Understanding the overall structure of the GSD and the roles of its departments are crucial to understanding China’s seemingly wanton and random acts of cyberespionage and spying operations.
There isn’t just one military unit working on attacks. It is three large branches, under the GSD, which work in conjunction with one another.
For example, hackers under the Third Department may breach satellite systems and provide useful data to the Fourth Department, which is responsible for electronics intelligence.
Physical spies under the Second Department may internally infect the networks of a U.S. company with malware, which will then grant access to hackers with the Third Department.
If a spy with the Second Department steals information from a network, hackers with the Third Department may also launch attacks against the network to help hide the spy’s tracks—making it appear the data was stolen from a cyberattack.
The system extends much further. There are state-run companies operating directly beneath each of the three departments, as well as by other military branches of the Chinese military that can benefit directly from trade secrets stolen from foreign companies.
And the Chinese military also overlaps with domestic security departments, and directly participates in some of the Chinese regime’s human rights violations against the Chinese people.
William Triplett, former chief counsel of the Senate Foreign Relations Committee and an expert on national security, has been following the GSD for some time. He wrote a two-part series on state-run companies working beneath the department, and its ties to the Chinese regime’s nuclear weapons research.
“It’s not just cyberattacks,” Triplett said, noting that while cyberattacks are in the news at the moment, the whole picture of the Chinese regime’s system is much more concerning.
“They’re out for everything,” he said. “To cast the net widely, they use actual live agents, and maybe once every couple of months somebody gets arrested by the FBI for doing this dreadful thing or that dreadful thing.”
He added that in the defense community, when Chinese spies are caught, “We say that’s just the one we caught. How many others are there we haven’t caught?”
“The General Staff is specifically responsible for war affairs,” said a source formerly from China with direct knowledge of the department.
“They have specific schools that train operatives,” he said. “I know people who went to such schools and were sent to mountain bases where they collect satellite signals, and try to translate foreign-language communications into Chinese.”
He noted that the electronic intelligence operatives under the Fourth Department intercept phone and satellite communications, and also work on interfering with signals.
Operatives in the Second Department, he added, are often assigned to embassies for intelligence gathering—which is common practice for intelligence bureaus of most countries—or work under front businesses in targeted countries.
As for the Second Department, which oversees China’s conventional human spy operations, also known as HUMINT, Fleming said its agents typically work as insiders in U.S. foreign companies, think tanks, universities, and government agencies. Others under the Second Department work as China’s sleeper agents.
The sleeper agents will often take up regular jobs and live in foreign countries, and will typically stay inactive unless they receive orders to carry out operations.
According to Lu Dong, a former agent of the Chinese regime who defected in 2001, many of the Chinese regime’s systems for foreign espionage work by exploiting the open system of the United States.
Lu worked as one of the “low-ranking spies,” under China’s offices for overt espionage—the type that takes place in plain view—the United Front Work Department and the Overseas Chinese Affairs Office. These departments work on expanding the Chinese regime’s influence into foreign countries and maintaining oversight of Chinese expats.
He notes that the overt departments “are just the second guys,” and its agents are typically less trained and professional than agents under the GSD. The GSD, he said, “only sends the high-ranking spies.”
Researchers have just begun chipping away at the system behind the Chinese military’s seemingly constant cyberattacks against U.S. firms and government offices.
The appeal of cyber is its opaque nature. It’s difficult to trace attacks to a specific individual, particularly in China where the ruling party not only doesn’t cooperate with criminal investigations, but even denies the attacks altogether.
It wasn’t until February 2013 that solid proof emerged that the Chinese military’s GSD was behind the cyberattacks stealing from U.S. companies. The next breakthrough was in May 2014 when the FBI named and indicted five Chinese military officers for their alleged involvement in the attacks.
The military hacker unit revealed by security company Mandiant and the FBI is called Unit 61398 and operates from Shanghai. Details are only available on one other of the GSD’s 20 units, which is Unit 61486. The names of the units that use five-digit numbers, according to Mandiant, are intentionally vague since it helps them stay obscure.
The Mandiant report was widely circulated. Fortune Magazine interviewed Kevin Mandia, who released the data, in a July 2013 article. The article highlighted the weight of the information, noting that prior to its release it was difficult to pin cyberattacks directly on the Chinese regime and its military, and the report made the connections clear.
More recently, security researchers at Novetta, a public and private coalition that is countering Chinese cyberespionage, uncovered what they believe is another of the Chinese regime’s cyberunits, dubbed “Axiom,” which they state is more advanced than Unit 61398. It is still unclear whether Axiom is a unit of the GSD or a domestic spying program under China’s State Security Council focused on monitoring Chinese dissidents.
According to Fleming, researchers regard Unit 61398, the publicly known unit, as being the least advanced of the units under the Third Department. Based on analysis of cyberespionage campaigns, the other 19 units are believed to be far more capable.
“It’s much more organized, much more hierarchical than what is known publicly,” Fleming said.
“Several of the other units are extremely stealthy and extremely accurate,” he said, referring to the skill and effectiveness of many other attacks seen coming out of China.
According to Fisher, “the General Staff Department is a huge, multifaceted endeavor. It is the core of the operational and intelligence function of the PLA.” He added, however, that it is controlled by the Chinese Communist Party, and that its campaigns of theft and hybrid warfare against the United States are likewise rooted in orders from the Chinese Communist Party.
“It’s not just here [in the United States]. It’s anywhere they can. This is what evil dictatorships do. They remain closed to every other part of the world and exist to exploit and destroy any societies that would question the legitimacy of their leadership,” he said. “As long as this Communist Party exists, it is going to be working to undermine democracies everywhere.”
Embed This Image On Your Site:
Click image to see full size.
Embed This Image On Your Site: