CHINESE ARMY HACKER ARMY

Major General Liu Xiaobei

 

A MESSAGE FROM OUR FOUNDER AND CEO -

The face of Chinese information warfare has finally been unmasked. U.S. cyber warriors recently named Major General Liu Xiaobei as the current head of the China’s People’s Liberation Army (PLA) General Staff Department, Third Department (3PLA). Maj. Gen. Liu is a known entity who has tried to remain hidden with few photographs of the cyber war leader released by China. The only available photograph of Maj. Gen. Liu was published by the Vietnamese press outlet tinmoi24.vn.

Gen. Liu is a former Vice President of the Chinese Institute for Strategic Studies and is known by insiders as a specialist on encryption technology. He became one of the top tier of the 3PLA during late 2008 and later emerged from the shadows as its leader in 2012.

The 3PLA headquarters complex includes a 24/7 watch center in Xishan Mountain. The 3PLA was reportedly staffed with as many as 130,000 personnel working in the general headquarters staff, 12 operational bureaus, and three research institutes. The 3PLA is reported to have been disbanded or rebranded into a Chinese Army Cyber Army Corps called the Strategic Support Force.

Gen. Liu's status inside the Strategic Support Force (SSF) is not presently known but it is clear that his influence on its origin and his leadership of major components of the Chinese Army cyber-warfare units now in the SSF is significant. Maj. Gen. Liu also served with Maj. General Meng Xuezheng in the formation of the final structure of the Chinese SSF formation.

Maj. General Meng Xuezheng

The new SSF is composed of many former 3PLA units including:

The 56 Research Institute based in Wuxi, the Chinese Army's oldest super-computer research site with connections to virtually all other Chinese Army, Air Force and Naval commands.

The 61786 unit in Beijing which appears to be the Chinese Army defensive information security and protection command.

The 61398 offensive hacker unit based in Shanghai which targets the U.S. and Canada.

The 61785 unit which has sub stations located around China for radio tracking, finding and communications intercepts. Members of the 16785 Third Unit have participated in hacking attempts on Android and Windows operating systems.

The 61565 hacking unit based in Beijing which is directed toward cyber operations against Russia.

The 61726 hacking unit based in Whuhan which is directed toward cyber-operations against Taiwan and South East Asia.

The 61046 hacking unit based in Beijing which has several attached language bureaus designed to operate against Europe, the Middle East and Africa.

The 61221 unit located in the summer palace in Beijing appears to be an administrative and reporting unit for the PLA leadership.

The 61886 unit located in Beijing which appears to be responsible for PLA headquarters and command computer systems.

The 61672 hacker unit located in Beijing which is heavily staffed with Russian speaking operators suggesting that Moscow is the target.

The 61486 unit headquarter in Beijing has units in and outside of China for the monitoring of satellite and space communications.

The primary force for attacking the U.S. is the 61398 unit also formerly known as the 2nd Bureau. 61398 functions as the main formation for attacks on U.S. political, economic, and military assets. The 61398 main offices are concentrated in Shanghai, although one may be in Kunming. 61398 units have been detected in Dachangzhen, Shanghai‘s Changning District, the northern Shanghai suburb of Gucunzhen, Chongming Island, Gaohangzhen, Luodianzhen, and the Changning District on Ya n‘an Zhong Road.

According to a recent U.S. Trade report the 61398 unit "stole data from at least 141 organizations, 115 of which are based in the United States, representing 20 major business sectors. The victims of these intrusions match industries that China has identified as strategic priorities, including four of the seven “strategic emerging industries” that China identified in its 12th Five-year Plan."

In fact, the attacks from 61398 were so vicious and obvious that in May 2014, the Department of Justice (DOJ) passed indictments against five 61398 Chinese Army officers for cyber intrusions and economic espionage operations. The 61398 officers were charged with cyber intrusions into the computer networks of Westinghouse Electric Company, SolarWorld Americas, Inc., United States Steel Corporation, Allegheny Technologies, Inc., Alcoa Inc., and the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Services Workers International Union.

The 61398 primary weapon is spear-phishing emails, fake email sent to officers or members of a targeted organization which either contained malware files or links to website which contained exploit files to install malware. The attack file would often be a targeted vulnerability exploit which then installed malware in a targeted computer system or network. The malware would then link communications to a command-and-control (C&C) server and await instructions from a remote user.

The prime function appears to seek out and obtain passwords, or find and exploit weaknesses in the targeted computer systems to download email, data files and access logs. The 61398 operations against US commercial targets illegally obtained trade secrets, financial information, negotiating data, and specific production data. While most of the operations appear to have been surveillance and data theft in nature, active operations such as bank account manipulation, corruption of financial data or destruction of trade secret information may have also taken place.

61398 has also been busy attacking U.S. defense computers. According to reports from the U.S. National Security Agency, 61398 has been attributed to over 500 significant attacks against Pentagon computer systems. The recent US trade representative report on China estimated that 61398 operations cost America up to $600 billion each year.

FINDINGS OF THE INVESTIGATION INTO CHINA’S ACTS, POLICIES, AND PRACTICES RELATED TO TECHNOLOGY TRANSFER, INTELLECTUAL PROPERTY, AND INNOVATION UNDER SECTION 301 OF THE TRADE ACT OF 1974
https://ustr.gov/sites/default/files/Section%20301%20FINAL.PDF

CHARLES R. SMITH

CEO FOUNDER OF SOFTWAR INC.

ENTERPRISE COMBO PACK

ALL our products on hard copy CD - LINUX, Android and Windows in one package


Contact Us: