Embed Size (px)
DESCRIPTION
HOW THE PLA UNITS ARE SETUP, WHAT ROLES & RESPONSIBILITIES.
Citation preview
Ihab Ali Inform Series – Counter Threat Profiling Track In This Series:
• Chinese Army Hackers - Part I • Chinese Army Hackers - Part II • Chinese Army Hackers - Part III
• Chinese Army Hackers - Part IV • Anonymous Profiled – Part I • Anonymous Profiled – Part II • Anonymous Profiled – Part III • Anonymous On Anonymous
Part IV Addresses Identification of known Chinese Computer Network Affiliations & Entities PLA Unit 61398 (Chinese 61398部 ): Is the Military Unit Cover Designator (MUCD)[1] of a People's Liberation Army advanced Persistent Threat unit that has been alleged to be the source of Chinese computer hacking attacks? Most activity between malware embedded in a compromised system and the malware's controllers takes place during business hours in Beijing's time zone, suggesting that the group is professionally hired, rather than private hackers inspired by patriotic passions. The unit is believed to be staffed by perhaps thousands of people proficient in English as well as computer programming and network operations. PLA Unit 61398 is believed to operate under the 2nd Bureau of the People's Liberation Army General Staff Department (GSD) Third Department ( 参三部二局).[1] and that there is evidence that it contains, or is itself, an entity known as APT1, part of the advanced persistent threat that has attacked a broad range of corporations and government entities around the world since at least 2006. APT1 is described as comprising four large networks in Shanghai, two of which serve the Pudong New Area. It is one of more than 20 APT groups with origins in China. The group often compromises internal software "comment" features on legitimate web pages to infiltrate target computers that access the sites. The collective has stolen trade secrets and other confidential information from numerous foreign businesses and organizations over the course of seven years such as Lockheed Martin, Telvent, and other companies in the shipping, aeronautics, arms, energy, manufacturing, engineering, electronics, financial, and software sectors. Chinese government denial The Government of China has consistently denied that it is involved in hacking. In response to the Mandiant Corporation report about Unit 61398, Hong Lei, a spokesperson for the Chinese foreign ministry, said such allegations were "unprofessional.
PLA Unit 61486 PLA Unit 61486 is a People's Liberation Army unit that has been alleged to be a source of computer hacking attacks as part of a Chinese campaign to steal trade and military secrets from foreign victims General Staff Department Fourth Department The Fourth Department [ECM and Radar] of the General Staff Headquarters Department has the electronic intelligence (ELINT) portfolio within the PLAís SIGINT apparatus. This department is responsible for electronic countermeasures, requiring them to collect and maintain data bases on electronic signals.25 ELINT receivers are the responsibility of the Southwest Institute of Electronic Equipment (SWIEE). Among the wide range of SWIEE ELINT products is a new KZ900 airborne ELINT pod. The GSD 54th Research Institute supports the ECM Department in development of digital ELINT signal processors to analyze parameters of radar pulses. Use of the doctrinal concept of ―integrated network and electronic warfareǁ‖ [网 一体 ] implies an attempt to link computer network attack and jamming, presumably under the purview of the GSD Fourth Department. Established in 1990, the Fourth Department has overall responsibility for electronic warfare (EW), including ELINT and tactical electronic support measures (ESM). The Fourth Department, which could have possible computer network attack (CNA) responsibilities, has at least four bureaus, one brigade, and two regiments. The Fourth Department‘s primary training and education organization for junior officers is the PLA Electronic Engineering Academy [解放子工程学院] in Hefei. The Fourth Department oversees the GSD 54th Research Institute, which most likely provides engineering support, and also maintains close links with a number of China Electronic Technology Corporation (CETC) entities, including the 29th Research Institute in Chengdu, the 36th Research Institute in Jiaxing, and the 38th Research Institute in Hefei. Operational Fourth Department units include an ECM brigade with headquarters is in Langfang, Hebei Province and subordinate battalion-level entities located in Anhui, Jiangxi, Shandong, and other locations in China. At least two Fourth Department units are on Hainan Island, with one apparently dedicated to jamming of U.S. satellite assets. A regimental-level unit located on Hainan Island appears to have either operational or experimental satellite jamming responsibilities.150 Military Regions, Air Force, and Navy have at least one ECM regiment. The Third Department and GSD Fourth Department are said to jointly manage a network attack/defense training system [网 攻防 系 ] General Staff Department Third Department The Third Department of the General Staff Headquarters is responsible for monitoring the telecommunications of foreign armies and producing finished intelligence based on the military information collected. The communications stations established by the Third Department of the PLA General Staff Headquarters are not subject to the jurisdiction of the provincial military district and the major military region of where they are based. The communications stations are entirely the agencies of the Third Department of the PLA General Staff Headquarters which have no affiliations to the provincial military district and the military region of where they are based. The personnel composition, budgets, and establishment of these communications stations are entirely under the jurisdiction of the Third Department of the General PLA General Staff Headquarters, and are not related at all with local troops. China maintains the most extensive SIGINT network of all the countries in the Asia-Pacific region. SIGINT systems include several dozen ground stations, half a dozen ships, truck-mounted systems, and airborne systems. Third Department headquarters is located in the vicinity of the GSD First Department (Operations Department), AMS, and NDU complex in the hills northwest of the Summer Palace. The Third Department (zongcan sanbu) is allegedly manned by approximately 20,000 personnel, with most of their linguists trained at the Luoyang Institute of Foreign Languages. Ever since the 1950's, the Second and Third Departments of the PLA General Staff Headquarters have established a number of institutions of secondary and higher learning for bringing up "special talents." The PLA Foreign Language Institute at Luoyang comes under the Third Department of the General Staff Department and is responsible for training foreign language cadres for the monitoring of foreign
military intelligence. The Institute was formed from the PLA "793" Foreign Language Institute, which moved from Zhangjiakou after the Cultural Revolution and split into two institutions at Luoyang and Nanjing. Though the distribution order they received upon graduation indicated the "PLA General Staff Headquarters," many of the graduates of these schools found themselves being sent to all parts of the country, even to remote and uninhabited backward mountain areas. The reason is that the monitoring and control stations under the Third Department of the PLA General Staff Headquarters are scattered in every corner of the country. The communications stations located in the Shenzhen base of the PLA Hong Kong Garrison started their work long ago. In normal times, these two communications stations report directly to the Central Military Commission and the PLA General Staff Headquarters. Units responsible for coordination are the communications stations established in the garrison provinces of the military regions by the Third Department of the PLA General Staff Headquarters. By taking direct command of military communications stations based in all parts of the country, the CPC Central Military Commission and the PLA General Staff Headquarters can not only ensure a successful interception of enemy radio communications, but can also make sure that none of the wire or wireless communications and contacts among major military regions can escape the ears of these communications stations, thus effectively attaining the goal of imposing a direct supervision and control over all major military regions, all provincial military districts, and all group armies. Technical Reconnaissance Bureaus
The GSD Third Department has direct authority over 12 operational bureaus. Eight of the 12 bureau headquarters are clustered in Beijing. Two others are based in Shanghai, one in Qingdao, and one in Wuhan. The Third Department‘s 12 operational bureaus mostly likely report to the Headquarters Department. The operational bureaus are separate and distinct from TRBs under the PLA‘s seven MRs, and the three Services: Air Force, Navy, and Second Artillery. TRB directors likely report to MR and Service Chiefs of Staff. However, the Third Department likely provides TRBs with policy guidance and tasking for collection and analysis.
