News / Asia

US-China Cyber Spying Case Turns Spotlight on Shadowy Unit 61398

Part of the building of 'Unit 61398', a secretive Chinese military unit, is seen in the outskirts of Shanghai, Feb. 19, 2013.
Part of the building of 'Unit 61398', a secretive Chinese military unit, is seen in the outskirts of Shanghai, Feb. 19, 2013.
Reuters
A tense stand-off between the United States and China over state-backed cyber espionage has dragged China's secretive hacking unit “61398” back into focus, after the military group was pinpointed last year for mounting cyber attacks on Western commercial targets.
 
U.S. authorities on Monday charged five Chinese military officers at the unit, accusing them of hacking into American nuclear, metal and solar firms to steal trade secrets. China on Tuesday summoned the U.S. ambassador in Beijing and warned it would retaliate if Washington followed through with the charges. It said the affair would damage “mutual trust.”
 
At the center of the argument is a nondescript tower block in the northern suburbs of China's financial capital Shanghai, home to Chinese People's Liberation Army (PLA) Unit 61398.
 
The 12-story block houses as many as several thousand staff, according to Mandiant, a U.S. cyber security firm recently acquired by global network security company FireEye Inc. Mandiant identified the location as the source of a large number of espionage operations in a 70-page report last year.
 
“This unit is one of the most prolific. The group is really active and very aggressive,” said Pierluigi Paganini, a cyber security expert and founder of Security Affairs, based in Italy.
 
Unit 61398's Shanghai base is kitted out with specialist fiber optic lines, while staff are trained in areas from English linguistics to covert communications, network security and cyber attack strategy, according to the Mandiant report.
 
The unit's operatives, working under code names such as “UglyGorilla”, “DOTA” and “SuperHard”, also have close research and recruitment ties with China's leading academic centers such as the prestigious Shanghai Jiaotong University.
 
Publicly available academic reports, school registers, recruitment notices and local online community notice boards show a web of social, educational and academic networks spreading out from the cyber spying unit. Military units in China are often organized in this way with schools, sports clubs and social events organized communally for unit members.
 
Tip of the iceberg

 
However, unit 61398 - more formally known as General Staff Department (GSD), Third Department, Second Bureau - is just one of dozens of similar groups based in China, and far from the foremost, said Mandiant analyst Jen Weedon.
 
“The unit is one of many and its tradecraft is not that great. They are one of the ones that doesn't seem to mind leaving traces behind,” she told Reuters.
 
The unit, which started operating in or before 2006, saw activity drop sharply in the wake of the 2013 Mandiant report, but has since returned to “business as usual” after it overhauled some of its hacking techniques, Weedon added.
 
The new allegations are that Chinese state-owned firms “hired” the unit, which used a range of cyber attack methods to illegally gather corporate information from mostly U.S. firms and help give Chinese companies a competitive edge.
 
The unit “stole sensitive, internal communications”, using tactics such as “spear phishing” emails to gain access to employees' computers, after which it was able to collect internal data, according to the indictment document, posted on the United States Department of Justice website.
 
Federal prosecutors said the suspects targeted companies including Alcoa Inc, Allegheny Technologies Inc., United States Steel Corp, Toshiba Corp unit Westinghouse Electric Co, the U.S. subsidiaries of SolarWorld AG , and a steel workers' union.
 
Unit 61398 - or at least one very much like it - also stole data from at least one U.S. government agency in a hacking campaign named 'Byzantine Candor', according to diplomatic cables released by Wikileaks.
 
“Hackers based in Shanghai and linked to the PRC's People's Liberation Army [PLA] Third Department” stole data from at least one U.S. government agency, according to a leaked 2008 cable.
 
Officials in Washington have argued for years that cyber espionage is a top national security concern, and the battle is heating up. Both sides have ramped up public and private confrontation, including at a summit last year between U.S. President Barack Obama and Chinese President Xi Jinping.
 
China has denied the unit is involved in cyber espionage, and insists the country is more a victim than a perpetrator of cyber attacks.
 
Paganini said he was not surprised at the latest turn of events, which he described as just the “tip of the iceberg”.
 
“I believe there's an ongoing battle in the cyberspace. These countries are investing large amounts in cyber units that are able to create specific malware and have the ability to get into foreign networks and computers to steal trade secrets and intellectual properties,” he said.

