Tuesday, May 20, 2014
James T. Areddy
The People’s Liberation Army hackers at the center of U.S. allegations of government-led Chinese cyber-theft work in a cluster of buildings that are easy to ignore among Shanghai’s skyscrapers.
It linked all of them to PLA Unit 61398 in Shanghai.
China’s government responded that the indictment is based on fabricated information and it suspended certain cooperation with the U.S. government on Internet security.
Beijing also issued accusations of U.S. cyber-attacks on Chinese interests in the past two months.
The Justice Department’s statement didn’t specify the PLA unit’s address in Shanghai.
But last year, Virginia cybersecurity firm Mandiant Corp. pinpointed Unit 61398’s location to a residential-industrial section of Shanghai’s Pudong district, about 15 kilometers from its familiar skyline.
A white, 12-floor building with dark rectangle windows is the tallest structure in a particularly restricted area within the PLA base that is inaccessible to outsiders but easily visible from the street.
The location is out-of-the-way: incongruently at the edges of hulking riverside facilities of China Petroleum & Chemical Corp. with pipelines snaking across the road and of a more tranquil Netherlands-inspired property development called Holland Village that includes a windmill.
This isn’t a section of Shanghai that Chinese officials show off to foreign dignitaries.
A karaoke bar stands across the street from the army unit and auto repair places are to its back, where a red star is affixed to the central building.
Other buildings in the area include signage and flags that suggest military links but lack the heavy security.
The central building housing Unit 61398 is seven years old, according to the study of its operations published last year by Mandiant.
Like the U.S. government, the security firm said the unit is involved in Internet theft and its report names at least one of the alleged perpetrators who were indicted.
In its report, Mandiant estimated that “hundreds, and perhaps thousands” of people work in Unit 61398, based on the physical infrastructure it found as described in public records in China, such as construction documents.
The report cited evidence that internet provider China Telecom runs a defense-related fiber-optic cable infrastructure to the unit.
Key personnel must master English to work there, as well as have training in computersecurity and network operations, Mandiant said citing records and reports employees themselves posted online.
The report said logistical operations that support the unit, including a clinic and kindergarten, are amenities “usually associated with large military units or units at higher echelons.”
Little of this can be assessed from a quick look, of course.
The main building rests on a small hill.
Darkened windows make it tough to see inside.
The roof has least three satellite dishes.
On the wall topped by a steel fencing that surrounds the primary facility, posters show soldiers and tanks – plus signs in English reminding, “Restricted Military Area No Photography.”
Still, standing inside the front gate on Tuesday was a photographer and another with a video camera – apparently security personnel – who appeared to be in radio contact with soldiers dressed in camouflage patrolling the perimeter and who trained their lenses at a reporter’s car as it passed.
The Wall Street Journal didn’t attempt to speak with them.