Network Effects

Chinese university lab linked to PLA cyber attacks
Wuhan University / AP

Wuhan University / AP


A computer science laboratory at China’s Wuhan University has been linked by U.S. intelligence agencies to Chinese military cyber attacks on the West.

According to U.S. officials, the Key Laboratory of Aerospace Information Security and Trusted Computing at Wuhan’s Computer Science School in central China’s Hubei Province is the latest cyber warfare research and attack center to be identified from within China’s secret cyber warfare program.

The Pentagon’s latest annual report on China’s military, made public last week, for the first time confirmed that Chinese cyber attacks on the U.S. government appeared “attributable directly to the Chinese government and military.”

A report by the private cyber security firm Mandiant in February identified China’s main military cyber espionage group near Shanghai as Unit 61398, part of the People’s Liberation Army’s 2nd Bureau of the General Staff Department’s 3rd Department, known as 3PLA.

The Project 2049 Institute, a Virginia-based think tank, revealed a separate Chinese military cyberwarfare unit called the Beijing North Computing Center, also part of the 3PLA, four months before publication of the Mandiant report.

According to U.S. officials, the Key Laboratory, located about 425 miles west of the Chinese port city of Shanghai, is one of three computer science laboratories at the university. It was set up in 2008 and is considered one of the premier information security and cyber warfare centers at the university.

Wuhan’s Computer Science School has trained more than 760 people who currently are in the Chinese military and government over the past decade.

The lab received funding from several Chinese military elements, including 3PLA.

Another Wuhan University computer science laboratory was identified by the officials as the Information Network Attack and Defense Research Center.

The Key Lab is noted for its development of unique computer warfare software platform called the SimpleISES Information Security Experiment System that is used in training and conducting cyber attacks.

The system can be used by 20 students at a time to conduct cyber attacks on networks. SimpleISES was developed by Beijing Simpleware Technology Co., Ltd. and is used at more than 30 universities throughout China.

Experts say the system is believed to be a key element in the massive Chinese-military related cyber attacks against the Pentagon and the U.S. government, as well as China cyber attacks in other nations.

Mark Stokes, a former Air Force officer and Pentagon specialist on China now with the Project 2049 Institute, said he was not familiar with the Key Lab. Stokes coauthored a 2011 report that revealed one of 12 3PLA operational bureaus is located in Wuhan.

“There are several of these kinds of state and defense labs,” Stokes said in an email.

A computer security expert who asked not to be identified by name said Simple ISES “seems to be basically a teaching system for training hackers.”

“If Wuhan is involved, then they are using the system to train next generation university students to be hackers,” the expert said. “It seems that it is a modular to assist in the development and testing of new attacks.”

The Pentagon’s annual report, which was dismissed by Chinese government spokesmen as “groundless,” stated that in 2012 “numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military.”

“These intrusions were focused on exfiltrating information,” the report said. “China is using its computer network exploitation (CNE) capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs.”

According to the Pentagon report, cyber attacks are aimed at information that could benefit China’s defense and high-technology industry, as well as “policymaker interest in U.S. leadership thinking on key China issues, and military planners building a picture of U.S. network defense networks, logistics, and related military capabilities that could be exploited during a crisis.”

“Although this alone is a serious concern, the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks,” the report said.

China plans to use cyber warfare capabilities in future wars by primarily gathering data for intelligence and computer network attacks.

Additionally, cyber warfare attacks will be employed to limit enemy action or slow military responses “by targeting network-based logistics, communications, and commercial activities,” the report said.

Cyber warriors also will be coupled with conventional military attacks as a “force multiplier” during war or crises, the report said.

The Pentagon report said Chinese military writings contain extensive reports on cyber warfare doctrine. Two key writings were identified as “Science of Strategy,” and “Science of Campaigns,” which outlined how to achieve “information superiority” in warfare that would allow a weaker power to defeat a stronger foe.

“China’s military continues to explore the role of military operations in cyberspace as a feature of modern warfare and continues to develop doctrine, training and exercises which emphasize information technology and operations,” David Helvey, deputy assistant defense secretary for East Asia, told reporters in releasing the report May 6.

Zhang Huanguo, an official involved in the laboratory, did not return emails seeking comment.

In addition to Zhang, other Chinese who are part of the Key Lab include Lina Wang, who heads the unit, Du Ruiying, and Fu Jianming, who is known to be involved in information attack and defense activities.

Zhang is considered the liaison with the People’s Liberation Army (PLA). The Key Lab in the past received funding from the PLA Information Engineering University, the General Staff Department Confidential Bureau, and the 3PLA.

The PLA Unit 61478, a secret cyber warfare unit, provided other funding for the lab.