The Equifax breach exposed personal data of 145 million Americans, including Social Security and driver's license numbers. The FBI described the breach as "the largest known theft of personally identifiable information ever carried out by state-sponsored actors."
A Different PurposeThe hackers involved in the 2014 case more clearly fit the profile of their assigned military branch. An investigative series from The Epoch Times in 2015 detailed the structure of these units and their operations. Unit 61398 was under the Third Department of the General Staff Department—the former warfighting branch of the Chinese military. Under the Third Department were 22 known operational bureaus, and at least four known "research institutes" involved in their operations.
Beneath each unit were additional branches, each with a unique purpose, which in the case of the 2014 indictment were focused on the theft of trade secrets from the United States to advance the economic warfare operations of the Chinese regime. Among the regime's programs that direct economic theft are Project 863, China 2025, the Torch Program, and others.
A first glance at the recent indictment of the Chinese hackers in the Equifax case would suggest the soldiers were part of the same department—namely, under one of the "research institutes" of the General Staff Department, Third Department. Yet they weren't, which suggests the Equifax breach may have served a different purpose than economic gain.
Defining RolesAs a brief breakdown, the General Staff Department had three main departments focused on operations of this nature. The Second Department was the human intelligence department, which was focused on more conventional spies; the Third Department was the signals intelligence department, which was focused on cyber intelligence; and the Fourth Department was the electronics intelligence department, which was focused on electronic warfare.
The 2009 report notes specifically that the Third Department (as in the 2014 FBI indictment) was focused on "Signals intelligence collection and analysis" and "Cyber intelligence collection and analysis," whereas the Fourth Department (as in the recent case) was focused on "Electronic warfare (jamming, etc.)" and "Computer network attacks."
When it comes to the specific roles of these departments in computer operations—such as the breaches the different units were charged for—the differences appear very fine, between "network exploitation" and "network attack."
The 2009 report says the Third Department "bears primary responsibility within the PLA for computer network exploitation." The Fourth Department, on the other hand, "plays the leading role in computer network attack."
It describes network exploitation as "enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary automated information systems or networks."
And it explains network attack as "actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves."