Not too long ago, China's network of hackers was often described as a loose collection of freelancers, who sought to penetrate the computer systems of international businesses and governments out of a mix of nationalist fervor and opportunism. But security experts have increasingly come to see both political and industrial espionage as the work of professional intelligence agencies. This view has given added credence by a new report from the computer security firm Mandiant. According to Mandiant, the Chinese army is running a veritable hacking factory in the suburbs of Shanghai – and doing contract work for China's vast state-owned companies.
Mandiant's report claims that a group known for several years as “APT1,” one of the world's most prolific groups of hackers, is almost certainly part of PLA Unit 61398. Unit 61398, a bureau of the Chinese signals intelligence service, has been previously connected to cyber-warfare, but not to specific intrusions. The report claims that it has been responsible for dozens of attacks on foreign companies and governments (which it doesn’t name due to confidentiality agreements) although it seems to be primarily responsible for spying on English-speaking organizations.
The report comes as concern is rising about cyber-espionage. The American administration is reported to be planning action. It is one of two this week tracing Chinese attacks to their source – the other, from Dell's SecureWorks via Bloomberg, puts a face to the attacks but reveals little about his institutional links. It is worth noting that both SecureWorks and Mandiant stand to profit as businesses become more worried about internet security.
There are serious implications for national security and trade policy, which experts will cover better than I can. But if true, Mandiant's report also demonstrates a startling fact about China's political economy – that big business has so much power that it is able to wield the country's national security apparatus to get a leg up in contract negotiations. It is as though Goldman Sachs were able to use the wiretapping expertise of the NSA in order to get a leg up on its overseas competitors.
Mandiant argues that the work of the 61398 group has been driven by China's drive to turn its largest State owned enterprises (SOEs) into “national champions” capable of taking on global competitors in international markets – many of its known cases focused on the strategic emerging industries, a set chosen by China's leaders to receive enormous regulatory and market advantages. Most specific cases are unnamed, but Mandiant told Bloomberg that Chinese hackers supported CNOOC's 2011 effort to bid for Chesapeake Energy's natural gas division, looking through its investment bank’s files in a form of shadow “due diligence.”
Perhaps the most extravagant case is described in the New York Times story – in which, while Coca-Cola was in talks to buy China's largest private maker of fruit juices, the 61398 group broke into its systems, evidently trying to find information about its negotiating strategy.
Although these cases are not entirely disconnected from national security – the CNOOC-Chesapeake deal was an effort to acquire technology for natural gas "fracking," which China sees as critical to its energy security – they are mostly about profits. Look at China's oil holdings in Venezuela, acquired at premium prices and greased by government-subsidized loans, which look increasingly like a boondoggle. Despite the state’s subsidization of the oil deals it appears that a significant amount of the oil Chinese companies buy from Venezuela is sold on the global market rather than being shipped back to China.
Even so, major Chinese companies seem to be using the intelligence capabilities of the army to support profit-seeking business activities – effectively nationalizing the reputation risk of corporate espionage, rather as Chinese banks have been accused of nationalizing the credit risk of lending to SOEs and local governments. Chinese companies have been caught stealing technology from and spying on American rivals – but their use of the army's intelligence assets makes the problem a diplomatic issue, and creates the risk of sanctions that will affect the entire Chinese economy. If there is to be a price for the SOE's bad behavior, it looks as though the country as a whole will have to pay it.