The mysterious Chinese unit behind the cyberespionage charges

Shanghai, ChinaBy JOSEPH FITSANAKIS | intelNews.org
On Monday, the United States government leveled for the first time charges against a group of identified Chinese military officers, allegedly for stealing American trade secrets through cyberespionage. The individuals named in the indictment are all members of a mysterious unit within the Chinese People’s Liberation Army (PLA) command structure, known as Unit 61398. It is estimated that the unit has targeted at least 1,000 private or public companies and organizations in the past 12 years. Western cybersecurity experts often refer to the group as “APT1”, which stands for “Advanced Persistent Threat 1”, or “Byzantine Candor”. It is believed to operate under the Second Bureau of the PLA’s General Staff Department, which is responsible for collecting foreign military intelligence. Many China military observers argue that Unit 61398 is staffed by several thousand operatives, who can be broadly categorized into two groups: one consisting of computer programmers and network operations experts, and the other consisting of English-language specialists, with the most talented members of the Unit combining both skills. Computer forensics experts have traced the Unit’s online activities to several large computer networks operating out of Shanghai’s Pudong New Area district, a heavily built neighborhood in China’s largest city, which serves as a symbol of the country’s rapid industrialization and urbanization. Among other things, Unit 61398 is generally accused of being behind Operation SHADY RAT, one of history’s most extensive known cyberespionage campaigns, which targeted nearly 100 companies, governments and international organizations, between 2006 and 2011. The operation is believed to be just one of numerous schemes devised by Unit 61398 in its effort to acquire trade secrets from nearly every country in the world during the past decade, say its detractors. American sources claim that the PLA Unit spends most of its time attacking private, rather than government-run, networks and servers. As the US Attorney General, Eric Holder, told reporters on Monday, Unit 61398 conducts hacking “for no reason other than to advantage state-owned companies and other interests in China, at the expense of businesses here in the United States”. But The Washington Post points out that the recent revelations by US intelligence defector Edward Snowden arguably make it “easier for China to dismiss” Washington’s charges, since they point to Read more of this post

News you may have missed #561

Francis Gary Powers

Francis G. Powers

►►US to phase out U-2 spy plane after 50 years. After more than 50 years gathering intelligence 13 miles above the ground, the United States’ U-2 spy planes will be phased out and replaced by unmanned drones by 2015, according to reports this past week. The classified U-2 program came to light in 1960, when a Soviet surface-to-air missile brought down a U-2 flown by CIA pilot Gary Powers, who parachuted to safety but was soon captured.
►►Security company unearths ‘massive’ cyberespionage operation. A widespread cyberespionage campaign stole government secrets, sensitive corporate documents, and other intellectual property for five years from more than 70 public and private organizations in 14 countries. This is according to Dmitri Alperovitch, vice president of threat research at the cyber-security firm McAfee, who uncovered the alleged plot. The operation, dubbed SHADY RAT, targeted the United Nations and the United States, among other national and international entities.
►►South Korea expands spy ring investigation. South Korean authorities have expanded the controversial investigation into the alleged Wangjaesan spy ring, to include Read more of this post