You May Like

VOA Exclusive: Interview With Myanmar President Thein Sein

Thein Sein calls allegations that minority Muslim Rohingya are fleeing alleged torture in Rakhine state a media fabrication More

Video Better Protective Suit Sought for Ebola Caregivers

Current suit is uncomfortable, requires too many steps for removal, increasing chance of deadly contact with virus More

UN Rights Commission Investigates Eritrea

Three-member commission will start collecting first-hand information from victims and other witnesses in Switzerland and Italy next week More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Ebola Economic Toll Stirs W. Africa Food Security Concernsi
X
November 19, 2014 11:39 PM
The World Bank said Wednesday that it expects the economic impact of the Ebola outbreak on the sub-Saharan economy to cost somewhere betweenf $3 billion to $4 billion - well below a previously-outlined worst-case scenario of $32 billion. Some economists, however, paint a gloomier picture - warning that the disruption to regional markets and trading is considerable. Henry Ridgwell reports from London.
Video

Video Ebola Economic Toll Stirs W. Africa Food Security Concerns

The World Bank said Wednesday that it expects the economic impact of the Ebola outbreak on the sub-Saharan economy to cost somewhere betweenf $3 billion to $4 billion - well below a previously-outlined worst-case scenario of $32 billion. Some economists, however, paint a gloomier picture - warning that the disruption to regional markets and trading is considerable. Henry Ridgwell reports from London.
Video

Video Mexico Protests Escalate Over Disappearances

Protests in Mexico over 43 students missing since September continue to escalate, reflecting growing anger among Mexicans about a political system they view as corrupt, and increasingly tainted by the drug trade. Mounting outrage over the disappearances is now focused on the government of President Enrique Pena Nieto, accused of not doing enough to end insecurity in the country. More from VOA's Victoria Macchi.
Video

Video US Senate Votes Down Controversial Oil Pipeline - For Now

The U.S. Senate has rejected construction of a controversial pipeline to transport Canadian oil to American refineries. The $5 billion project still could be approved next year, but it faces a possible veto by President Barack Obama. As VOA’s Michael Bowman reports, the pipeline has exposed deep divisions in Congress about America’s energy future.
Video

Video Can Minsk Cease-fire Agreement Hold?

Growing tensions between government troops and separatists in eastern Ukraine further threaten a cease-fire agreement reached two months ago in the Belarusian capital of Minsk. Critics of U.S. policy in Ukraine say it is time the Obama administration gives up on that much-violated cease-fire and moves toward a new deal with Russia. VOA's Scott Stearns has more.
Video

Video Chaos, Abuse Defy Solution in Libya

The political and security crisis in Libya is deepening, with competing governments and, according to Amnesty International, widespread human rights violations committed with impunity. VOA’s Al Pessin reports from London.
Video

Video US Hosts Record 866,000 Foreign Students

Close to 900,000 international students are studying at American universities and colleges, more than ever before. About half of them come from Asia, mostly China. The United States hosts more foreign students than any other country in the world, and its foreign student population is steadily growing. Zlatica Hoke reports.
Video

Video Ferguson Church Grapples with Race Relations

Many white residents of Ferguson, Missouri, say they chose to live there because of the American Midwest community's diversity. So, they were shocked when a white police officer killed an unarmed black teenager in August – and shaken by the resulting protests and violence. Some local churches are leading conversations on how to go forward. VOA’s Ayesha Tanzeem reports.
Video

Video What Jon Stewart Learned About Iran From 'Rosewater'

Jon Stewart, host of the satirical news program "The Daily Show" talks with Saman Arbabi of Voice of America's Persian service about Stewart's directorial debut, "Rosewater."
Video

Video Lebanese Winemakers Thrive Despite War Next Door

In some of the most volatile parts of Lebanon, where a constant flow of refugees crosses the border from Syria, one industry continues to flourish against the odds. Lebanese winemakers say after surviving a brutal civil war in the 1970s and 80s, they can survive anything. Heather Murdock has more for VOA from the Bekaa Valley in Lebanon.
Video

Video China's Rise Closely Watched

China’s role as APEC host this week allowed a rare opportunity for Beijing to showcase its vision for the global economy and the region. But as China’s stature grows, so have tensions with other countries, including the United States. VOA’s Bill Ide in Beijing reports on how China’s rise as a global power is seen among Chinese and Americans.

All About America

AppleAndroid