The degree of control that the Third Department operational bureaus and TRBs exercise over militia and reserve assets under military districts is unknown. The militia makes up the third component of China‘s armed forces, with the PLA and People‘s Armed Police being the other two. One 2004 Sichuan Military District assessment calls for militia and reserves to play a more prominent role in network defense and attack, technical reconnaissance, and psychological operations. The Hubei Military District, for example, is partnered with Wuhan University‘s Network Attack and Defense Center (武汉大学网络攻防中心)
Bureau-level directors and political commissars have grades equivalent to that of an army Division commander, and oversee between six and 14 subordinate sites or offices [chu; 处]. Office directors have a grade equivalent to a Deputy Division or Regiment commander. Sites/offices under bureaus are further divided into sections [ke; 科], although some sections report directly to bureau headquarters. In addition to a liaison office in Shanghai, the Third Department manages a Hong Kong and Macao Liaison Bureau [ 参三部港澳 局] in Shenzhen.
First Bureau (61786 Unit)
The First Bureau headquarters is collocated with the Third Department command complex in northwestern Beijing. Overseeing at least 12 offices operating in various parts of China, the bureau appears to have a functional rather than regional mission. Formerly centred in the Chengdu suburb of Dujiangyan, the bureau‘s mission appears to include decryption, encryption, and other information security tasks. The First Bureau, for example, is the only military representative on the national 863 Program Information Assurance Expert Working Group. At least one First Bureau element, possibly the Seventh Office, is based south of Dujiangyan. Although not in a formal subordinate relationship, the First Bureau likely maintains a close, mutually supportive relationship with related organizations in Chengdu, such as Sichuan University‘s Information Security and Network Attack and Defense Laboratory [四川大学信息安全及网 攻防研究室]. Chengdu is also home to the GSD Third Department 57th Research Institute and the Chengdu MR First TRB.
Second Bureau (61398 Unit) The Second Bureau appears to function as the Third Department‘s premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence. Subordinate offices are concentrated in Shanghai, although one may be in the Kunming vicinity. More specifically, the Bureau‘s Second Office is situated in Dachangzhen, and Third Office is based in Shanghai‘s Changning District. The Fourth Office has a presence in the northern Shanghai suburb of Gucunzhen as well as Chongming Island. It appears to have a mobility mission. The Seventh Office is in Gaohangzhen. Yet another is Luodianzhen. Another office is in Changning District on Yan‘an Zhong Road. Third Bureau (61785 Unit) Headquartered in the southern Beijing suburb of Daxing, the Third Bureau appears to have a functional mission.55 Given the dispersed nature of subordinate offices, the mission of the Third Bureau may be front end collection of line of sight radio communications, including border control networks, as well as direction finding, and emission control and security. The bureau has at least 13 subordinate units. Third Bureau offices are based in Harbin, Dalian, Beijing, Hangzhou, Ningdu County (Jiangxi), Xiamen, Shenzhen, Kunming, Xian, and Ürümqi. As of late 2010, Senior Colonel Wang Daowu [王道武] commanded the bureau and Li Shoukai [李守 ] served as Political Commissar. The Third Bureau‘s Kunming office has been involved in counter-drug operations. Since 1992, the Third Bureau‘s Fifth Office in Beijing‘s southern Daxing District has been responsible for PLA emission security (e.g. TEMPEST). The Shenzhen office appears to have a unique mission, perhaps responsible for coverage of Hong Kong/Macao wireless networks. Fourth Bureau (61419 Unit) Headquartered in Qingdao, the Fourth Bureau appears to be focused on Japan and Korea. Many of the Fourth Bureau offices, including the First, appear to be located in the Qingdao area. The Second Office incorporates Korean linguists. The Fourth Bureau‘s Seventh Office is located in Hangzhou. Another office is located in Jimo City Wenlongzhen [即墨市温泉 ]. Other subordinate offices appear to be located in the Qingdao area, Dalian, Beijing, and Shanghai. The bureau was formerly based in the Shanxi provincial city of Xinzhou, specifically Huanglong Wanggou village. While its headquarters moved to Qingdao, the Fourth Bureau may still maintain its training base in Xinzhou.
Fifth Bureau (61565 Unit)
Headquartered in Beijing‘s Daxing District Huangcun Village, the Fifth Bureau appears to have a Russia-related mission. A substantial number of parabolic dish antennas--oriented toward a diverse range of azimuths--can be seen at the eastern end of the compound on Google Earth. Fifth Bureau offices are located in Heilongjiang‘s Suihua City, Jiuquan and Xinjiang.
