What is and who are Unit 61398?

What is and who are Unit 61398?

Henry Dalziel | General Hacking Posts, Hacker Hotshots, Latest InfoSec News | June 3, 2013

The People’s Liberation Army Unit 61398 is allegedly, the Chinese military ‘Hacking Department’. There are many hacking collectives around the world, but few are known to the outside world that are sponsored by a military power, not least from a large (soon-to-be) super power. Sure, everyone knows that every nation has a defensive and offensive military cyber-attacking wing or department, but few are actually named or shamed.

Our blog here at Concise Courses outlined a story at the start of the year how General Alexander of the US Army, announced the creation of 40 elite hacking units to defend the US, with 13 of those having an almost SWAT-like manifesto. For those interested in the US Army military cyber-warfare group you should read the Cyber Intelligence Sharing and Protection Act (CISPA). So, whereas the US Army and Government announced the formation of a new hacking-battalion of cyber information security professionals the Chinese instead decided to continue to keep their hacking activities quiet, that is, until the discovery of a 12 story building off Datong Road in Pudong, Shanghai. This building was housing Unit 61398, also known as “Advanced Persistent Threat 1” (“APT1”) and “Byzantine Candor.” (To learn what an APT is click here: presentation by Ray Friedman, Mile2’s CEO).

What does Unit 61398 do?
The group or department are accused of having been responsible for hacking into hundreds of corporations and government entities and organizations around the world since at least 2005. Spending their time canvassing attack surfaces the group(s) compromise Intellectual Property and Military Secrets including national security infrastructure. The military hacking collective has stolen trade secrets and other confidential information (IP) from numerous foreign businesses and organizations over the course of the last decade. Examples include Lockheed Martin, BAE Systems and frankly every company in the Fortune 500 if we are honest to ourselves. Here’s a fact that we find fascinating: during our Hacker Hotshots information security web webshow last year with G Mark Hardy we discovered that:

“it’s estimated that the entire volume of the U.S. Library of Congress (of equivalent information) is being stolen every year!”

The immediate thought here is one of shock but also, clearly, a lot of people will be required to sift and organize this data into what is crap, useful and golden.

What is the real fear about groups like Unit 61398?
Simple. The fear is this: with regards to international commerce, being able to have access to your competitors blueprints is frankly worth its’ weight in diamonds. Think about it for a moment. Take Boeing or BAE Systems, they have invested billions into making fuel efficient engines or machines that work efficiently and effectively. If a rival obtains this secret IP then obviously the competitive landscape becomes flattened – and – they will have the benefit of not worrying about the Return of Investment from Research and Development! Good times for the hacking nation then! Said even more simply, in the commercial world, the removal of IP allows for barriers of entry to be lifted. Once these are lifted then trade production and employment can instantly migrate to the host-hacking nation.

In military terms the fear is obvious. Let’s take a simple example: drones. The US, Israel and the UK lead the way with developing the military deadly effectiveness of drones. Imagine being able to have access to the blueprints and secrets of how those drones were made? Being able to produce the same drones for military use or to be able to sell them cheaper to rogue nations opens a pandora box of madness.

In Summary
Yes, the PLA Unit is definitely something to be concerned about. We just have to see how, and what, the response is from the nations the group is attacking the most: namely the United States.

Do you have any thoughts on the above? Let us know we’d love to hear from you.

Leave a comment or reply below...thanks!