China Cyber Espionage Grows

Secret military cyber unit masked activities after exposure

Internet cafe in Jiaxing city, China / AP
November 6, 2013

The recent exposure of a secret Chinese military cyber warfare unit has not led to a decrease in cyber espionage against U.S. government and private networks, according a draft congressional China commission report.

Instead, the Chinese military group temporarily limited its large-scale cyber espionage campaign and took steps to mask its activities, according to a forthcoming report by the U.S.-China Economic and Security Review Commission.

The report concludes that the Chinese government is engaged in a concerted campaign of cyber attacks led by a Shanghai-based unit.

China’s cyber spying is designed to gain information for its military programs and civilian enterprises, and also for preparing the military to conduct attacks in a future conflict.

"The Chinese government is directing and executing a large-scale cyber espionage campaign against the United States, and to date has successfully targeted the networks of U.S. government and private organizations, including those of DoD, defense contractors, and private firms," the report said.

"These activities are designed to achieve a number of broad economic and strategic objectives, such as gathering intelligence, providing Chinese firms with an advantage over its competitors worldwide, advancing long-term research and development objectives, and gaining information that could enable future military operations."

In February, the private security group Mandiant revealed Unit 61398 of the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s Third Department. The military unit since 2006 has attacked and penetrated networks of at least 141 organizations located in 15 countries and representing 20 major industries, from information technology to financial services.

After the disclosures, Unit 61398 took steps to make it more difficult to track its cyber strikes. The exposure also led to a temporary decrease in the unit’s attacks for a month.

The temporary reduction coincided with the U.S. government’s release of a list of Internet Protocol addresses used by the Chinese cyber spies.

Currently, cyber spying by Unit 61398 is "as active as it was before Mandiant’s report was released," the report said.

The Obama administration’s response to Chinese cyber attacks so far was to set up a diplomatic Cyber Working Group between the two countries in April.

However, U.S. efforts to "shame" China into curbing cyber attacks were undermined in May when NSA contractor Edward Snowden disclosed U.S. cyber spying on Chinese networks.

The draft annual report is dated Oct. 21 and will be released formally later this month. It is expected to undergo some changes from the draft, a commission spokesman said, although in the past such late drafts contained the main elements of the final report.

To counter the cyber assault from China, the commission is urging the U.S. government to impose sanctions on China for cyber attacks.

"There is an urgent need for Washington to take action to prompt Beijing to change its approach to cyberspace and deter future Chinese cyber theft," the report said.

The report said Congress, the administration, and security experts are discussing a series of actions to counter Beijing’s cyber attacks. They include:


-- Passing legislation that would allow U.S. companies to conduct retaliatory cyber attacks against China;

-- Blocking imports of Chinese goods developed through cyber espionage;

-- Increasing information sharing on cyber threats;

-- Banning Chinese firms that use stolen U.S. data from accessing U.S. banks;

-- Blocking travel to the United States by officials linked to cyber attacks;

-- Using special computer code to identify data stolen from U.S. networks that can be used in prosecution or sanctions.

"If effective action to curb commercial espionage is not taken, this problem might worsen for U.S. companies," the report said.

China’s failure to curb cyber intrusions against the United States, despite recent published disclosures, "suggests Beijing has decided to continue its cyber campaign against the United States," the report said.

The report said cyber attacks and theft of data pose a "significant threat" to U.S. businesses. Cost estimates of the losses due to cyber spying range from $120 billion to $300 billion annually.

Data obtained by cyber attacks is also helping improve China’s insight into U.S. weapon systems and "enables China’s development of countermeasures."

"In addition, the same access Chinese cyber actors use for espionage also could be used to prepare for offensive cyber operations," the report said. "Chinese cyber actors could place latent capabilities in U.S. software code or hardware components that might be employed in a potential conflict between the United States and China."

Rick Fisher, a China military affairs specialist, said he supports the commission's recommendations for using legal, economic, and diplomatic measure to counter the Chinese cyber threat.

"The China Commission has provided a powerful response to the attempt by Edward Snowden and his Chinese and Russian handlers to deflate China's cyber threat by replacing it with the spectre of a U.S. cyber threat," said Fisher, with the International Assessment and Strategy Center, in an email.

Additionally, the report said Chinese hacking is targeting U.S. news media outlets as part of a campaign to influence reporting on the communist government.

"There is growing evidence the Chinese government is conducting a cyber espionage campaign against U.S. media organizations," the report said. "China likely seeks to use information acquired through these intrusions to (1) shape U.S. press coverage of China by intimidating U.S. journalists and their sources in China, and (2) gain warning about negative media coverage of China before it is published."

News media hit by Chinese cyber attacks included the New York Times, Washington Post, and Wall Street Journal.

Published under: China