This is the 1st part in a 4-part series: Murder, Money, and Spies: An Investigative Series on the Chinese Military’s For-Profit Ventures
An army is attacking the United States. Its war is being waged without bullets or fanfare. Denied by its government, these soldiers operate in shadows and in silence. Yet, glimpses of their operations are seen on a daily basis—hackers and spies attacking and stealing from U.S. businesses and the U.S. government.
Until now, a complete view of their operations and of the military department that gives them their orders remained hidden. Yet, China’s spy and cyberoperations all share one thing in common: they’re all orchestrated under the People’s Liberation Army General Staff Department (GSD), the Chinese military’s top-level department dedicated to warfighting.
One military unit of China’s hacker army, Unit 61398, was revealed by a security company in February 2013. It is just one of around 20 similar units operating under the GSD’s Third Department, and alongside the Third Department are the Chinese regime’s other spy departments fighting against the West.
Under the GSD, three departments work on its spy campaigns for unconventional warfare. Its Second Department focuses on human spies and intelligence (HUMINT). The Third Department focuses on cyberespionage and signals intelligence (SIGINT). The Fourth Department focuses on electronic warfare, intercepting satellite data, and electronics intelligence (ELINT).
The GSD also oversees China’s military regions, the army, navy, and air force, and the Second Artillery, the home for China’s nuclear weapons.
Casey Fleming, CEO of BlackOps Partners Corporation, which does counterintelligence and protection of trade secrets for Fortune 500 companies, spoke about the dangers posed by the army of spies at work against the United States under the direction of the GSD.
“It is clearly America’s biggest threat,” he said.
“It’s a war of the technology age, an economic war, a war where bombs are not dropped and guns are not fired, but it’s a war we’re squarely in,” he said.
One way to estimate the damage done in this war is through the cost of intellectual property theft, most of which is done by the Chinese regime.
The Commission on the Theft of Intellectual Property estimated such theft costs the United States $300 billion and 1.2 million jobs a year.
Fleming said, based on research from his company’s intelligence unit and client situations, the cost is closer to $500 billion worth of raw innovation that is stolen from U.S. companies.
That $500 billion would otherwise generate revenue, profits, and jobs. In a previous interview, Fleming estimated the total loss to the economy from the theft of innovation is $5 trillion each year when considering the expected 10-year life of the research and development.
An Unseen Battle
The question then is why China’s warfighting apparatus is hacking American companies. According to a Sept. 26 report from U.S. Special Operations Forces Command, the Chinese regime is waging hybrid warfare on the United States.
The Chinese regime’s theft of intellectual property for economic gain is just one piece of a larger strategy to fight a war while avoiding troop-to-troop combat. The report states, “Hybrid warfare involves a state or state-like actor’s use of all available diplomatic, informational, military, and economic means to destabilize an adversary.”
“Recent Chinese doctrine articulates the use of a wide spectrum of warfare against its adversaries, including the United States,” states the report, which quotes China’s Maj. Gen. Qiao Liang saying “The first rule of unrestricted warfare is that there are no rules, with nothing forbidden.”
The report outlines China’s uses of hybrid warfare, which include, “trade warfare, financial warfare, ecological warfare, psychological warfare, smuggling warfare, media warfare, drug warfare, network warfare, technological warfare, fabrication warfare, resources warfare, economic aid warfare, cultural warfare, and international law warfare.”
Estimates on the number of soldiers in each GSD varies, and most only focus on cyberspies in the Third Department. The Project 2049 Institute estimated in November 2011 there were 130,000 personnel under the Third Department. The Wall Street Journal estimated in July that the Third Department has 100,000 hackers, linguists, and analysts.
Both, however, estimate the Third Department has only 12 operational bureaus.
Fleming, whose company runs counterintelligence operations and researches the Chinese regime’s systems for espionage and unconventional warfare, said that under the Third Department there are 20 operational bureaus and between 250,000 and 300,000 soldiers dedicated to cyberespionage. The New York Times has also reported 20 bureaus.
Under the Second Department, between 30,000 and 50,000 human spies are working on insider operations targeting U.S. and foreign companies.
