China Says U.S. Is Making Hacking Claims to Lobby for More Money, Legislation

By Patrick Goodenough | February 21, 2013 | 4:39 AM EST

In this August 2011 file photo, a computer forensic examiner looks for evidence on hard drives at the Department of Defense Cybercrime Center in Linthicum, Md. (AP Photo/Cliff Owen)

( – Amid a deepening row over reported massive hacking attacks by its military, Chinese state media are suggesting that the allegations are part of a lobbying strategy aimed at prodding Congress to boost defense spending and pass cyber security legislation.

Beijing’s defense and foreign ministries have strongly denied claims by a Virginia-based cyber security firm linking attacks – going back to at least 2006 and targeting more than 140 companies – to a Chinese People’s Liberation Army (PLA) unit stationed in Shanghai.

In a report Tuesday, Mandiant said its analysis had led it to conclude that that the group of cyber-espionage operators, which it labels APT 1 (APT for “advanced persistent threat”), “is likely government-sponsored and one of the most persistent of China’s cyber threat actors.”

It said APT 1 is believed to be a PLA entity known as Unit 61398, partially located in a 12-story building on the outskirts of Shanghai.

The White House and State Department said the U.S. has taken up concerns about cyber-espionage with the Chinese “at the highest level” and will continue to do so.

Chinese Defense Ministry spokesman Geng Yansheng said Mandiant’s report was groundless and lacking in “technical proof,” arguing that the true source of cyberattacks can often be difficult to trace. China always cracks down on cyber-crimes, he added.

Geng said Chinese military computers were themselves the target of many attacks originating from abroad, with a “considerable number” of them coming from the United States judging from the source IP addresses (Each computer or device is assigned an Internet Protocol address.)

Foreign Ministry spokesman Hong Lei said in Beijing Wednesday the Chinese and U.S. governments were maintaining “communication” over the issue

A day earlier, Hong told a briefing in response to the Mandiant report that “groundless criticism is irresponsible and unprofessional, and it will not help to solve the problem” of cyber-theft.

Alongside the denials, official media are promoting the line that there is a hidden motive behind the American allegations.

Employing a tactic common to the sector, the news outlets are attributing the view to Chinese academics and experts, rather than government or military officials directly.

“Experts said recent allegations could be part of an effort by lobbying groups and private companies to push Congress to pass legislation and increase funding for cyber security,” state-run China Daily said in a report Thursday.

“Cyber security is a new way for Washington to levy pressure on the Chinese military, observers said.”

It cited one Chinese military commentator as saying that drawing attention to a purported “threat” was “a convenient way for Washington to seek an increase in its defense budget and enlarge cyber security forces.”

A security affairs professor was quoted as saying “competition” could be behind the claims.

A report in the Communist Party-affiliated Global Times quoted another academic – a public opinion specialist – as saying U.S. media were “sensationalizing” the issue to “give its military forces excuses to invest more in its own cyber espionage technology.” and seeking to discredit Chinese cyber-tech companies, to boost U.S. competitors.

Dean Cheng, research fellow on Chinese political and security affairs at the Heritage Foundation, found it significant that Mandiant identified Unit 61398 as falling under the Third Department of the PLA’s General Staff Department (GSD).

According to Cheng, GSD is responsible for “military planning, intelligence, and operational implementation,” and its Third Department specifically carries out functions similar to those of the  U.S. National Security Agency, monitoring communications, cryptography etc.

“The combination of military and intelligence responsibilities would give this organization a wide purview of entities to hack,” he said.

China claims itself to be a target of hacking. Last year, the country’s National Computer Network Emergency Response Coordination Center published a report saying that in the eight months ending December 2011, more than 12,500 Chinese websites, including almost 1,200 governmental ones, had detected cyber-attacks.

The report said some 11,800 foreign IPs were involved in the attacks, 28 percent of them based in the U.S.

Patrick Goodenough
Patrick Goodenough
Spencer Journalism Fellow