Much about alleged hackers in China's spying is murky

Share with others:

Print Email Read Later

BEIJING -- One man accused of being a hacker for the Chinese military, Wang Dong, better known as UglyGorilla, wrote in a social media profile that he did not "have much ambition" but wanted "to wander the world with a sword, an idiot."

Another, Sun Kailiang, also known as Jack Sun, grew up in wealthy Pei County in eastern China, the home of a peasant who founded the ancient Han dynasty and was idolized by Mao.

They and three others were indicted by the U.S. Justice Department this week, charged with being part of a Chinese military unit that has hacked the computers of prominent U.S. companies in Western Pennsylvania to steal commercial secrets, presumably for the benefit of Chinese companies.

Much about the hackers remains murky. But Chinese websites, as well as interviews with cybersecurity experts and former hackers in and outside China, reveal some common traits among those indicted and their operations and show that China's hacking culture is a complex mosaic of shifting motivations, employers and allegiances.

Many hackers employed directly by the Chinese government are men in their 20s and 30s who have been trained at universities run by the People's Liberation Army and are employed by the state in myriad ways.

Those working directly for the military usually follow a 9-to-5 weekday schedule and are not well paid, experts and former hackers said. Some military and government employees moonlight as mercenaries and do more hacking on their own time, selling their skills to state-owned and private companies. Some belong to the same online social networking groups.

"There are many types of relationships," said Adam Segal, a China and cybersecurity scholar at the Council on Foreign Relations in New York. "Some PLA hackers offer their services under contract to state-owned enterprises. For some critical technologies, it is possible that PLA hackers are tasked with attacks on specific foreign companies."

The Obama administration makes a distinction between hacking to protect national security, which it calls fair play, and hacking to obtain trade secrets to give an edge to corporations, which it says is illegal. China and other nations accuse the United States of being the biggest perpetrator of both kinds of espionage.

In what may be an element of Chinese retaliation for the indictments, a state agency announced plans Thursday for tighter checks on Internet firms that do business in China. The State Internet Information Office said the government would establish new procedures to assess potential security problems with Internet technology and with services used by sectors "related to national security and the public interest," reported Xinhua, the state-run news agency.

In the indictments unsealed Monday, the United States accused Mr. Wang, Mr. Sun and three others of working in the Chinese Army's Unit 61398, which a report last year by Mandiant, an Alexandria, Va., cybersecurity firm, said operated from a 12-story white tower on Shanghai's outskirts. That unit is now the most infamous of China's suspected hacking groups. The Western cybersecurity industry variously calls it the Comment Crew, the Shanghai Group and APT1.

Some members are active on Chinese social media. Mr. Wang, Mr. Sun and another of those indicted, Wen Xinyu, are part of a group on QQ, a social networking and messaging tool, that calls itself "Poor Folks Fed by Public Funds," a Net search found.

The group, which has 24 members, also includes Mei Qiang, a suspected hacker named in the Mandiant report whose alias is SuperHard. Another member, Xu Yaoling, has the same name as someone from the PLA University of Science and Technology, a military institution in Nanjing, who has written papers on hacking and cybersecurity.

Mr. Wang posted messages on an official Chinese military forum in 2004 under the alias Green Field. He called himself a "military enthusiast" and asked in one thread, "Does our military have the capabilities to fight against American troops?" His forum profile listed an English name, Jack Wang, and email address; messages sent there this week went unanswered. He has been known to leave a signature, "ug," on malware he has created.

"I think they're soldiers with some training in computer technology, not technology people drafted into the military," said an ex-hacker who has done what he calls defensive work for China's army and security agencies.


You have 2 remaining free articles this month

Try unlimited digital access

If you are an existing subscriber,
link your account for free access. Start here

You’ve reached the limit of free articles this month.

To continue unlimited reading

If you are an existing subscriber,
link your account for free access. Start here