A group of cybercriminals has breached and mapped the global banking system, and in a series of attacks has so far stolen $81 million from the central bank of Bangladesh. Experts believe the attacks were done through a vulnerability in the SWIFT banking system, which connects 11,000 financial institutions around the world.
Investigations into the ongoing attacks are still underway, and related attacks on other banks are still being uncovered. Some experts are pinning the attack on hackers from North Korea, since the tools they used share similarities to the November 2014 hack of Sony Pictures Entertainment.
According to an insider with direct knowledge of the recent attacks, however, the culprit behind the digital bank robberies is much larger. The insider requested to remain anonymous due to security concerns, and was able to provide evidence to support his claims.
A screenshot provided to Epoch Times showing the security certificate of a Mexico-owned bank money transfer network being exfiltrated. Hackers can use the certificate to send communications through the company’s networks, which its recipients would automatically validate. (Epoch Times)
A screenshot provided to Epoch Times showing the security certificate of a Mexico-owned bank money transfer network being exfiltrated. Hackers can use the certificate to send communications through the company’s networks, which its recipients would automatically validate. (Epoch Times)
Chinese state hackers identified the initial vulnerability, and used it to infiltrate and infect the global financial system, according to the insider. When their contract ended with the Chinese regime last year, they sold the vulnerability to cybercrime groups on a private marketplace in the darknet in an attempt to thwart detection, he said. The darknet is an alternate internet that is only accessible using specialized software. While the darknet has legitimate uses, criminal groups buy, sell, and conspire on darknet forums.
The Chinese regime runs a large network of hackers under the General Staff Department, Third Department, of its military. These hackers carry out orders from the Chinese regime, and also often run additional operations or sell data on the side for personal financial gain. Epoch Times exposed this system in a previous investigative series.
Read MoreMurder, Money, and Spies Investigative Series
The cybercrime groups who purchased the vulnerability are allegedly those carrying out the current attacks and illegal money transfers.
“The Chinese have already gained permanent access to the target financial networks and exfiltrated all the data they wanted for the contract for their sponsor” the insider said. “Now they have this vulnerability they can continue to monetize, so now they’re selling it to criminal networks.”
Process of the Breach
The code used in the vulnerability pulled from multiple places, which could also mean researchers just looking at the breach from the surface may draw false conclusions. He said some of the code was developed in-house by the Chinese hackers, but they also purchased some of the code from Russian universities.
The insider said the Chinese hackers didn’t sell the vulnerability to any specific cybercrime group either. “They’ll sell one bank to one group,” he said, and noted most of the hackers carrying out the current attacks are comparatively low-skilled. “They’re not coders,” he said. “They just know how to release packages and deploy them.”
The insider was able to provide forensic data and screenshots that support the claims. The insider was also able to provide a list of targeted banks, which he noted is growing, and which includes a long list of banks and financial systems that are connected to a compromised banking partner network—including several in the United States, Latin America, and Asia.
The Chinese state hackers started their attacks on the bank networks as early as 2006, according to the insider, and began uploading malware to the bank networks in 2013.
Read MoreChinese General Says ‘Contain the United States’ by Attacking Its Finances
While the breach of SWIFT has been made public, he said, the Chinese hackers also breached a money transfer network which is run by a Mexico-owned bank based in New Jersey.
“Basically, Mexico’s critical infrastructure is owned by the same APT group,” he said, using “APT” or “advanced persistent threat,” to refer to the Chinese state hackers. “They’re in everything down there,” the insider said, referring to the level of access the Chinese state hackers have gained over critical networks in Mexico.
A post on a cybercrime darknet forum offers access to Mexican government networks, stating the entry is “ideal for cyberspy.” (Screenshot was provided to Epoch Times by an insider)
A post on a cybercrime darknet forum offers access to more than 150,000,000 sensitive files from Mexican government networks, stating “information is complete country.” (Screenshot was provided to Epoch Times by an insider)
A post on a cybercrime darknet forum sells access to “all information” on Mexico, noting it contains a new method to breach networks, and includes “bigs company” in the financial sector. (Screenshot was provided to Epoch Times by an insider)
It wasn’t until around June 2015 that the Chinese state hackers sold the vulnerability to cybercrime organizations, and these organizations immediately used it to begin mapping, testing, and infecting banks and financial systems.
The insider said the hackers exploited a vulnerability in the code used to build web applications named Apache Struts V2. It was vulnerable as early as 2006 and was patched in 2013. He also noted that after gaining access, the hackers have since traversed numerous additional financial networks they’re targeting.
While the Chinese state hackers sold access to the bank networks, the source noted the hackers had been mapping and infecting the global banking system over the last eight years.
When they decided to sell the vulnerability, they did not forfeit their access to the networks. By the time they sold it, the insider said, it had already served its purpose. In other words, the Chinese state hackers still have access to the networks—and not just to a few banks, but instead most of the global banking system.
The insider speculated that the Chinese state hackers are selling the original vulnerability both for profit, and to use the cybercriminal gang as a deliberate distraction from their higher-level breaches. He went on to

