News / Asia

US-China Cyber Spying Case Turns Spotlight on Shadowy Unit 61398

Part of the building of 'Unit 61398', a secretive Chinese military unit, is seen in the outskirts of Shanghai, Feb. 19, 2013.
Part of the building of 'Unit 61398', a secretive Chinese military unit, is seen in the outskirts of Shanghai, Feb. 19, 2013.
Reuters
A tense stand-off between the United States and China over state-backed cyber espionage has dragged China's secretive hacking unit “61398” back into focus, after the military group was pinpointed last year for mounting cyber attacks on Western commercial targets.
 
U.S. authorities on Monday charged five Chinese military officers at the unit, accusing them of hacking into American nuclear, metal and solar firms to steal trade secrets. China on Tuesday summoned the U.S. ambassador in Beijing and warned it would retaliate if Washington followed through with the charges. It said the affair would damage “mutual trust.”
 
At the center of the argument is a nondescript tower block in the northern suburbs of China's financial capital Shanghai, home to Chinese People's Liberation Army (PLA) Unit 61398.
 
The 12-story block houses as many as several thousand staff, according to Mandiant, a U.S. cyber security firm recently acquired by global network security company FireEye Inc. Mandiant identified the location as the source of a large number of espionage operations in a 70-page report last year.
 
“This unit is one of the most prolific. The group is really active and very aggressive,” said Pierluigi Paganini, a cyber security expert and founder of Security Affairs, based in Italy.
 
Unit 61398's Shanghai base is kitted out with specialist fiber optic lines, while staff are trained in areas from English linguistics to covert communications, network security and cyber attack strategy, according to the Mandiant report.
 
The unit's operatives, working under code names such as “UglyGorilla”, “DOTA” and “SuperHard”, also have close research and recruitment ties with China's leading academic centers such as the prestigious Shanghai Jiaotong University.
 
Publicly available academic reports, school registers, recruitment notices and local online community notice boards show a web of social, educational and academic networks spreading out from the cyber spying unit. Military units in China are often organized in this way with schools, sports clubs and social events organized communally for unit members.
 
Tip of the iceberg

 
However, unit 61398 - more formally known as General Staff Department (GSD), Third Department, Second Bureau - is just one of dozens of similar groups based in China, and far from the foremost, said Mandiant analyst Jen Weedon.
 
“The unit is one of many and its tradecraft is not that great. They are one of the ones that doesn't seem to mind leaving traces behind,” she told Reuters.
 
The unit, which started operating in or before 2006, saw activity drop sharply in the wake of the 2013 Mandiant report, but has since returned to “business as usual” after it overhauled some of its hacking techniques, Weedon added.
 
The new allegations are that Chinese state-owned firms “hired” the unit, which used a range of cyber attack methods to illegally gather corporate information from mostly U.S. firms and help give Chinese companies a competitive edge.
 
The unit “stole sensitive, internal communications”, using tactics such as “spear phishing” emails to gain access to employees' computers, after which it was able to collect internal data, according to the indictment document, posted on the United States Department of Justice website.
 
Federal prosecutors said the suspects targeted companies including Alcoa Inc, Allegheny Technologies Inc., United States Steel Corp, Toshiba Corp unit Westinghouse Electric Co, the U.S. subsidiaries of SolarWorld AG , and a steel workers' union.
 
Unit 61398 - or at least one very much like it - also stole data from at least one U.S. government agency in a hacking campaign named 'Byzantine Candor', according to diplomatic cables released by Wikileaks.
 
“Hackers based in Shanghai and linked to the PRC's People's Liberation Army [PLA] Third Department” stole data from at least one U.S. government agency, according to a leaked 2008 cable.
 
Officials in Washington have argued for years that cyber espionage is a top national security concern, and the battle is heating up. Both sides have ramped up public and private confrontation, including at a summit last year between U.S. President Barack Obama and Chinese President Xi Jinping.
 
China has denied the unit is involved in cyber espionage, and insists the country is more a victim than a perpetrator of cyber attacks.
 
Paganini said he was not surprised at the latest turn of events, which he described as just the “tip of the iceberg”.
 
“I believe there's an ongoing battle in the cyberspace. These countries are investing large amounts in cyber units that are able to create specific malware and have the ability to get into foreign networks and computers to steal trade secrets and intellectual properties,” he said.