Sixth Bureau (61726 Unit) The Sixth Bureau is headquartered in Wuhan‘s Wuchang District. Zhang Yunju [ 运炬] serves as the Sixth Bureau Political Commissar. Bureau headquarters were centered in the area of Jingmen, Hubei Province until moving to Wuhan more than a decade ago. Sixth Bureau offices stretch across central China from the eastern coastal city of Xiamen to the Yunnan city of Kunming, indicating a Taiwan and South Asia mission. More specifically, offices are located in Xiamen, Nanchang (Seventh Office), Xiangfan; Ningdu County‘s Xiaobu Village [小布 ], Wuhan, Jingmen, and Kunming‘s Panlong District (Fourth Office). The Nanchang office may have a training mission. Seventh Bureau (61580 Unit) Headquartered in Shucun area of Beijing‘s northwest Haidian District, the Seventh Bureau‘s mission is unclear. Selected bureau engineers specialize in computer network defense and attack, and have conducted joint studies with the PLA Information Engineering Academy Computer Network Attack
and Defense section. Divided into at least 10 offices, the Seventh Bureau employs English translators. One Seventh Bureau study examined support vector machine (SVM) applications for detecting intrusion patterns. Two senior engineers outlined U.S. network centric warfare, while another published an assessment of the future of the internet and dense wavelength division multiplexing (DWDM). Another study focused on psychological and technical aspects of reading and interpreting written foreign language. Another addressed legal aspects of the global economy. The bureau manages a satellite ground station in the northwest Beijing suburb of Shangzhuang and oversees at least one element in Ürümqi area. Eighth Bureau (61046 Unit) Nestled in Hanjiachuan [ 家川], the Eighth Bureau is adjacent to Third Department headquarters in Beijing‘s northwest suburbs. It also appears to have a presence in Wenquanzhen [温泉 ] in far northwestern Beijing. Based on language capabilities of members assigned, the Eighth Bureau appears to focus on Western and Eastern Europe and perhaps rest of world (e.g. Middle East, Africa, and Latin America). Among its 10 offices, at least one major office is located in the Hainan Island city of Haikou. The Seventh Office is based in Hubei Province‘s Xiangfan City. The Eighth Bureau satellite receiving station is in northwestern Beijing suburb of Xibeiwang. Ninth Bureau The Ninth Bureau appears to serve as the GSD Third Department‘s primary strategic intelligence analysis and/or data base management entity. Among all the bureaus, the Ninth is the most opaque. As of Spring 2010, Zhang Qinchen [ ] served as Ninth Bureau Director. The Seventh Office appears to be involved in audio-visual technology [ 子声 像], and large scale data base management. Former Ninth Bureau Director Kuang Tao [ 涛] has been a prominent international relations commentator since retirement in the 2004 timeframe. 10th Bureau (61886 Unit) The 10th Bureau, sometimes referred to as the ―7911 Unit,ǁ‖ is headquartered in Beijing‘s northwest suburb of Shangdi on Xinxi Road. The 10th Bureau appears to have a Central Asia or Russia-related mission, perhaps focused specifically on telemetry and missile tracking and/or nuclear testing. The 10th Bureau First Office is said to be collocated with the 10th Bureau headquarters. The 10th Bureau‘s Second Office (referred to as a 7911 Unit) is located in Xinjiang‘s Yining City, near the Kazakhstan border. The Third Office is located in Kashgar‘s Baren Village. Another 10th Bureau Office is in Ürümqi. 11th Bureau (61672 Unit) The 11th Bureau, also known as the ―2020 Unit,ǁ‖ is headquartered in the Malianwa community, just east of the Third Department headquarters compound. The bureau headquarters was previously based in Jiamusi City in Heilongjiang Province until its move to Beijing in 2011. The distribution of offices throughout northern China and assignment of Russian linguists indicate a Russia-related mission. With Russian linguists assigned to both entities, differences between the 11th and Fifth Bureau missions differ is unknown. The unit one time had a significant presence in the Hanzhong area, specifically in Chenggu County‘s Xijiamiao Village [ 家 ]. A ―2020 Unitǁ‖ has had a presence in the far northwestern Heilongjiang county of Jiage Daqi since 2005. Another office may be located in Ürümqi‘s Anning District. 12th Bureau (61486 Unit) Headquartered in Shanghai‘s Zhabei District, the 12th Bureau appears to have a functional mission involving satellites, likely inclusive of intercept of satellite communications and possibly space-based SIGINT collection. The Third Department‘s 57th Research Institute has been noted working in conjunction with the CAST 50 Third Research Institute on a sub-system on board the Fengyun-3 (FY-
3) weather satellite. Subordinate offices and sites in the Shanghai area, and in southeast, northeast, southwest, and northwestern China. The 12th Bureau‘s Third Office is located in Shanghai‘s Baoshan District and has sponsored research into extracting synthetic aperture radar (SAR) satellite images. The bureau‘s southeast station began operations in the 2008-2009 timeframe and is located in Fuzhou‘s Gangtouzhen. Other 12th Bureau offices are situated in Taicang, just outside of Shanghai, and Hangzhou‘s Daxiaogu Village. Its southwest site is situated outside Kunming in Songming County‘s Yuejia Village, which appears to have been established within the last 10 years. The 12th Bureau‘s northeast station is said to be located in Changchun‘s Xinglongshan Village. A southern site is situated within Guangzhou Huadu District. Northwestern sites are located in Gansu and Xinjiang. Military Region Technical Reconnaissance Bureaus Beijing Military Region The Beijing MR TRB (66407 Unit) is headquartered in Beijing‘s Xiangshan Mountain area. Assigned Russian linguists, subordinate offices appear to be based along the border in Inner Mongolia. For example, one key office may be based in the Hohhot township of Qiaobaozhen [巧 ], with another situated in the Hailar [海拉 ] area. The Eighth Office appears to be located in Neimeng Linhe [内蒙河].
Chengdu Military Region The Chengdu MR has two TRBs. The Chengdu MR First TRB (78006 Unit) is headquartered in Chengdu. A requirement for English linguists has been noted. As of mid-2010, Senior Colonel Guan Yan [管 ] served as the Chengdu MR First TRB Political Commissar. Western reporting has noted Chengdu MR First TRB as possibly being involved in CNE operations. The Chengdu MR Second TRB, assigned a cover designator of the 78020 Unit, is based in northern suburbs of Kunming with subordinate offices in Baoshan, Malipo, and other border cities. Guangzhou Military Region (75770 Unit) The Guangzhou MR TRB is headquartered in the Guangzhou suburbs and oversees at least eight offices operating in southern China. As of Summer 2010, the Political Commissar is Hu Fuhui [ 胡 富
]. Hu was subsequently transferred to the Guangzhou MR TRB, where he headed the Second Office. One office is in Guangzhou‘s Huadu District, and another in the Guangzhou‘s Baiyun District. Other offices are based in Shantou‘s Nan‘Ao County and just west of Sanya on Hainan Island. A senior engineer from the Hainan office was granted awards for network-related work, including possible surveillance of voice over internet protocol (VOIP). The Guangzhou MR TRB Eighth Bureau is in Shenzhen. The Guangzhou MR TRB Ninth Office, located in Guangzhou City, has been noted doing studies on internet viruses. Jinan Military Region The Jinan MR TRB (72959 Unit) is located in Jinan City, and is said to oversee 670 technical specialists. It includes an element dedicated toward microwave relay intercept. The bureau headquarters compound may be located in Jinan City at the far eastern end of Sushan Road. Overseeing at least eight offices manned by Korean, Japanese, English, and other language specialists, the Political Commissar is Fu Fengshou [傅增寿]. The Fifth Office is collated with the bureau headquarters. The Jinan MR TRB‘s Sixth Office appears to be located in Weihai. Lanzhou Military Region The Lanzhou MR oversees two TRBs. The Lanzhou MR First TRB (68002 Unit) is centered in the southern Lanzhou City‘s Qilihe District. Dai Shemin [戴社民] serves as the bureau‘s political commissar. Unlike other MRs, no subordinate offices under the Lanzhou MR First TRB could be identified. However, the Lanzhou MR‘s Second TRB (69010 Unit) appears to be a play an important and unique role in China‘s SIGINT community. The Lanzhou MR Second TRB is headquartered in