Read the full article here

This news summary was originally dispatched as part of Epoch Times China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article, or sign up here.
One of the most important developments in recent history for China’s military took place last month, and it was easy to miss.
The Chinese Communist Party (CCP) ordered its military to abandon its business ventures over the next three years. The order applies to the People’s Liberation Army and the People’s Armed Police.
Those who follow Epoch Times reporting know the implications of this run deep. As my colleague Matthew Robertson pointed out, this will notably close the military-run hospitals which carry out the CCP’s forced organ transplants of prisoners of conscience—most markedly Falun Gong practitioners.
Robertson profiled the operations of one of these hospitals, Tianjin First Central, in an investigative piece in February, and noted “Epoch Times found sufficient evidence to throw into great doubt, if not demolish entirely, the official narrative of organ sourcing in China. This is simply due to the number of transplants: they are far too high.”
But the implications of the new order for the Chinese military run deeper still, as the order will very likely also impact the Chinese military’s use of cyberattacks for financial gain.
I’m not talking about the state-sanctioned cyberattacks, but instead the cyberattacks military commanders run to feed business ventures they have ties to, and the cyberattacks individual military hackers carry out to stuff their own pockets.
I mapped out China’s military-industrial complex in a September 2015 investigative report, and noted that until recently the Chinese military was expected to find external ventures to fund its operations.
I also detailed in March the DarkNet marketplaces that Chinese military hackers run to make money on the side. The hackers have been carrying out the state-run cyberattacks on behalf of the Chinese regime, but have also been stealing additional information they can sell personally.
Under the new orders, it’s likely these external ventures will gradually lessen, and we could see a significant drop in Chinese cyberattacks.
Of course, this doesn’t mean the state-sponsored cyberattacks will stop. It just means the military-led cyberattacks the Chinese regime doesn’t have a direct hand in could be coming to an end.
This process has actually been underway for some time. In September 2015, the leader of the Chinese Communist Party, Xi Jinping, announced he would cut 300,000 troops from the Chinese military. This was accompanied by a planned restructuring of the Chinese military.
I reported in November 2015 that there was more to this restructuring than meets the eye. A proposal for the new structure shows that it would move the military units that carry out the cyberattacks out from under strict military control, and put them under joint command between the Central Military Commission and the State Council.
In other words, the restructuring would give the “government” side of the Chinese regime–the state council–more oversight over the types of cyberoperations being carried out by the military.
Read MoreAgreement on Cyberattacks Will Not Stop China’s Economic Theft
On May 16, the Chinese regime also deployed “anti-graft” squads to different theater commands and “key military departments,” according to the state-run Global Times. Under the oversight of these 10 anti-graft squads, it states, these targeted commands and departments will “for the first time be accountable to top military authorities.”
This won’t all happen overnight, however. The state-run China Daily reported on May 10 that the People’s Liberation Army and People’s Armed Police have started by selecting 17 units to close their commercial activities.
With plans to complete this process within three years, it notes the 17 units are “tasked with exploring effective ways to shut down businesses.”

