Chinese Hackers: Crooks or Government Agents?

Following a report from Mandiant about a Chinese hacker group allegedly linked to the People’s Liberation Army, the Obama administration condemned officially-sanctioned Chinese cyberattacks. Yet, following a three-month quiet period, Unit 61398 is back in action, according to a report from the New York Times:

[..U]nit 61398, whose well-guarded 12-story white headquarters on the edges of Shanghai became the symbol of Chinese cyberpower, is back in business, according to American officials and security companies.

It is not clear precisely who has been affected by the latest attacks. Mandiant, a private security company that helps companies and government agencies defend themselves from hackers, said the attacks had resumed but would not identify the targets, citing agreements with its clients. But it did say the victims were many of the same ones the unit had attacked before.

The hackers were behind scores of thefts of intellectual property and government documents over the past five years, according to a report by Mandiant in February that was confirmed by American officials. They have stolen product blueprints, manufacturing plans, clinical trial results, pricing documents, negotiation strategies and other proprietary information from more than 100 of Mandiant’s clients, predominantly in the United States.

[…] In interviews, Obama administration officials said they were not surprised by the resumption of the hacking activity. One senior official said Friday that “this is something we are going to have to come back at time and again with the Chinese leadership,” who, he said, “have to be convinced there is a real cost to this kind of activity.” [Source]

Yet a report in the Financial Times points out that the image of Chinese hackers as part of a well-oiled government machine is often off-base. Many hackers, in fact, are just criminals working on their own for their own profit. The article describes one failed attempt by a group of hackers to break into the systems of Foxconn in order to exploit a fight between the company and its competitor, BYD:

“Some assessments seek to create the impression that China conducts cyber espionage in a highly organised way with a tight command structure, but that is just not true,” says an official at a US industry association.

He says the military unit portrayed by Mandiant as a spider at the centre of a giant web is just one actor in a thriving but chaotic Chinese hacking ecosystem with many different private and state actors. “One key driver is a set of national policies that call for innovation and the development and acquisition of new technologies. This means there is an incentive for every company and every government institution to get their hands on IP, whatever it takes.” [Source]