Ürümqi‘s Shuimogou [水磨沟] village and has its roots in a section of the Third Department‘s Second Bureau based in Xinjiang. It merged with the Xinjiang MR, becoming the Lanzhou MR‘s second TRB in the mid-1980s. It has subordinate offices located in Kashi‘s Shule County, Altay, and Yining that likely monitors military activities along China‘s borders with India, Pakistani, Afghanistan, Tajikistan, Kyrgyzstan, Kazakhstan, Russia, and Mongolia. Nanjing Military Region The Nanjing MR First TRB (73610 Unit) Headquarters Department, led by former GSD Second Department Director Major General Yang Hui [ ], oversees two TRBs that are likely focused on Taiwan military and other communications and computer networks, as well as U.S. activity in the Western Pacific area of operations. The bureaus also may assist in maintaining the integrity of Nanjing MR networks. The Nanjing MR First TRB (73610 Unit) is located in Nanjing City.132 At least one office may be located in Nanjing‘s Zhuzhuang suburbs. The Third Office is situated in Shanghai‘s Songjiang District‘s Dongshi Village. However, it also appears to have a presence on Zhoushan Island. The Fifth or Sixth Office is in Shanghai‘s Minhang District. The Seventh Office may be in Nanjing‘s Zhuzhuang area. The Eighth Office may be in Hangzhou‘s Jianggan District, or perhaps in Shangyu City Lihaizhen. The Nanjing MR‘s Second TRB (73630 Unit) was founded upon the Fuzhou MR‘s Third Bureau, and appears to be headquartered in an underground bunker complex in Fuzhou City‘s Zhenbancun [ 坂]. The Nanjing MR Second TRB appears to focus almost exclusively on Taiwan. The First Office, Second Office, Fourth Office, and Sixth Office are located in Fuzhou‘s Hongshan village, nestled in a bunker complex off Yuancuo Road area on Dafu Mountain. The Third Office is near the bureau headquarters on Feifeng Mountain in the Fuzhou community of Jianxin Village. Among a range of responsibilities, the Fifth Office appears to conduct political, military, and economic translation work, including from English to Chinese. The Seventh Office may be responsible for front end collection and is situated on Gushan [鼓山] in Fuzhou‘s eastern Jin‘an District. The Eighth Office, most likely also dedicated to front end signals collection, is situated along the Chinese mainland coast opposite Taipei on Dongjing Mountain in Donghanzhen [ 瀚 ]. Shenyang Military Region (65016 Unit) The Shenyang MR TRB headquarters is situated in Shenyang‘s Dongling District. Focused on Russian, Korean, and Japanese targets, subordinate offices are located in Harbin, Dalian, Jiamusi, Heilongjiang‘s Dongning County, Qiqihar‘s Fuyu County, Inner Mongolia‘s Hulunber, and Hunchun City. Service Technical Reconnaissance Bureaus Service TRBs appear to specialize in monitoring communications networks related to their specific areas of interest. Although unconfirmed, it appears that the PLA Air Force (PLAAF) and Navy (PLAN) technical reconnaissance units had formerly been under the MRs‘ Air Force headquarters and PLAN North, East, and South Sea Fleets. Over the last several years, technical reconnaissance assets may have been consolidated under Air Force and Navy Headquarters Departments in Beijing in order to better leverage resources under centralized control. PLA Air Force “PLAAF” The PLAAF Headquarters Department oversees three TRBs responsible for monitoring of neighboring air forces and air activity around China‘s periphery. PLAAF TRBs likely conduct airborne SIGINT missions as well using military or civilian aircraft as platforms. As an aside, PLAAF representatives have implied the adoption of independent computer network operations as an Air Force mission. The PLAAF First TRB, assigned a cover designator of the 95830 Unit, is headquartered in Beijing‘s Huangsi District. The PLAAF First TRB manages an underground network control center in the Western Hills. Among other functions, the First TRB may maintain a network of direction finding sites in northeastern and eastern China that support the national air defense mission. One subordinate PLAAF First TRB office is collocated with the bureau headquarters, has published studies on computer network security, and oversees elements in Xiaogan and Shenyang. Although unconfirmed, the PLAAF
First TRB could support special airborne SIGINT collection missions launched from Nanyuan Airbase in Beijing‘s southern suburbs. The PLAAF Second TRB is most likely headquartered in Nanjing and oversees a network of collection and direction finding sites along the coast in Fujian and Guangdong. A primary mission presumably is monitoring of Republic of China Air Force (ROCAF) communications networks on Taiwan, including air tower, ground control intercept, and air to air communications. Taiwan‘s introduction of advanced tactical data links under the Posheng program likely complicates the PLAAF technical reconnaissance mission. One key PLAAF Second TRB facility is located in Fuqing City‘s Donghanzhen [ 瀚 ], specifically on Dongjing Mountain, and possibly shares facilities with a Nanjing MR Second TRB office. Other PLAAF Second TRB offices/sites may be based in Shanghai, Fuzhou, Xiamen, and Guangzhou‘s Xintang District. The PLAAF Second TRB is alleged to train new personnel at a site that is collocated with the Third Department Seventh Bureau‘s satellite ground station in northwest Beijing. The PLAAF ThirdTRB is headquartered in Chengdu‘s Fenghuang Mountain. Established as recently as July 2004, subordinate PLAAF Third TRB sites most likely monitor air activity and air defense communication networks along China‘s southwestern, western, and northwestern borders. The Third TRB may have as many as 13 subordinate regimental-level sites. One is a TRB office in the Hetian area, and indications exist of other elements near Ürümqi and in Ningxia. Navy “PLAN” The Navy oversees two TRBs bureaus that appear to be organized geographically. Indications exist of a reorganization that removed the Navy TRBs from the fleets and subordinated to Navy Headquarters Department. The Navy‘s First TRB, probably assigned a cover designator of the 91746 Unit, is headquartered in Beijing. It appears to oversee at least 10 subordinate offices in northern China, including sites in Hunchun, Qingdao, and Yantai. The Navy‘s Second TRB is headquartered in Xiamen‘s Si‘men District. Subordinate offices are located in Ningbo, Wenzhou, Xiamen, Shantou, and Haikou. Second Artillery Headquarters Department TRB (96669 Unit) Second Artillery Headquarters Department TRB (96669 Unit) appears to be based in Beijing‘s Huilongguan suburb. Locations of subordinate elements have yet to be identified. The bureau‘s political department director formerly served as Political Commissar of the Second Artillery‘s communications command. PLA Information Warfare Militia Units Chinese People’s Armed Police Forces (APF) and the Militia The Militia is a force engaged in continuous preparation and support activities under the leadership of the Party of China, It is a component part of the armed forces, under the command of active military units. A hierarchical subordination relationship is clear. APF is under the direction of the PLA, CMC publishes national policy regarding militia management and provides overall guidance; GSD provides management, PLA regional commanders execute down to the city level through the local APF authorities. The GSD publishes annual training tasks The regional PLA garrisons execute the tasks. APF provides the operation units. Equipment and training facilities are supported by different levels of authority. The Yongning unit is composed of an information warfare center detachment (xinxi fendui zuozhan zhongxin), information gathering detachment (minbing xinxi souji fendui), militia network warfare unit (minbing wangluo zhan fendui), and a militia network protection unit (minbing wangluo fanghu fendui), suggesting that this unit is responsible for the full range of CNO missions. A militia battalion in Yongning County (Ningxia Province, Lanzhou Military Region) established an IW militia group in March 2008 and tasked it to conduct network warfare research and training, and to “attack the enemy’s wartime networks” according to the unit’s Website.