No source has been able to give an estimate on the number of operatives under the Fourth Department, which works on electronic intelligence.
A former soldier who worked under the Fourth Department, and whose job was to monitor Chinese weather satellites, told Epoch Times the soldiers who worked on its intelligence operations were highly secretive, and their operations were unknown even to others in the Fourth Department.
The source said, however, soldiers in the Fourth Department’s spy operations run rolling shifts. “For example, if Russia is launching a satellite, they’ll monitor that,” he said, noting it would be outside their schedule for monitoring the United States. “They’re working on this 24 hours.”
The Party’s Interest
The People’s Liberation Army (PLA) “is not a national army belonging to the state,” states a Nov. 12 report from the Congressional Research Service. “Rather, it serves as the Party’s armed wing.”
The PLA is not fighting its war on behalf of the Chinese people, and the soldiers under the GSD’s spy departments are being used to further the financial and political ambitions of the Chinese Communist Party.
According to Richard Fisher, senior fellow at the International Assessment and Strategy Center, “The PLA is kind of a state within a state that is completely devoted to the survival of the Party, and the Party returns that by showering the PLA with resources.”
“The PLA and its subordinate offices exist to carry out the leadership of the Communist Party,” he said, noting that if the Party’s leadership wanted them to feed the homeless, that’s what they’d be doing.
Regarding the cyberattacks and spy operations, “all of this is happening at the order and behest of the General Staff Department, because it is acting at the behest and order of the Chinese Communist Party,” Fisher said.
The state-run cyberattacks and China’s use of more conventional spies are part of a larger, coordinated effort under the GSD. The office operates under the Central Military Commission, which answers to the Chinese regime’s top leaders in the Central Committee of the Chinese Communist Party.
Unlike the other warfighting branches under the GSD, the Chinese regime’s spy departments have more flexibility in how they operate. Their orders come through the Chinese Communist Party’s Five-Year Plans, which often include targeted industries and economic goals of the Party.
One of the clearest links between the Five-Year Plans and the campaigns of economic theft by the Chinese military is Project 863, which was set in motion by former Chinese Communist Party leader Deng Xiaoping in March 1986. The program identified targeted industries for the Chinese regime to develop, and is widely regarded as a program that mandates theft.
Project 863 is “an emblematic program,” in the Chinese regime’s drive for “catching up fast and surpassing” the West, according to a 2011 report from the U.S. Office of the National Counterintelligence Executive. It states Project 863, “provides funding and guidance for efforts to clandestinely acquire US technology and sensitive economic information.”
Understanding the overall structure of the GSD and the roles of its departments are crucial to understanding China’s seemingly wanton and random acts of cyberespionage and spying operations.
There isn’t just one military unit working on attacks. It is three large branches, under the GSD, which work in conjunction with one another.
For example, hackers under the Third Department may breach satellite systems and provide useful data to the Fourth Department, which is responsible for electronics intelligence.
Physical spies under the Second Department may internally infect the networks of a U.S. company with malware, which will then grant access to hackers with the Third Department.
If a spy with the Second Department steals information from a network, hackers with the Third Department may also launch attacks against the network to help hide the spy’s tracks—making it appear the data was stolen from a cyberattack.
The system extends much further. There are state-run companies operating directly beneath each of the three departments, as well as by other military branches of the Chinese military that can benefit directly from trade secrets stolen from foreign companies.
And the Chinese military also overlaps with domestic security departments, and directly participates in some of the Chinese regime’s human rights violations against the Chinese people.
William Triplett, former chief counsel of the Senate Foreign Relations Committee and an expert on national security, has been following the GSD for some time. He wrote a two-part series on state-run companies working beneath the department, and its ties to the Chinese regime’s nuclear weapons research.
“It’s not just cyberattacks,” Triplett said, noting that while cyberattacks are in the news at the moment, the whole picture of the Chinese regime’s system is much more concerning.
“They’re out for everything,” he said. “To cast the net widely, they use actual live agents, and maybe once every couple of months somebody gets arrested by the FBI for doing this dreadful thing or that dreadful thing.”
He added that in the defense community, when Chinese spies are caught, “We say that’s just the one we caught. How many others are there we haven’t caught?”
