The mysterious Chinese unit behind the cyberespionage charges
May 20, 2014 2 Comments
By JOSEPH FITSANAKIS | intelNews.org
On Monday, the United States government leveled for the first time charges against a group of identified Chinese military officers, allegedly for stealing American trade secrets through cyberespionage. The individuals named in the indictment are all members of a mysterious unit within the Chinese People’s Liberation Army (PLA) command structure, known as Unit 61398. It is estimated that the unit has targeted at least 1,000 private or public companies and organizations in the past 12 years. Western cybersecurity experts often refer to the group as “APT1”, which stands for “Advanced Persistent Threat 1”, or “Byzantine Candor”. It is believed to operate under the Second Bureau of the PLA’s General Staff Department, which is responsible for collecting foreign military intelligence. Many China military observers argue that Unit 61398 is staffed by several thousand operatives, who can be broadly categorized into two groups: one consisting of computer programmers and network operations experts, and the other consisting of English-language specialists, with the most talented members of the Unit combining both skills. Computer forensics experts have traced the Unit’s online activities to several large computer networks operating out of Shanghai’s Pudong New Area district, a heavily built neighborhood in China’s largest city, which serves as a symbol of the country’s rapid industrialization and urbanization. Among other things, Unit 61398 is generally accused of being behind Operation SHADY RAT, one of history’s most extensive known cyberespionage campaigns, which targeted nearly 100 companies, governments and international organizations, between 2006 and 2011. The operation is believed to be just one of numerous schemes devised by Unit 61398 in its effort to acquire trade secrets from nearly every country in the world during the past decade, say its detractors. American sources claim that the PLA Unit spends most of its time attacking private, rather than government-run, networks and servers. As the US Attorney General, Eric Holder, told reporters on Monday, Unit 61398 conducts hacking “for no reason other than to advantage state-owned companies and other interests in China, at the expense of businesses here in the United States”. But The Washington Post points out that the recent revelations by US intelligence defector Edward Snowden arguably make it “easier for China to dismiss” Washington’s charges, since they point to systematic “cyber intrusion, wiretapping and surveillance activities [by the US National Security Agency] against Chinese government departments, institutions, companies, universities and individuals”. The administration of US President Barack Obama argues that American espionage targeting China focuses solely on national security and that the information collected does not get passed on to American companies. However, as The New York Times reports, Beijing argues that “the distinction [between national-security and economic espionage] is an American artifact, devised for commercial advantage”. The Chinese, says the paper, view business intelligence as “part of the fabric of national security”, especially since China’s international clout critically depends on it economic prowess.