07/1997, The first PLA Division Chief of Staff training forum, dedicated to studying the Kosovo War. 01/1998, First official net militia unit, 40 professionals 02/1999, Unrestricted Warfare 06/1999, Military started to use HLLP.YAI. 01/2000, Join forces Taiwan War Drill. 12/2000, Gen Xu, GSD promotion. 08/2000, First real drill and deployed “Militia Special Net War Training System” for air defense 01/2001, Xujing Garrison Training base for 60 Million Yuan 03/2001, Air Defense Emergency Alternate Plans, 63 Masters and Professors 01/2002, Chongqing and Tianjin exchange and study air defense 03/2002, PLA 73685 Unit tests for air defense master switch. 05/2002, SW 24/7, 30 minutes response unit 05/2002, PLA Gens. Inspect labs. 05/2002, Civilian instructors and Trojan “Glacier 01/2003, Nanjing PLA outsourcing to University as war time commanding center 04/2003, Senior Net Militia back to Mother University to train junior Net Militias. 07/2003, State Own Enterprises as wartime commanding centers 11/2003, PLA Regions new equipment’s test 12/2003, “Frontier Guard 230” Joint operation for air defense 01/2004, New space surveillance and radar system 03/2004, 9th Order of 2002 and 2003’s 231st document 05/2004, SW Air Defense Officer Institute 11/2004, Special recruiting in Guangzhou PLA 11/2004, Performance review and appraisal. 12/2004, Training and drill integrate to real war track 04/2005, A large scale emergency order to form Net Militia Units. 04/2005, Multiple Intelligence Units 05/2005, PLA and PAF Universities recruiting 11/2005, National Emergency Drill Structure 05/2006, Air defense drills and exchange 05/2006, NCPH GinWui Rootkit 11/2006, Large scale online Psychological warfare against Taiwan 05/2007, Shanghai in the air defense game 07/2007, Wuhan in the air defense game 07/2007, Guangzhou PLA set “100 mile off shore” 08/2007, Electromagnetic protection solution 11/2007, Bring in Complicate Electromagnetic Environment concept 09/2007, Tank Regiment 1000 Mile maneuver CEE Drill 12/2007, Purchase “Helicopter” related Information 01/2008, PLA Shenyang Drill for Trojans to change logistic requirements and data to cause confusion. Then EMP destroyed motherboard wireless function modules, landlines and finally radio stations. 09/2008, Guangzhou Deployed KS-1 Missile with Net Militia Units. 09/2008, 2nd Artillery, the largest drill in history and new standards 10/2008, 35 satellites cover surrounding 10/2008, Tank Regiment “Front Line 2008” live ammunition CEE Drill 01/2009. East Sea Fleet drill CEE The Chinese Hacker Community China’s hackers, active in thousands of Web-based groups and individually, represent a mature community of practitioners that has developed a rich knowledge base similar to their counterparts in countries around the world. A review of these Web communities reveals many layers of interest groups: malware tool developers, legitimate security researchers, and novices and experts alike in search of training. The tools or techniques that these groups post are often used by true black hat practitioners.
China’s hacker community gained early notoriety for member willingness to engage in large-scale politically motivated denial of service attacks, data destruction, and Web defacements of foreign networks, known as hacktivism. Between 1999 and 2004, the Chinese hacker community was defined by its regular use of large scale, politically motivated attacks against foreign networks or Websites. Chinese hackers traded Web defacements and distributed denial of service attacks with their counterparts in the United States, Japan, Taiwan, Indonesia, and South Korea and operated with relative immunity from Chinese law until strongly worded condemnations issued from Beijing eventually reigned in the attacks. Motivated by nationalist fervor, often resulting from a perceived insult to China by a foreign country, the leaders of hacker groups unified their members, identified targets, and often disseminated attack tools via their Websites to ensure mass participation. This is a list of notable hacker groups with alleged links to the PLA
1. NCPH Hacker group 2. Javaphile Hacker group
Hacktivist Support to the State
• Command and Control: The lack of an easily implemented command and control structure from the PLA to the hacker community at large makes guiding or directing attacks extremely difficult. Once initiated, hacktivist attacks have the potential develop their own momentum and begin operating beyond the PLA’s or civilian government’s ability to easily control the participants or their targeting. Self-generating hacktivist attacks also have the potential to interfere with sensitive CNO missions by inadvertently disrupting the PLA’s own computer network attacks. Hacktivist attacks on a Chinese adversary may also risk shutting down lines of communication in use for intelligence collection or accidently overwhelm channels the PLA is using as feedback loops to monitor the effectiveness of their network attacks.
• Precision Targeting: The core principles that seem to guide the INEW strategy are based on precision targeting and disciplined coordination to strike carefully selected nodes of an enemy’s information systems judged to have maximum operational impact. The goal is to establish control over the adversary’s ability to access or disseminate information. Hacktivist target selection, in contrast, is generally based on political or nationalist symbolism and not on an alignment with real or perceived PLA campaign objectives and may actually hinder PLA operations or intelligence gathering. Chinese hackers reportedly destroyed large volumes of data on the US Web servers they attacked during the US EP- 3 crisis in April 2001. Similar data destruction against US military servers during a conflict may eliminate valuable intelligence sources for the PLA or destroy data already altered by the PLA as part of a larger deception or perception management operation. Large scale distributed denial of service attacks or high profile Web defacements can also potentially undo backchannel or even overt diplomatic efforts to resolve a crisis or negate the effects of carefully crafted psychological operations.
• Indications and warning: Surprise and deception are central to the INEW strategy and Chinese hacktivist attacks generally lack both. Online mass organization is inherently public and while many hacker groups may implement nominal vetting of members or attempt to close their discussion threads, there is still a need to publicize the cause, announce the targets and if necessary, disseminate tools; all of which greatly increases the likelihood that the plans will be detected and successfully countered. The organizers of the attempted CNN DDoS attack rescheduled their attack and changed Websites in part because of publicity generated by the US-based researchers noted previously who monitored the attack preparations on the Chinese hacker Websites and alerted CNN.
Hacker-State Collaboration
• NSFocus, a prominent commercial information security firm, evolved out of the Green Army Alliance, an early—and prominent—hacker group active from 1997 through 2000; the NSFocus Website still retains logos of the Green Army Alliance and the list of its founding members features some of the most prominent hackers in China.
• XFocus, a commercial information security company that grew from a hacker group, annually
co-sponsors XCon, one of the largest “hacker conferences” in China in partnership with NSFocus and Venus Technology.
• Henan Provincial Public Security Bureau authorities shutdown The Patriot Hackers-Black Eagle Base Website and arrested its members in February 2006. The group, however, was operational again six months later under the name Black Eagle Honker Base when its members released a statement claiming that the group vowed to focus its efforts on training people for the state and working to improve the state’s network security industry, suggesting a possible cooperative relationship with state authorities as a condition of their release.
