An American computer forensics firm has tracked a Chinese cyber group, according to The New York Times. The firm, Mandiant, has concluded that this hacker group is, in fact, a Chinese military unit, with the Military Unit Cover Designator (MUCD) 61398.
This major revelation confirms what has long been suspected in various quarters around the world—not only are there many Chinese who engage in various cyber espionage and hacking activities, but that many of these actions are undertaken at the direction and with the approval of the Chinese government.
That this is a military unit only heightens concern. It is important to understand that the Chinese military is organized on very different lines than the U.S. military. To begin with, China’s People’s Liberation Army (PLA) is not organized mainly along service lines (although it has a navy, air force, and long-range missile force), but under four “General Departments”:
- The General Staff Department (GSD) is responsible for military planning, intelligence, and operational implementation.
- The General Political Department (GPD) is responsible for political oversight, morale, propaganda, and military law enforcement (e.g., criminal investigations).
- The General Logistics Department (GLD) ensures the smooth flow of spare parts, food, and ammunitions, etc.
- The General Armaments Department (GAD) is responsible for developing weapons, manning the various Chinese space facilities, and overseeing the nuclear test sites.
Unlike the U.S. military, the Chinese equivalent of the National Security Agency (NSA) that monitors communications, cryptography, and the like is part of the PLA—specifically the GSD’s Third Department. The unit that Mandiant has identified is apparently the Second Bureau of the GSD’s Third Department. The combination of military and intelligence responsibilities would give this organization a wide purview of entities to hack. It apparently also provided support for corporate espionage, as it collected information on such companies as Coca-Cola, while being provided with special high-speed fiber optic lines by China Telecom.
Not surprisingly, the Chinese authorities have denied the charges, but the weight of evidence thus far provided by Mandiant appears to be overwhelming. As one American observed, “Either they are coming from inside Unit 61398, or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
It remains to be seen what the rest of the world will do with this information. In the past, while some companies (e.g., Google) have chosen to depart from the China market in the face of massive hacking, there have been few larger repercussions—even as experts have concluded that the groups that hacked Google have remained at large, and the incidence of Chinese attacks has grown significantly. Lack of a response will be seen, in and of itself, as a response.