“The General Staff is specifically responsible for war affairs,” said a source formerly from China with direct knowledge of the department.
“They have specific schools that train operatives,” he said. “I know people who went to such schools and were sent to mountain bases where they collect satellite signals, and try to translate foreign-language communications into Chinese.”
He noted that the electronic intelligence operatives under the Fourth Department intercept phone and satellite communications, and also work on interfering with signals.
Operatives in the Second Department, he added, are often assigned to embassies for intelligence gathering—which is common practice for intelligence bureaus of most countries—or work under front businesses in targeted countries.
As for the Second Department, which oversees China’s conventional human spy operations, also known as HUMINT, Fleming said its agents typically work as insiders in U.S. foreign companies, think tanks, universities, and government agencies. Others under the Second Department work as China’s sleeper agents.
The sleeper agents will often take up regular jobs and live in foreign countries, and will typically stay inactive unless they receive orders to carry out operations.
According to Lu Dong, a former agent of the Chinese regime who defected in 2001, many of the Chinese regime’s systems for foreign espionage work by exploiting the open system of the United States.
Lu worked as one of the “low-ranking spies,” under China’s offices for overt espionage—the type that takes place in plain view—the United Front Work Department and the Overseas Chinese Affairs Office. These departments work on expanding the Chinese regime’s influence into foreign countries and maintaining oversight of Chinese expats.
He notes that the overt departments “are just the second guys,” and its agents are typically less trained and professional than agents under the GSD. The GSD, he said, “only sends the high-ranking spies.”
Researchers have just begun chipping away at the system behind the Chinese military’s seemingly constant cyberattacks against U.S. firms and government offices.
The appeal of cyber is its opaque nature. It’s difficult to trace attacks to a specific individual, particularly in China where the ruling party not only doesn’t cooperate with criminal investigations, but even denies the attacks altogether.
It wasn’t until February 2013 that solid proof emerged that the Chinese military’s GSD was behind the cyberattacks stealing from U.S. companies. The next breakthrough was in May 2014 when the FBI named and indicted five Chinese military officers for their alleged involvement in the attacks.
The military hacker unit revealed by security company Mandiant and the FBI is called Unit 61398 and operates from Shanghai. Details are only available on one other of the GSD’s 20 units, which is Unit 61486. The names of the units that use five-digit numbers, according to Mandiant, are intentionally vague since it helps them stay obscure.
The Mandiant report was widely circulated. Fortune Magazine interviewed Kevin Mandia, who released the data, in a July 2013 article. The article highlighted the weight of the information, noting that prior to its release it was difficult to pin cyberattacks directly on the Chinese regime and its military, and the report made the connections clear.
More recently, security researchers at Novetta, a public and private coalition that is countering Chinese cyberespionage, uncovered what they believe is another of the Chinese regime’s cyberunits, dubbed “Axiom,” which they state is more advanced than Unit 61398. It is still unclear whether Axiom is a unit of the GSD or a domestic spying program under China’s State Security Council focused on monitoring Chinese dissidents.
According to Fleming, researchers regard Unit 61398, the publicly known unit, as being the least advanced of the units under the Third Department. Based on analysis of cyberespionage campaigns, the other 19 units are believed to be far more capable.
“It’s much more organized, much more hierarchical than what is known publicly,” Fleming said.
“Several of the other units are extremely stealthy and extremely accurate,” he said, referring to the skill and effectiveness of many other attacks seen coming out of China.
According to Fisher, “the General Staff Department is a huge, multifaceted endeavor. It is the core of the operational and intelligence function of the PLA.” He added, however, that it is controlled by the Chinese Communist Party, and that its campaigns of theft and hybrid warfare against the United States are likewise rooted in orders from the Chinese Communist Party.
“It’s not just here [in the United States]. It’s anywhere they can. This is what evil dictatorships do. They remain closed to every other part of the world and exist to exploit and destroy any societies that would question the legitimacy of their leadership,” he said. “As long as this Communist Party exists, it is going to be working to undermine democracies everywhere.”
Embed This Image On Your Site:
Click image to see full size.
Embed This Image On Your Site: