China's PLA Involved in Cyber Espionage: Report

Defense News

11/10/2011

China's PLA Involved in Cyber Espionage: Report

By WENDELL MINNICK

TAIPEI - For the first time, a new report details China's signals intelligence (SIGINT) organization, including what role the People's Liberation Army (PLA) has in cyber intelligence collection.

The report, "The Chinese People's Liberation Army Signal Intelligence and Cyber Reconnaissance Infrastructure," by Mark Stokes and Jenny Lin of the Project 2049 Institute, Arlington, Va., provides the first overview of the PLA General Staff Department's Third Department, China's premier cryptologic service responsible for signals and cyber intelligence collection.

The Third Department is comparable to the U.S. National Security Agency and appears to be diversifying its traditional SIGINT mission to include cyber surveillance, also known as computer network exploitation (CNE), the report said.

The Third Department's Seventh Bureau (61580 Unit) is responsible for CNE. Headquartered in Beijing, the bureau's engineers specialize in computer network defense and attack, and have conducted joint studies with the PLA Information Engineering Academy Computer Network Attack and Defense Section. The bureau has been known to conduct research outlining U.S. network-centric warfare and dense wavelength-division multiplexing.

CNE also is conducted by the Technical Reconnaissance Bureaus (TRB), Stokes said: "A senior engineer from the Hainan office was granted awards for network-related work, including possible surveillance of Voice over Internet Protocol."

The Chengdu Military Region's 1st Technical Reconnaissance Bureau also may be involved in cyber surveillance.

The degree of control that the Third Department exercises over the Technical Reconnaissance Bureau bureaucracies of the country's seven military regions is unknown, but Third Department's resources dedicated to high-performance computing and its large arsenal of skilled linguists could comprise China's cryptologic "A-Team."

"The combination of SIGINT and CNE, for example, fusing transcripts of phone conversations with intercepted email exchanges, would enable a powerful understanding of plans, capabilities, and activities of an organization or individual in near real time," Stokes said.

China could be cracking down on its own cyber warfare activities. Lt. Gen. Wu Guohua, who directed the Third Department from 2005 to 2010, allegedly was transferred out due to unauthorized cyber attacks.

"If true, it appears that senior civilian leaders could have some understanding of the political damage caused by overt, hostile network penetration," Stokes said.

Another possible reason for the dismissal could be that the Third Department overstepped its area of responsibility. It is possible the PLA has consolidated computer and network attack missions with electronic warfare into an "integrated Network electronic warfare" activity under the Fourth Department, responsible for electronic countermeasures, said Desmond Ball, a SIGINT and cyber warfare specialist at the Australian National University's Strategic and Defence Studies Centre.

"Use of the doctrinal concept of 'integrated network and electronic warfare' implies an attempt to link computer network attack and jamming," Stokes said.

Both the Third and Fourth Departments are said to jointly manage a network attack and defense training system.

Though the U.S. continues to blame China for alleged intrusions into U.S. government and defense industry computer networks, the Chinese believe the U.S. is the attacker.

"Chinese analysts believe that the United States is already carrying out extensive CNE activities against Chinese servers," Stokes said. "Therefore, from the Chinese perspective, defending computer networks must be the highest priority in peacetime."

Ball points to massive internal problems with malicious hackers and possible intrusions from foreign governments. Chinese officials have said that China is the biggest victim of network hacking.

The Beijing-based National Computer Network Emergency Response Technical Coordination Center released a report in March claiming that more than 4,600 Chinese government websites had their content modified by hackers in 2010, an increase of 68 percent over the previous year, Ball said. An incident in 2000 involving a series of high-technology combat exercises by the PLA was suspended when a computer hacker attacked the military's network.