Clues on US cyber capabilities

A lot has been made of China’s hacking capabilities recently, with everyone from the White House to the China weighing in. Yet what the US is capable of remains a mystery. A couple details that emerged from the China-hacking-of-ASIO story provide some hints, and they suggest the US has had its way with the Shanghai cyberspying unit that’s been in the news.

An Australian politician this week referenced the location of the stolen Australian Security Intelligence Organisation plans as place in China where there was a lot of other hacking.

Asked if he was in doubt about China’s role in the cybertheft of the blueprints to Australia’s intelligence organization, Nationals Senator Barnaby Joyce replied: “That’s where the server was. And the server was in a typical place where they’ve been doing a lot of other hacking.” (25:40)

I assume Joyce is privy to more in-depth knowledge of the attack than the public, perhaps through the briefing the Opposition received after the attack.

Joyce’s comments follow a tidbit contained in the original report that said the details of the ASIO hack were provided to Canberra by a friendly government.

Four Corners [the ABC program] has leaned that breach of the [Australian] Defence Department only came to light by chance. During an intelligence operation against China, a friendly nation, possibly the US, discovered information from the classified Australian document in an assessment produced by the Chinese military.

If the US is the “friendly nation” conducting an operation against China that produced the information about Australia, and the server in China “was in a typical place” where the Chinese have been doing a lot of hacking, it would all suggest it was the Shanghai building that houses PLA Unit 61398, which was exposed by the NYTimes report on Mandiant.

Of course, it’s possible that the US is not the friendly nation. Other reports suggested China’s cyberspying of the ASIO plans occurred as far back as 2009, which means this has been going on for a while. There are also other active sites for China’s hacking.

But from an English-speaking perspective, Shanghai would most likely be the city where the hacking originated, if it’s the same location of hacking of other English-language countries.

A US-based Project2049 report breaks down Chinese cyber units by function.

Second Bureau (61398 Unit). The Second Bureau appears to function as the Third Department‘s premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence. Subordinate offices are concentrated in Shanghai, although one may be in the Kunming vicinity.

By contrast, China’s hacking of Japan and Korea seems to come from Qingdao, the same report states. And yes, China expects US attempts to infiltrate Chinese servers.

Chinese analysts believe that the United States is already carrying out extensive computer network exploitation activities against Chinese servers. Therefore, from the Chinese perspective, defending computer networks must be the highest priority in peacetime.