Read the full article here

This news analysis was originally dispatched as part of Epoch Times China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article.
There have been four cases of Chinese espionage against the United States in just the last three weeks. These haven’t been the run-of-the-mill cyberspies either; these are Cold War-style cases of individuals allegedly caught spying on behalf of a communist regime.
Three of the cases involved people trying to steal nuclear technology. Another involved the theft of cutting-edge technology for unmanned submarines.
The first case garnered the most attention. On April 8, the U.S. military held the first hearing on the case of Lt. Cmdr. Edward Chieh-Liang Lin. The U.S. military officer and Taiwanese immigrant served as a “nuclear-trained enlisted sailor” and as a signals intelligence expert, and was allegedly spying on behalf of Taiwan and Mainland China.
Just five days later, a Chinese citizen, Fuyi “Frank” Sun, 52, was arrested in New York for trying to obtain sensitive carbon fiber used in nuclear centrifuges. Sun allegedly told undercover agents he worked for the Chinese regime’s missile program and had close ties to the Chinese military.
The next day, on April 14, another individual was indicted, alongside a Chinese state-owned nuclear power company, in a conspiracy case in Tennessee. Szuhsiung “Allen” Ho was allegedly acting on behalf of the state-run company to illegally transfer nuclear materials to China.
Then, just seven days later on April 21, Amin Yu, 53, was charged in Florida for “acting as an illegal agent” for China and trying to steal sensitive technology, including for unmanned underwater vehicles.
If the tables were turned, and four American spies were caught spying on another country—especially if it were in the course of a few weeks—it would be an international scandal. But with China, the world seems to have gotten somewhat desensitized to its brazen use of espionage.
In fact, only two of the cases were broadly covered by U.S. news outlets.
The unfortunate fact is that there are so many cases of Chinese espionage against the United States—both using cyberattacks and human spies—that they’ve begun to blend in with each other.
Chinese espionage has become the “dog bites man” story, where cases are so common that they’ve lost their shock value. People are no longer surprised by the cases, and so many news outlets seem to gloss over them.
But the importance of these cases is no less significant than it was during the Cold War, and the frequency of spy cases coming out of China isn’t a whole lot different.
The fact is that while China’s use of cyberattacks for espionage has taken center stage, it also has a very large system for conventional espionage—and its spies on both ends will often work together.
The Chinese military’s two main departments for this type of espionage are overseen by its General Staff Department. The cyberattacks are run under its Third Department, which handles signals intelligence (SIGINT); while its human intelligence (HUMINT) operations are carried out by its Second Department.
Epoch Times reported previously that the Chinese regime has between 250,000 and 300,000 soldiers under its Third Department dedicated to cyberespionage. Its Second Department has between 30,000 and 50,000 human spies working on insider operations.
The Chinese military also runs more than 3,200 military front companies in the United States, which are dedicated to theft. The information was revealed by the FBI’s former deputy director for counterintelligence, in a 2010 report from the U.S. Defense Threat Reduction Agency.
MORE:Murder, Money, and Spies Investigative Series
With these numbers in mind, it’s important to point out that even though cases of Chinese espionage (both SIGINT and HUMINT) are regularly exposed, the cases brought to light are just a drop in the ocean compared to the broader picture of what’s taking place.
There is also a lot of overlap between China’s use of cyberattacks and human spies. Sources told Epoch Times in a previous interview that Chinese cyberspies will even at times launch cyberattacks to cover the tracks of spies working as insiders in U.S. businesses and government agencies.
The rationale of using human intelligence operatives was explained well in a previous interview with Jarrett Kolthoff, president of cyber counterintelligence company SpearTip and a former special agent in U.S. Army counterintelligence.
Kolthoff told Epoch Times that Chinese spies are interested in “quantity first, quality second,” and often grab everything they can. He said they look for whatever approach is most effective for reaching this goal, and they “determine that it’s much easier to obtain the information through a rogue insider, or a trusted insider who is working for someone else.”
He said that while the human spy is at work, cyberspies will then launch attacks as a ruse, and this makes it appear the information was stolen through a cyberattack instead of an insider. This prevents the company or agency from searching for the insider spy, and Kolthoff noted “it’s very, very effective.”