• The Black Eagle leadership also expressed appreciation to the State Security Bureau (guojia
anquan ju) and the Commission of Science and Technology in National Defense (COSTIND, and now renamed SASTIND82) for the educational guidance they provided to members while in custody. The latter, entity, charged with overseeing national defense industry policy, is not typically referenced in connection with hacker groups or their activities.
Allegations of Government Recruitment from Hacker Groups
• Between July 2007 and November 2008, an individual using the screen name “City_93” posted job vacancy announcements for the Ministry of Public Security’s First Research Institute (posting a Web address www.fri.com.cn) on the discussion board for EvilOctal.com and XFocus.net, two of the largest and in the case of XFocus, most established hacker forums in China.
• “City_93” eventually posted 10 vacancy notices on Evil Octal between 2007 and 2008 and on both sites engaged in lengthy discussion threads on the application procedures and nature of the job with interested users. The job postings were for entry level programmers with experience in the development and implementation of network security system projects.
• The MPS First Research Bureau provides a variety of science and technology research and
development to operational elements of the MPS. The Institute has an information security research group according to its Website.
Job posting on hacker Website EvilOctal by a Ministry of Public Security 1
st Research Institute
representative looking for applicants with information security and programming backgrounds. The post was made by a user with the screen name “City_93” who self-identified as a MPS employee and used an MPS email for follow up contact.
References List: "APT1: Exposing One of China’s Cyber Espionage Units". Mandiant. Retrieved 2013-02-19. a b c David E. Sanger, David Barboza and Nicole Perlroth (18 February 2013). "Chinese Army Unit Is Seen as Tied to Hacking Against U.S.". New York Times. Retrieved 19 February 2013. "Chinese military unit behind 'prolific and sustained hacking'". The Guardian. 19 February 2013. Retrieved 2013-02-19. Finkle, J., Menn, J., Viswanatha, J. U.S. accuses China of cyber spying on American companies. Reuters, Mon 19 May 2014 6:04pm EDT. Clayton, M. US indicts five in China's secret 'Unit 61398' for cyber-spying. Christian Science Monitor, 19 May 2014 David Perera, Chinese attacks 'Byzantine Candor' penetrated federal agencies, says leaked cable, Fierce Government IT, 6 December 2010 a b Clayton, Mark (14 September 2012). "Stealing US business secrets: Experts ID two huge cyber 'gangs' in China". CSMonitor. Retrieved 24 February 2013. a b Riley, Michael; Dune Lawrence (26 July 2012). "Hackers Linked to China’s Army Seen From EU to D.C.". Bloomberg. Retrieved 24 February 2013. Michael Riley; Dune Lawrence (2 August 2012). "China's Comment Group Hacks Europe—and the World". Bloomberg Businessweek. Retrieved 12 February 2013. Joe Weisenthal and Geoffrey Ingersoll (18 Feb 2013). "REPORT: An Overwhelming Number Of The Cyber-Attacks On America Are Coming From This Particular Army Building In China". Business Insider. Retrieved 2013-02-19. a b Bodeen, Christopher (25 February 2013). "Sign That Chinese Hackers Have Become Professional: They Take Weekends Off". The Huffington Post. Retrieved 27 February 2013. Martin, Adam (19 February 2013). "Meet ‘Comment Crew,’ China’s Military-Linked Hackers". NYMag.com. New York Media. Retrieved 24 February 2013. Dave Lee (12 February 2013). "The Comment Group: The hackers hunting for clues about you". BBC News. Retrieved 12 February 2013. a b c Xu, Weiwei (20 February 2013). "China denies hacking claims" (in English). Morning Whistle. Retrieved 8 April 2013. "Hello, Unit 61398". The Economist. 19 February 2013. Retrieved 5 March 2013
Perlroth, Nicole (9 June 2014). "2nd China Army Unit Implicated in Online Spying". The New York Times. Retrieved 9 June 2014. "Second China unit accused of cyber crime". Financial Times. 10 June 2014. Retrieved 10 June 2014. http://fas.org/nuke/guide/china/doctrine/chinamod.pdf "Intelligence Background of Zhou Borong, deputy commander of Hong Kong Garrison" by Huang Yung-nien CHIEN SHAO [Hong Kong], 01 April 1996 No 4, pp 48-51 [PRC: Profile of PLA Hong Kong Garrison Intelligence Chief FBIS-CHI-96-083 01 April 1996] "Communist China's Intelligence, External Affairs Research Organs" by Tan Po CHENG MING, [Hong Kong] 1 Sep 96 No 227, pp 28-31 (PRC: Analysis of CPC Intelligence, Other Organs FBIS-CHI-96-196 1 Sep 1996) "Spy Headquarters Behind the Shrubs -- Supplement to `Secrets About CPC Spies'" by Tan Po Cheng Ming [Hong Kong], 01 March 1997, No 233, pp 34-37 Cheng Ming on Chinese Spy Headquarters FBIS-CHI-97-047 01 March 1997 CHINA'S STRATEGIC MODERNIZATION: IMPLICATIONS FOR THE UNITED STATES Mark A. Stokes [U.S. Army Strategic Studies Institute] -- September 1999 http://project2049.net/documents/pla_third_department_sigint_cyber_stokes_lin_hsiao.pdf The authors would like to extend appreciation to Dennis Blasko, Ellis Melvin, and the Leaker [漏斗子] for their useful insights, inputs, and/or comments. The use of bao zhang [保障] most likely means ―supportǁ‖ but could also be ―assurance.ǁ‖ Initial indications suggest that the base is subordinate to the GSD Informatization Department, which was previous known as the GSD Communications Department. See ―Our Hospital Examines Requirements of GSD Satellite Communications Stationǁ‖ [我院赴 参 星通信 站 研 勤保障需