You May Like

Republican Majority in Congress Off to Rough Start

Standoff over Homeland Security funding exposes philosophical, tactical problems within party More

Pakistan Blocks Baloch Activist from US Trip

Human Rights Commission of Pakistan slams Islamabad officials for stopping people from leaving country to attend human rights conference More

Video Muslims Long Thrived in North Carolina Before Students Killed

Idyll shattered February 10, when three Muslim university students living in Chapel Hill were gunned down by a neighbor More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Sierra Leone Ebola Orphans Face Another Crisisi
X
March 06, 2015 12:28 AM
There's growing concern about the future of an orphanage run by a British charity in Sierra Leone, after a staff member and his wife died this week from Ebola. The Saint George Foundation Orphanage in Freetown is now in quarantine, with more than 20 children and seven staff in lock-down. The BBC has agreed to share Ebola-related material with Voice of America because of the difficulties faced by media organizations reporting the crisis. Clive Myrie reports from Sierra Leone.
Video

Video Sierra Leone Ebola Orphans Face Another Crisis

There's growing concern about the future of an orphanage run by a British charity in Sierra Leone, after a staff member and his wife died this week from Ebola. The Saint George Foundation Orphanage in Freetown is now in quarantine, with more than 20 children and seven staff in lock-down. The BBC has agreed to share Ebola-related material with Voice of America because of the difficulties faced by media organizations reporting the crisis. Clive Myrie reports from Sierra Leone.
Video

Video Growing Concerns Over Whether Myanmar’s Next Elections Will Be Fair

Myanmar has scheduled national elections for November that are also expected to include a landmark referendum on the country's constitution. But there are growing concerns over whether the government is taking the necessary steps to prepare for a free and fair vote. VOA Correspondent Steve Herman was recently in Myanmar and files this report from our Southeast Asia bureau in Bangkok.
Video

Video Nigeria’s Ogonis Divided Over Resuming Oil Production

More than two decades ago, Nigeria’s Ogoni people forced Shell oil company to cease drilling on their land, saying it was polluting the environment. Now, some Ogonis say it’s time for the oil to flow once again. Chris Stein reports from Kegbara Dere, Nigeria.
Video

Video Winter Weather Strikes Eastern US...Again!

A new wintry blast has hit more than 20 states in the U.S. Midwest and Mid-Atlantic region, adding more snow to the piles from previous storms. Tired of shoveling snow, breaking the ice and dealing with accidents, flight delays and property damage, most Americans hope this is the last bout of cold for the season. Zlatica Hoke reports.
Video

Video Muslims Long Thrived in N Carolina Before Slaying of 3 Students

The killings of three Muslim students in North Carolina early last month came as Muslims across the United States have felt under siege, partly as a result of terrorist attacks being committed internationally in the name of their faith. But Muslims have long thrived in university cities in this part of the American South. VOA's Jerome Socolovsky reports.
Video

Video Fuel Shortages in Nigeria Threaten Election Campaigns

Nigeria is suffering a gas shortage as the falling oil price has affected the country’s ability to import and distribute refined fuels. Coming just weeks before scheduled March 28 elections, the shortage could have a big impact on the campaign, as Henry Ridgwell reports for VOA.
Video

Video Report: Human Rights in Annexed Crimea Deteriorating

A new report by Freedom House and the Atlantic Council of the United States says the human rights situation in Crimea has deteriorated since the peninsula was annexed by Russia in March of last year. The report says the new authorities in Crimea are discriminating against minorities, suppressing freedom of expression, and forcing residents to assume Russian citizenship or leave. Zlatica Hoke has more.
Video

Video 50 Years Later African-Americans See New Voting Rights Battles Ahead

Thousands of people will gather to mark the 50th anniversary of a historic civil rights march on March 7th in Selma, Alabama. In 1965, dozens of people were seriously injured during the event known as “Bloody Sunday,” after police attacked African-American demonstrators demanding voting rights. VOA’s Chris Simkins introduces us to some civil rights pioneers who are still fighting for voting rights in Alabama more than 50 years later.
Video

Video Craft Brewers Taking Hold in US Beer Market

Since the 1950’s, the U.S. beer industry has been dominated by a handful of huge breweries. But in recent years, the rapid rise of small craft breweries has changed the American market and, arguably, the way people drink beer. VOA’s Jeff Custer reports.
Video

Video Video Claims to Show Shia Forces in Iraq Executing Sunni Boy

A graphic mobile phone video is spreading on the Internet, claiming to show Iraqi forces or Shia militia executing a handcuffed Sunni boy. Experts have yet to verify the video, but already Islamic State followers are publicizing it across social media, playing on deep-rooted sectarian fears. VOA’s Jeff Seldin reports.
Video

Video Ukrainian Authorities Struggle to Secure a Divided Mariupol

Since last month's cease-fire went into effect, shelling around the port city of Mariupol has decreased, but it is thought pro-Russian separatists remain poised to attack. For the city’s authorities, a major challenge is gaining the trust of residents, while at the same time rooting out informants who are passing sensitive information to the rebels. Patrick Wells reports for VOA.
Video

Video Myanmar's Traditional Fashion Choices Endure

The sartorial choices of Myanmar’s men and women quickly catch the eye of any visitor to the tropical Southeast Asian country. But at a time when Myanmar’s political and economic opening is bringing affordable western fashions to the masses, will the country’s unique fashion trends endure? VOA Correspondent Steve Herman in Yangon explores that question.

All About America

Circumventing Censorship

An Internet Primer for Healthy Web Habits

As surveillance and censoring technologies advance, so, too, do new tools for your computer or mobile device that help protect your privacy and break through Internet censorship.
More