for economic development. They use "military-grade computer network operations."

In a nutshell, either Unit 63198 is responsible for all the hacking alleged by Mandiant, or a "secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multi-year, enterprise scale computer espionage campaign right outside of Unit 61398’s gates, performing tasks similar to Unit 61398’s known mission" without the knowledge of the Chinese government.

Whether or not this report's contents are true or not, it gives one strong reasons to believe that we've found the link between the PLA and China's cyber espionage activities, as well as raise China's bad reputation as a cyber espionage facilitator.