求], 309 Hospital website, May 17, 2011, at http://www.309gk.com/news_detail_xsdt.asp?id=8328. China Maps Out Informatization Development Strategy,ǁ‖ May 11, 2006, PRC Embassy in the Washington DC, at http://www.china-embassy.org/eng/xw/t251756.htm. Cryptology could be defined as the technical practice and study of secure communication in the presence of third parties. The GSD Third Department is assigned a cover designator of the 61195 Unit. The Third Department is also known as the Technical Reconnaissance Department [技 察部]. See ―Lantern Through the Night: Central Military Commission Second Bureauǁ‖ [―走夜路的灯 ǁ‖: 委二局], Xinhua, July 4, 2011, at http://www.js.xinhuanet.com/xin_wen_zhong_xin/2011- 07/04/content_23160214.htm. See sample chapter of Roger Faligot, Secret history of Chinese Spies: Chapter 12: The People's Liberation Army of Cyberwarriors (Paris: Nouveau Monde Editions), http://www.lerenseignement.com/nouveaumonde/pdf/4200_Les-services-secrets-chinois---version- anglai.pdf. For one report on challenges to Chinese networks, see ―Rising Releases 2010 Report on Threats to Corporate Securityǁ‖ [瑞星 布 2010 企 安全 告 九成国内企 曾被入侵], China Rising, March 11, 2011, at http://www.rising.com.cn/about/news/rising/2011-03-11/9056.html. See, for example, ―Tracking GhostNet: Investigating a Cyber Espionage Network,ǁ‖ Information Warfare Monitor, March 29, 2009, at http://www.nartv.org/mirror/ghostnet.pdf. SIGINT consists of communications intelligence (COMINT) and electronic intelligence (ELINT). The latter involves collection, analysis, and storing of radar emissions. While Third Department has the COMINT portfolio, the GSD Fourth Department likely is responsible for ELINT. See Ian Easton and Mark Stokes, China’s Electronic Intelligence Satellite Developments: Implications for U.S. Air and Naval Operations (Arlington, VA: Project 2049 Institute, 23 February 2011). See James Mulvenon, ―PLA Computer Network Operations: Scenarios, Doctrine, Organizations, and Capability,ǁ‖ in Beyond the Strait: PLA Missions Other Than Taiwan, eds. Roy Kamphausen, David Lai, and Andrew Scobell, Strategic Studies Institute, U.S. Army War College, April 2009, p. 274; and Bryan Krekel, ―Capability of the People‘s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation,ǁ‖ Northrop Grumman Corporation Information Systems Sector Report for the US-China Economic and Security Review Commission, at http://www.uscc.gov/researchpapers/2009/NorthropGrumman_PRC_Cyber_Paper_FINAL_Approved %20Report_16Oct2009.pdf. For an excellent review of Chinese cyber operations, see Desmond Ball, ―China‘s Cyber Warfare Capabilities,ǁ‖ Security Challenges (Australia), Vol. 7, No. 2 (Winter 2011), pp. 81- 103, at http://www.securitychallenges.org.au/ArticlePages/vol7no2Ball.html. For the concept of ―without understanding how to attack, one will not know how to defendǁ‖ [不懂攻就 不会防守], see Qiu Junbo and Hu Zewen, ―The Incredible Abilities of Hacker MM: Chengdu
Area Universities‘ Cyber Defense and Attack Competitionǁ‖ [ ̳黑客 MM‘ 力不俗 成都高校 网
攻防大 ], Sichuan Morning News, April 25, 2005, http://news.qq.com/a/20050425/001504.htm. A 2007 news article published on Chengdu‘s University of Electronic Science and Technology of China website at http://news.cduestc.cn/news/xykj/ShowArticle.asp?ArticleID=5030. Also see You Ming and Zhou Xiyuan, ―Analysis of Attack and Defense Mechanisms in Information Network Warǁ‖ [信息网 抗机制的攻防分析], Network Security Technology and Application, December 6, 2004, at http://tech.ccidnet.com/art/1101/20041206/185771_1.html. See ―Information Operations,ǁ‖ Joint Publication 3-13, Joint Chiefs of Staff, February 13, 2006, at http://www.fas.org/irp/doddir/dod/jp3_13.pdf. For an excellent overview of the General Staff Department, see David Finklestein, ―The General Staff Department of the Chinese People‘s Liberation Army: Organization, Roles, & Missions,ǁ‖ in James C. Mulvenon and Andrew N.D. Yang, eds. The People’s Liberation Army as Organization: Reference Volume v1.0, Santa Monica, CA: RAND, CF-182-NSRD, 2002, pp. 122-224. See also Krekel, ―Capability of the People‘s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation;ǁ‖ and Desmond Ball, ―Signals Intelligence In China,ǁ‖ Jane’s Intelligence Review, Vol. 7, No. 8, August 1995, pp. 365-370. Also see Desmond Ball, ―China‘s Signals Intelligence (SIGINT) Satellite Programs,ǁ‖ Australian National University Strategic and Defence Studies Centre Working Paper #382, December 2003. See Ian Easton and Mark Stokes, China’s Electronic Intelligence Satellite Developments: Implications for U.S. Air and Naval Operations (Arlington, VA: Project 2049 Institute, 23 February 2011). The report asserts that due to the urging of Hu Jintao, Wu allegedly was assigned to the Second Artillery instead of forced retirement. See ―Cyber-Warfare Chief Removed,ǁ‖ Intelligence Online, March 31, 2011. Born in March 1954, Wu Guohua was trained in Russia and spent most of his career at the PLA Foreign Language Institute. See ―General Staff Department Investment into Construction of Bayi Aimin School Put Into Useǁ‖ [参 援建疏勒 ―八一 民学校ǁ‖竣工投入使用], Shule Government website, September 26, 2010, at http://www.shule.gov.cn/ShowNews_Content4457.shtml. Liu replaced Wang Yongsheng [王永生] as Political Commissar. See ―Yan‘an: Wang Yongsheng, General Staff Department Third Department Political Commissar Inspects Restoration Site of Central Military Commission Second Bureauǁ‖ [延安:
参三部政委王永生 察 委二局旧址修复工程], Yan’an Daily, October 19, 2009, at http://www.dashanbei.com/news/1/38469.html. Liu was born in 1956 in Hubei‘s Hong‘an County [安 ]. Former Political Commissar of the PLA Foreign Language School, Major General You Lingquan [有令 泉], is the Third Department Political Department Director. Logistics Department Third Department Deputy Director is Qin Xianming [秦 明]. Referenced Chinese online article ―Opening Day for Beijing Xishan National Forest Parkǁ‖ [北京西山国家森林公园正式开园], Beijing Municipal Bureau of Landscape and Forestry, September 27, 2011, http://www.bjyl.gov.cn/zwgk/zwxx/201109/t20110927_98981.html. Third Department also has a subordinate Organization Department, formerly directed by Wang Bingtian [ 参三部 部原部
王秉田]. See Wu Yi [吴怡], ―General Competition Programǁ‖ [大 方案], South City Network [南方都市网], November 8, 2010, http://www.nfdsw.com/news/2010/1108/index_dszs/114905.htm. Senior Colonel Geng Ruihua [耿瑞 ] serves as S&T Equipment Bureau Deputy Director as of August 2011. See ―PLA University of Science and Technology, General Staff Third Department, Visits the Radio Reconnaissance Site Xiaobu to Observe Educationǁ‖ [解放 理工大学、 参三部到小布第一部无 察 台旧址参 学 ], Ningdu China government, http://www.ningdu.gov.cn/xwzx/xzdt/201105/t20110503_58574.htm; Liu Xiangdong [刘向 ] had previously been in the position. See Zhuang Hao-bin [庄浩 ], ―National Information Security Engineering Technology Research Center establishes roots in Shenzhenǁ‖ [国家信息安全工程技 研
