China`s cyber warfare unit highlighted amid hacking of US media

China`s cyber warfare unit has been unveiled after it allegedly hacked U.S. media. The Associated Press on Thursday ran a story on Unit 61398 of the Chinese People`s Liberation Army, based on a report by the U.S. computer security company Mandiant and information collected by the AP.

According to the report, the unit, which is known to be housed in a 12-story building in Shanghai`s Pudong district, has been recruiting computer experts for at least 10 years to prepare for cyber warfare. Staff have been recruited directly from universities without going through military personnel.

"A notice dated 2003 on the Chinese Internet said the unit was seeking master`s degree students from Zhejiang University`s College of Computer Science and Technology," the AP said. "It offered a scholarship, conditional on the student reporting for work at Unit 61398 after graduation."

The Shanghai headquarters has office space for up to 2,000 people and the surrounding neighborhood is filled with apartment buildings, tea houses, stores and karaoke bars. The AP cited Mandiant as estimating the number of unit personnel from hundreds to several thousand, and China has five or six similar units.

The news agency said the unit seemed to have elite status as the state-run China Telecom had a special arrangement for fiber-optic communication infrastructure and agreed to the military`s suggested price due to "national defense construction" concerns. In Chinese cities, Internet users usually go online via phone lines.

"Cyberspies typically enter targeted computer networks through `spearfishing` attacks, in which a company official receives a creatively disguised email and is tricked into clicking on a link or attachment that then opens a secret door for the hackers," the AP said.

IT and aerospace companies were the main targets of the hackers. Such attacks mostly lasted under a year but for more than four years in other cases, according to the AP.

Ironically, the unit was tracked down because of holes in its own cyber security system. Mandiant had a tough time tracking down the Chinese hackers because of China`s "Great Firewall" of Internet filtering blocks. The company, however, discovered that certain Facebook and Twitter accounts were being accessed from Internet protocol addresses connected to the unit. The Great Firewall blocks the two major U.S.-based social networking sites, but Unit 61398 operators got around the restriction by accessing them directly from the unit`s system. "These actors have made poor operational security choices, facilitating our research and allowing us to track their activities," the Mandiant report said.

koh@donga.com