Cyber Spies Spotted

Report: Chinese military cyber warfare units identified


China’s military is conducting extensive cyber warfare and spying operations through several electronic intelligence units, including a group identified for the first time called Beijing North Computing Center, according to a new report by a private research group.

“Chinese cyber espionage poses an advanced persistent threat to U.S. national and economic security,” states the report, set for publication Friday.

The report by the Project 2049 Institute, an Arlington, Va.-based think tank that focuses on Asian security issues, concluded that groups operating from Chinese territory have been “waging a coordinated cyber espionage campaign targeting U.S. government, industrial, and think tank computer networks.”

The report said that despite difficulties in identifying direct links to Chinese military hackers, “the PLA General Staff Department (GSD) Third Department is likely a leading authority for cyber surveillance.”

Written by former Pentagon official Mark Stokes and L.C. Russell Hsiao, a Project 2049 research fellow, the report concludes military cyber activities are housed under the Third Department, which is similar to the United States National Security Agency, because of its signals intelligence work, its high-performance computing work, and its linguistic and code-breaking specialists.

The Third Department conducts “cyber reconnaissance” that involved breaking into foreign computer networks in preparation for future battle or conflict.

A central unit is the Third Department’s Beijing North Computing Center (BNCC), the report says.

“In the case of the PRC [People’s Republic of China], the existing data suggests that BNCC may be the leading agent responsible for planning, coordinating, integrating, and synchronizing PLA computer network operations, including defense of classified networks, exploitation of foreign networks, and possibly denying an adversary access to his networks,” the report said.

According to the report, a dozen Chinese hacker groups have been “identified and linked” to the People’s Liberation Army, China’s military, while others are working on behalf of universities and information security enterprises, with the largest ones operating in Beijing and Shanghai.

Larry Wortzel, a former U.S. military intelligence official who specializes in Chinese affairs, said: “China’s military literature identifies cyber-attacks, combined with the ability to degrade U.S. satellites and surveillance assets, as a special weapon that can help it prevent the U.S. military from operating or intervening in any conflict in the Western Pacific.”

Wortzel, in recent congressional testimony said, “Indeed, cyber warfare and space warfare are fully integrated elements of China’s military operations planning.”

In addition to the Beijing Center, other cyber warfare units include another unit under the Shanghai-based military and several Technical Reconnaissance Bureaus spread throughout the country.

The Project 2049 Institute report recommends the use of information deception, increased counterintelligence, and greater regional coordination with U.S. friends and allies in Asia including Taiwan to defeat Chinese cyber warfare and espionage.

“The GSD Third Department manages China’s largest network for surveillance of foreign computer-controlled communications and computer networks themselves,” the report said.

“Cyber surveillance … represents the cutting edge of SIGINT and there are indicators that point to the Third Department serving as a national executive agent for [computer network exploitation].”

Cyber reconnaissance carried out by the Third Department is difficult to track, the report said.

“Successful reconnaissance depends on cryptologic skills, stealth, automated scanning of targeted network vulnerabilities, data fusion and storage, and counter-reconnaissance technology,” the report said.

The Beijing North Computer Center “appears to have the technological capacity to manage a coordinated cyber operations network,” the report said. It noted that the center is likely the Chinese equivalent to the Pentagon’s U.S. Cyber Command.

The center is next to Beijing University and the Central Communist Party School in the city’s northwestern Jiaoziying suburb and has at least 10 subdivisions involved in what appears to be the design and development of computer network defense, attack, and exploitation systems.

The BNCC is also known as the General Staff Department 418th Research Institute. Its military cover name is the 61539 Unit.

Specific activities and responsibilities of the center are couched in secrecy but construction of facilities at the location reveals it has grown significantly since 2006.

“China’s leading cybersecurity experts, including BNCC Deputy Director Jia Yinghe, have highlighted the need for active defense involving intrusions of and attacks against enemy systems,” the report said.

The center also is believed to be engaged in military command and control network management, code breaking, advanced malware development and acquisition, data storage, and vulnerability assessments.

Its officers have experience in computer network attack and defense, network intrusion monitoring and control, and information collection.

The center produced a computer network intrusion detection system to analyze cyber threats and identify potential targets, “including those associated with operating systems such as Android,” the report said.

The computer center also uses its supercomputers to crack advanced encryption codes.

“BNCC’s advanced computing networks servers appear sufficient to handle vast databases containing collected electronic communications and files, including recorded phone calls, radio chatter, private emails, internet search records, passwords, password-protected computer files, as well as an abundance of personal data on individuals of interest,” the report said.

Regarding targeting of U.S. communications, the report said the Second Bureau of the General Staff Third Department in Shanghai appears to be China’s main military spying unit in charge of “routine exploitation of vulnerabilities in U.S. computer networks.”

The report concludes with recommendations for countering Chinese cyber warfare and cyber espionage.

“In response, the U.S. national security community is adopting a multifaceted approach to address the cybersecurity challenge, including through strengthened awareness, deterrence, greater investment into counterintelligence, and international partnerships,” the report said. “Defenses require a combination of measures. Counterintelligence tools include both disruption and deception, which offset the inherent asymmetric advantages that the attacking side enjoys.”

The FBI is taking the lead in cyber counterintelligence operations with “proactive disruption of Chinese exploitation of U.S. computer networks,” the report said.

Among the recommended cyber deception operations, the report suggests allowing Chinese military hackers to retrieve manipulated data through “honeypots” or false networks set up to be hacked by the Chinese.

“More sophisticated forms of data manipulation create challenges for PLA collectors and analysts, and increase workload with minimal investment of resources for the U.S. side,” the report said.

The report said that China’s ambitious cyber attacks “also warrant consideration of appropriate responses to hostile attacks intended to neutralize U.S. command and control and critical infrastructure.”

“Most important would be the determination of what types of computer network attacks would constitute an act of war, and whether or not kinetic responses would be appropriate,” the report said.