China Let It Slip That Its Cyber Army Is Real

March 19, 2015 Updated: March 19, 2015

The Chinese regime may have just lost the plausible deniability it has been using over the years to disregard criticism for its near constant cyberattacks targeting governments, critical infrastructure, and businesses around the world.

It turns out, Chinese authorities admitted it themselves back in 2013, yet the admission slipped under the radar of Chinese military watchers until now. Information on its hacker army was tucked into its most recent edition of “The Science of Military Strategy,” which is published by the top research institute of the regime’s People’s Liberation Army (PLA).

Joe McReynolds, a research analyst at the Center for Intelligence Research and Analysis, revealed the details of the report to The Daily Beast. Reached by email, he was not immediately available for comment.

According to the new report, the Chinese regime’s hacker units are divided into three categories, McReynolds told The Daily Beast.

He said the first are specialized military units “employed for carrying out network attack and defense.” The second are specialists in civilian organizations, including its spy organizations—the Ministry of State Security and the Ministry of Public Security—that are “authorized by the military to carry out network warfare operations.” The third are groups outside the Chinese regime “that can be organized and mobilized for network warfare operations.”

While the PLA report was released in 2013, an English translation does not appear to be available and was only recently released to foreign experts. The previous PLA report, released in 2001, only became well known after an English translation was released in 2007.

McReynolds will be publishing an English translation of the report in a book, “China’s Evolving Military Strategy,” in October. According to the Brookings Institution website, it is a cornerstone text of reference as one of the Chinese regime’s “most important declarations of its military strategic goals and intentions.” He did not respond to an email requesting a copy of the relevant pages of the report. 

An Official Admission

The information about the Chinese regime’s cyberwar structure aligns with what many defense experts already knew, yet the official disclosure helps validate research done by China watchers.

It was known, for example, that the main force of the Chinese regime’s military hackers operate under the Third Department of its General Staff Department, which is the top-level department in the Chinese regime’s military focused on warfighting.

When the Department of Justice indicted five Chinese military hackers on May 19, 2014, for example, all five of them were allegedly operating under the General Staff Department, Third Department.

It was known that civilian branches of the Chinese regime were also involved. Epoch Times reported on Feb. 3 that the Ministry of State Security, in particular, was the first known branch of the Chinese regime to launch cyberattacks against other counties. The attacks began in 1999 and targeted websites in the United States and Canada reporting on human rights in China.

The main force of the Chinese regime’s military hackers operate under the top-level department in the Chinese regime’s military.

It was also known that individuals and organizations outside the Chinese regime were involved in its cyberattacks. In 2011, news emerged that the PLA has a civilian cyberexpert group known as its “Blue Army.” And it was known that the Chinese regime’s official hackers launch operations alongside hackers in Chinese universities and with its civilian “Patriot Hackers.”

What makes the new information important is that the Chinese regime can no longer deny the existence of its state-sponsored and military hackers. Full denial has been its typical response whenever its state-run cyberattacks are revealed.

“It means that the Chinese have discarded their fig leaf of quasi-plausible deniability,” McReynolds told The Daily Beast, noting that even in 2013 other PLA reports denied the existence of such units. He said, “They can’t make that claim anymore.”

He added that, moving forward, having this information public could give foreign governments a few more cards to play when confronting the Chinese regime about its cyberattacks.

The more public information on the core role of its Ministry of State Security in the state-run cyberattacks is also valuable since, McReynolds notes, the organization has helped more than 50 countries investigate cybercrime. He noted the Ministry of State Security has also set up bilateral law enforcement cooperation with more than 30 countries, including the United States, the United Kingdom, and Germany.

Follow Joshua on Twitter: @JoshJPhilipp