究中心 "落地"深圳],Shenzhen News [深圳新 网], October 2, 2008, http://www.sznews.com/zhuanti/content/2008-10/12/content_3301180.htm; also see Fan Run-hu [樊 虎], ―Vice President Xuan Yimin Leads Delegation to Beijing General Staff Third Department for
Research and Exchangeǁ‖ [宣益民副校 赴北京 参三部 研交流],Science and Technology Agency [科 技 ], January 18, 2010, at http://zs.njust.edu.cn/newzs/news/xxyw/20100118140939.htm. The bureau also oversees a Metrology Center [ 量 中心] (61236 Unit), which is in the Third Department headquarters area. For reference to the S&T Intelligence Bureau, see ―GSD Third
Department S&T Intelligence Bureau Visits Our School for Exchange Workǁ‖ [ 参三部科技情 局来
我 交流工作], cnliam.com, May 24, 2011, http://www.cnliam.com/node/168930. See Ashlee Vance, ―China Wrests Supercomputer Title From U.S.,ǁ‖ New York Times, October 28, 2010, at http://www.nytimes.com/2010/10/28/technology/28compute.html. For example, the 56th Research Institute may be linked with the National Information Assurance Engineering Technology Research Center [国家信息安全工程技 研究中心]. ―SSL VPN Password Generator Passes National Cryptological Bureau Certificationǁ‖ [SSL VPN 密 机通 国家密 局 定],Sanjiang Space Group Communications Company website, May 14, 2011, at http://www.ssnc.com.cn/Item/37.aspx. China 15th 863 Program First Area Expert Working Group and Focus Area Expert Working Group Member Listǁ‖ [国家―十五ǁ‖863 划(民口)第一届 域 家委 会和主 家 成 名 ], undated, at http://www.kjc.dicp.ac.cn/meeting/committee-list.htm. The 56th Research Institute is the [江南 算技 研究所]. Other prominent information security specialists include Ji Cengrui [吉增瑞] and Chen Zuoning [ 左宁]. The 57th Research Institute may carry an MUCD of the 61482 Unit. It also hosts a Signal Processing Key Defense Laboratory [信号盲 理国防科技重点 室]. See ―Chengdu City Southwest Electronics and Telecommunications Research Institutes Recruitment for Internsǁ‖ [成都市西南 子 信技 研究所招聘( 生)], Sichuan University State Software Demonstration College, December 29, 2009, at http://sw.scu.edu.cn/new_sw/infoDetail.jsp?id=1714. Also see ―Our School and General Staff Department‘s 57th Research Institute Sign Strategic Cooperative Agreementǁ‖ [我校与 参第五十七研究所 署 略合作 ], Xdnice.com, March 15, 2011, at http://www.xdnice.com/news/2011-03/90181.html. The specific location in Dujiangyan is 崇州市, 青城山. 23 Key researchers at the 57th Research Institute [[西南 子 信技 研究所] include Ye Shangfu [叶尚福] and Zhu Zhongliang [朱中梁]. See ―Zhu Zhongliangǁ‖ [朱中梁], Baidu Baike, at http://baike.baidu.com/view/238698.htm. Yu Jian [余健] directs the institute, and has a grade equivalent to a deputy group army commander. Chen Huiqi [ 惠启] served as deputy director, and now appears to be have been promoted to Political Commissar. Chen Huiqi was formerly 61849 Unit PC. Song Xuelei [宋学雷] and Meng Xiangping [孟祥平] are deputy directors. Cheng Jian [程建] serves as senior engineer, and Yu Ling [游凌] as deputy senior engineer. Sun Zhengbo [ 正波] is another senior engineer within the 57th Research Institute. Among various sources, see ―Our School Signs Strategic Partnership Agreement with GSD 57th Research Instituteǁ‖ [我校与 参第五十七研究所 署 略合作 ], Xian University of Electronic S&T, March 15, 2011, at http://www.xdnice.com/news/2011-03/90181.html. The institute is located in Chengdu‘s Wuhou District, 118 First Ring Road West, Section 1. The Shuangliu site is referred as a ―work stationǁ‖ [双流工作 站]. The Guangdong unit carries an MUCD of the 61849 Unit. See ―Introduction to Companyǁ‖ [企 介], SWAI website, undated, at http://www.58suo.com/index/about.asp?id=2.and ―Information Security S&T Seminar Begins in Beijingǁ‖ [ ̳信息安全技 ‘技 科学 在京 行], China Academy of Sciences Academic Divisions website, November 27, 2005, at http://www.casad.cas.cn/gzdt/200511/t20051128_43265.html. Director of SWAI [西南自 化研究所] as of early 2010 is Zuo Yanmin [左 民]. See ―Deputy Director Xuan Yimin Represents School in Discussions with GSD Third Departmentǁ‖ [宣益 民副校 赴北京 参三部 研交流], Nanjing University of S&T website, January 18, 2010, at http://zs.njust.edu.cn/newzs/news/xxyw/20100118140939.htm. New Leap in Network Security Technologyǁ‖ [网 信息安全技 的新 ], Yanzhao (Hebei Province) Political Consultative Committee website, undated, at http://www.zxxw.gov.cn/ReadNews.asp?NewsID=2578&BigClassName=%E5%A7%94%E5%91%98%E5 %95%86%E5%8A%A1&SmallClassName=%E5%A7%94%E5%91%98%E5%95%86%E5%8A%A1&SpecialI D=0. In the past, Huang was affiliated with a office under a unit with an old MUCD of the 57405 Unit. See James Mulvenon, ―PLA Computer Network Operations: Scenarios, Doctrine, Organizations, and Capability,ǁ‖ in Beyond the Strait: PLA Missions Other Than Taiwan, eds. Roy Kamphausen, David Lai, and Andrew Scobell, Strategic Studies Institute, U.S. Army War College, April 2009, p. 274 Yao Jingsong [姚京松] is a key player within the Third Department Computing Center. The China
North Computing Center is said to be involved in a number of major computing and information security projects, and is located at 100 Shaoziying, Haidian District. The center is said to be managed jointly with the National Computing Center. The Communications Security Bureau is the 通信机要局 in Chinese. The China North Computing Center [北方 算中心] has also been referred to as the 61539 Unit or ―418 所.ǁ‖ The National Research Center for Information Technology Security [国家信息技 安全研究中心] has also been referred to as the PLA Information Security Center [解放 信息安全中心]. See ―National Information Technology and Security Research Centerǁ‖ [国家信息技 安全研究中心], ISRA Website, undated, at http://www.isra.org.cn/about/index.htm; and ―China Futures Association Information Director Liu Tiebin: Ideas for IT System Security Designǁ‖ [中国期 会信息部主任
刘 斌:IT 系 安 全体系 思路], China Information Network, September 4, 2009, at http://www.cio360.net/Page/1802/InfoID/307354/SourceId/11300/PubDate/2009-09-04/Default.aspx. For linkage between the PLA Information Security Evaluation and Certification Center [解放 信息安
全 中心] and the Third Bureau, see ―High Tech Zone S&T Committee Holds Annual and Next Year Work Meetingǁ‖ [高新区科技局年度工作 及明年工作安排], Chengdu High Technology Development Zone website, October 10, 2008, at http://www.cnwmz.com/zongjiebaogao/200810/77065_3.html. http://jeffreycarr.blogspot.ae/2013/03/who-are-players-in-chinas-targeting-of.html http://igcc.ucsd.edu/assets/001/503541.pdf https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-tk234-pla_information_warfare.pdf
