Chinese Cyber Hacking: What is unit 61398?


By Bernard Mark Thompson

The U.S. Department of Justice caught the Chinese People’s Liberation Army (PLA) off guard when it charged five of its officers with economic cyber espionage.

The in-depth 56 page indictment says the five military officers actively engaged in illegally obtaining intellectual property, American corporation business strategy and data enabling Chinese firms to outwit U.S. regulators.

The Chinese have denounced the allegations and have accused the Americans of double standards.

The finger pointing has led to a series of retorts across the Pacific, contributing to an ever-worsening relationship between the U.S. and China.

But what of the five officers charged or the unit they belong to?

Little is known about the PLA officers or the regiment they belong to, unit 61398.

What we do know stems from Justice Department press releases, the indictment and the Mandiant report, released late last year.


Video uploaded by Newsloop Business on Government plans to speed up talks (Source: Youtube Newsloop Business)

What is unit 61398

The Mandiant Report, released last year, says covert cyber espionage unit 61398 started operations in 2006 and has since then allegedly launched cyber attacks against more than 140 western firms.

Known as the ‘Comment Crew,’ ‘Advanced Persistent Threat 1 (ATP1)’ and ‘Byzantine Candor,’ the indictment alleges victims include Westinghouse Electric, Alcoa, Allegheny Technologies Incorporated, U.S. Steel and Solar World.

Based in the economic capital Shanghai’s Pudong District and not China’s military centre Beijing, it dedicates military hardware to gaining commercial advantage for state owned entities (SOEs) over foreign competitors.

Bond University international relations assistant professor Malcolm Davis says the U.S. is deliberately drawing ‘distinction between corporate espionage and espionage for national security’ with the indictment.

Mr Davis says the Chinese are being called out after their constant denials and challenges for proof.

“They’re saying you are undertaking cyber espionage for some time, we have the evidence, here it is,” Professor Davis said.

The Mandiant report estimated unit 61398 could be utilizing more than 1,000 servers and hundreds of staff who are English proficient and highly trained in cyber systems.

The report also says SEO China Telecom provided the unit with advanced fiber optic communications.

American based Nautilus Institute associate Roger Cavasos says SEOs’ relationships with the Chinese government, the military and intelligence units is troubling.

“The Chinese are not able or are unwilling to lift the veil on what they do or who controls them,” Mr Cavasos said.

“There are certainly questions about who they work for.”

The Mandiant report says ‘this is just the tip of the iceberg’ as unit 61398 is one of more than 20 PLA cyber-espionage groups.

Who are the hackers?

 

FBI wanted poster pictures of 5 PLA unit 61398 Officers

FBI wanted poster pictures of 5 PLA unit 61398 Officers

The five PLA officers being indicted – Sun Kailiang, Wang Dong, Wen Xin Yu, Gu Chunhui and Huang Zhenyu – allegedly spear-phissed six U.S. companies, accessing confidential business information and intellectual property.

The victims were either in negotiations, joint ventures or pursuing legal actions against Chinese SEOs, or involved in sectors China had highlighted as crucial in their five year plan.

United States Studies Centre lecturer Malcolm Jorgensen says it is not likely any of the officers will face trial.

“It’s largely a political act in the sense that the realization that American is unlikely to pursue extradition of the matter of these individuals and China isn’t going to comply,” Mr Jorgensen said.

“It’s more that this is a very serious problem for the United States and its cost many hundreds of billions of dollars potentially to private companies.”

“Some action needed to be taken in the view of the government.”

Unit 61398’s leader has not been named though it is believed that he or she is a member of the PLA General Staff department, China’s highest military council.

Deakin University international relations senior lecturer Ken Boutin says naming lower officers is one way of sending a message without resorting to escalation.

“Highlighting the impact of the PLA and of particular individuals, is a way of demonstrating the U.S is aware of what is going on and they want it to stop,” Mr Boutin said.

Want to read more? Check out our article on how the hacking scandal may affect FTA talks.