Unit 61398

Clues on US cyber capabilities

A lot has been made of China’s hacking capabilities recently, with everyone from the White House to the China weighing in. Yet what the US is capable of remains a mystery. A couple details that emerged from the China-hacking-of-ASIO story provide some hints, and they suggest the US has had its way with the Shanghai cyberspying unit that’s been in the news.

An Australian politician this week referenced the location of the stolen Australian Security Intelligence Organisation plans as place in China where there was a lot of other hacking.

Asked if he was in doubt about China’s role in the cybertheft of the blueprints to Australia’s intelligence organization, Nationals Senator Barnaby Joyce replied: “That’s where the server was. And the server was in a typical place where they’ve been doing a lot of other hacking.” (25:40)

I assume Joyce is privy to more in-depth knowledge of the attack than the public, perhaps through the briefing the Opposition received after the attack.

Joyce’s comments follow a tidbit contained in the original report that said the details of the ASIO hack were provided to Canberra by a friendly government.

Four Corners [the ABC program] has leaned that breach of the [Australian] Defence Department only came to light by chance. During an intelligence operation against China, a friendly nation, possibly the US, discovered information from the classified Australian document in an assessment produced by the Chinese military.

If the US is the “friendly nation” conducting an operation against China that produced the information about Australia, and the server in China “was in a typical place” where the Chinese have been doing a lot of hacking, it would all suggest it was the Shanghai building that houses PLA Unit 61398, which was exposed by the NYTimes report on Mandiant.

Of course, it’s possible that the US is not the friendly nation. Other reports suggested China’s cyberspying of the ASIO plans occurred as far back as 2009, which means this has been going on for a while. There are also other active sites for China’s hacking.

But from an English-speaking perspective, Shanghai would most likely be the city where the hacking originated, if it’s the same location of hacking of other English-language countries.

A US-based Project2049 report breaks down Chinese cyber units by function.

Second Bureau (61398 Unit). The Second Bureau appears to function as the Third Department‘s premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence. Subordinate offices are concentrated in Shanghai, although one may be in the Kunming vicinity.

By contrast, China’s hacking of Japan and Korea seems to come from Qingdao, the same report states. And yes, China expects US attempts to infiltrate Chinese servers.

Chinese analysts believe that the United States is already carrying out extensive computer network exploitation activities against Chinese servers. Therefore, from the Chinese perspective, defending computer networks must be the highest priority in peacetime.

Tougher talk from US on China’s cyber aggression

…This time from White House National Security Adviser Tom Donilon who said:

The widespread theft of intellectual property and trade secrets through attacks “emanating from China on an unprecedented scale” has become a point of contention with the Chinese government…

Yes, the systematic hacking issue is really on the table now.

It’s not about Iran, guys

Foreign Policy commentator David Rothkopf is wrong.

For such a bright guy, with such a perceptive post on the Cool War it’s amazing how wrong he can be about the implication of Chinese hacking on the US economy, as exposed by the Mandiant report on the PLA’s Unit 61398. I have to say, very correctly, Rothkopf concludes his piece this way: 

It’s early days. It’s a new game. Undoubtedly, it is one that will involve many twists and turns and may undercut some of the assumptions that have led Chinese and U.S. planners to think that playing at this new game is indeed safer than old approaches. But it is impossible to read stories like the one in Tuesday’s Times without concluding that we are in the midst of a sea change in the way nations project force.

100% correct. But, amazingly early in his piece, Rothkopf says

And while we will publicly denounce them [The Chinese], we are tempered in our criticism because we know we are doing the same thing worldwide. The most famous illustration of these is the “Olympic Games” initiative against the Iran nuclear program — better known as Stuxnet..

But is the US Army really trying to siphon off the trade secrets of the Chinese and Germans and French and British? No. The example Rothkopf gives is an effort to gum up a nuclear program in Iran. My intention here isn’t to portray the US as blameless, but what is unique about China is that it applies a military effort to giving its industry the jump on global competitors by hacking all the advantage it can.

In this way, China is unique. China is not like a nuke-seeking Iran or North Korea. China authoritarian capitalism allows for things like PLA Unit 61398 to support its economy. So China is a challenge for the American economy and the framework of law underpinning US business. China has the scale and motive to put sustained pressure on the US, helped in this case, by cyber theft.

I find it strange that Rothkopf can’t see this. 

I hope some enterprising Republicans can see this reality.

Mandiant/Unit 61398 Hysteria and what comes next

What comes next from America after the revelations about the People’s Liberation Army’s Unit 61398?

How about a little healthy outward-facing hysteria? 

Maybe the question Americans should rightly be asking themselves is.. How do I know the  People’s Liberation Army Unit 61398 isn’t the cause of my slow computer? Are Chinese hackers causing the lights to flicker? Have PLA hackers stolen and bootlegged my Power Point presentation? Maybe they have.

Even if they haven’t, the PLA’s cyber attacks to steal intellectual property are real. People will say, all countries hack each other. But the difference between the US and China is that the US government is not using cyber attacks to pinch intellectual property. Just imagine the outrage if the US Army had a division that was surreptitiously illegally downloading all the designs and plans it could from companies located in commercial rivals of the US. But evidence shows the PLA systematically hacking all the intellectual property they can, to pass it on to industries, over whom the Communist Party of China has the final say. Is this again another example of how the Chinese system operates, in which those in power sit in government and deal themselves the best hands, passing along the IP to their circle of friends? Whatever the nature of China’s systematic rip-off of US inventions, it’s not the American Way. It’s nothing like the American Way. In fact, it’s entirely antithetical to the notions of invention and property rights and competition that are dear to America. Because it’s a threat to the US projected directly into the US, the China Challenge must be addressed. China, through its scale and determination to influence the way of the world, represents a threat to American values in commerce, trade, diplomacy, state-craft, design etc. Sounds like a great a challenge for American politicians. My question is: where are the Republicans on this? Weren’t they the hawks during the Cold War? So I ask, where is the hawkish party on this? A party, coincidentally in need of a huge galvanizing issue or two in order to rediscover their relevance in American politics. Here is a galvanizing challenge that affects many aspects of America, a huge force that is exploiting America’s openness. Even the measure Obama proposed today are being criticized as too tepid by Jason Healey of the Atlantic Council’s Cyber Statecraft Initiative. Who dares talk about freezing assets of companies and organizations involved in this kind of hacking? Who dares block relevant Chinese nations from activity in the US because of their hacking? Not these Republicans. If you want to know where the Republicans are as the Chinese seek to displace the US, the Republicans are busy delaying the nomination of Chuck Hegel until they can be sure he has the right stance on Iran and Israel.

Guys, Iran, for all of its risks, is not a risk to America that China is. China has the power to challenge America in unimaginable ways, starting with economic prowess.

And that’s why just a scintilla of hysteria could be a good thing. People need to realize doing nothing about China is not going to make the problem go away. Doing nothing about China is not an option.

So for a rough draft of contemporary history, I wouldn’t be surprised if the Mandiant report pushes Americans, well, back into their own arms. One of the first major events, following the end of historical Cold War, that forces Americans to seek the Other not across the aisle in Congress, or the radio waves of talkback programming, but abroad, in another nation, whose government, not to mention people, have the goal of ushering the US into strategic decline.