Read the full article here

The Chief Information Security Officer (CISO) for a firm that specializes in gaining intelligence on the criminal activities in the darkest corners of the Internet has revealed the existence of private marketplaces run by China’s cyberspies.
Ed Alexander is CISO for the California-based company DBI. In a phone interview, Alexander said these private marketplaces are where many of China’s state-sponsored hackers do their side work and sell stolen data to the highest bidders.
“Their primary allegiance is to China. Their secondary allegiance is to themselves,” said Ed Alexander, Chief Information Security Officer of DBI, in a phone interview.
DBI trains and manages darknet operatives-for-hire, who conduct human intelligence (HUMINT) operations on the Darknet, and Alexander oversees these world’s largest CyberHUMINT teams.
Contrary to reports saying China’s state-run hackers are clumsy and poorly skilled, Alexander said that in the 10 years since his deployment of cyberHUMINT operations, “these are the most sophisticated people I’ve seen.”
Even other nation-state hackers, such as those with the Syrian Electronic Army, he said, “[are] nowhere close to the sophistication of the Chinese.”
The Hidden Internet
There are two sides to the Internet. The part most of us use is called the “Clearnet” or the “Surface Net,” and includes all parts of the Internet that are searchable and readily accessible. The other part of the Internet is the “Deep Web,” which constitutes about 94 percent of the actual Internet and includes all the data that search engines can’t see.
Within the Deep Web, there are hidden websites that can only be accessed using specialized tools, such as The Onion Router (TOR) Web browser. This part of the Internet is called the Darknet, and while it has several benign websites, it is also home to digital black markets such as the “Silk Road,” which sells illegal drugs and firearms.
The part of the Darknet that DBI deals with, however, is deeper still. It gathers intelligence from invite-only and private forums where the real cybercriminal underground conducts its business.
DBI’s approach is in sharp contrast to the new entrant Darknet intelligence start-ups, which only scrape data off the open darknet forums. DBI is the only company offering cyberHUMINT operatives-for-hire, and it is employed by Fortune 500 companies, law enforcement, military, and intelligence agencies worldwide.
Alexander compared the environment on the Darknet to that of a prison gang ecosystem. New people on the Darknet are not seen as being part of the gangs. “They’re just outsiders looking around,” he said, and are always oblivious to the discussions that go on among the organizations running the show.
He said in these communities, DBI sees discussions on which government and business networks are being targeted, which ones have already been breached, and which ones have their data being sold to the highest bidders.
China’s State Hackers
When it comes to the Chinese Darknet, the more public forums are typically used by the less experienced hackers. The marketplaces operated by the state hackers are much more difficult to access.
Alexander said these hackers have told his operatives they’re state sponsored. “They tell us they work for China,” Alexander said.
The Darknet marketplaces used by China’s state hackers use a 3-step, invite-only process for access.
All would-be members need to be proposed by a known member to a site’s admins for approval. Step 2, is to be vouched for by at least 5 known and trusted darknet denizens of echelon status. Finally, every buyer needs to demonstrate they have at least $100,000 of bitcoin in a digital wallet, which the buyer proves they control. Only after passing the vetting process does a new member then get access to shop and interact with other members.
Most of their clients are representatives from nation-states, and Alexander said there are buyers from a surprisingly large number of countries on their markets, including Russia and Iran.
He said the Chinese state hackers will sell to “any country that has enough money to pay them for their services—this is about money,” yet noted they strictly do not sell to representatives from terrorist organizations.
Stolen data for anywhere up to $75,000. Access to a business or government network goes for around $100,000. And if the client wants to hire them to breach a specific target, Alexander said they charge no less than $1 million.
The Chinese hackers run the market as their side business, Alexander said. While breaching networks for their day jobs under the Chinese regime, they’ll often steal additional data they can sell on the black market.
MORE:You’re on File: Exclusive Inside Story on China’s Database of Americans
Chinese state hackers are often viewed as clumsy. During a segment on 60 Minutes in October 2014, FBI Director James Comey said “I liken them a bit to a drunk burglar. They’re kickin’ in the front door, knocking over the vase, while they’re walking out with your television set.”
Information from DBI shows a different picture. The Chinese state hackers breach networks under contract, steal what they were hired to steal, then take anything else they can sell on the side.
He also noted the hackers treat it like a business, noting “they’ll never resell the information.” It seems there is a kind of honor among these thieves.

Read the full article here

An insider in China has revealed to the Epoch Times that he helped build a database that is now being used to handle Americans’ personal information stolen in cyberattacks. 
The FBI revealed on June 4, 2015, that a cyberattack, allegedly from China, stole personal information on close to 21.5 million U.S. federal employees after breaking into the computer files of the Office of Personnel Management (OPM). Subsequent Chinese cyberattacks have also targeted personal data on Americans, including the February 2015 breach of Anthem that stole close to 80 million records.
Speculation began soon after on how the Chinese regime could use the data. A July 2015 report from the Congressional Research Service states “experts in and out of government” suspect the Chinese regime may be building a database on federal employees it could use for espionage.
With a database like this, the Chinese regime can have a systematic roadmap of Americans and their connections, and information it can use to blackmail government employees, recruit insiders as spies, and monitor people who speak out against its policies.
FBI Director James Comey said in a Sept. 10, 2015, hearing on cybersecurity, “There is a significant counterintelligence threat that’s associated” with a nation–state getting hold of the data.
According to the insider, the Chinese Communist Party (CCP) has built the database needed to make use of the massive trove of stolen data. He said that to create the spy database, the CCP brought in a small group of independent software developers from the United States, who worked alongside Chinese security branches to implement the system.
The source requested to have his name withheld, in fear of reprisal from the CCP. Other sources confirmed this man’s identity, and said that he would have access to the kind of information he gave the Epoch Times. In the past, he has provided the Epoch Times with significant information about confidential matters in China that has proven accurate.
(Illustration by Jens Almroth/Epoch Times)
The new system is part of a broader shift in the Chinese regime’s efforts in espionage and social control. With the database, the CCP is now keeping tabs on foreigners in much the same way it has kept tabs on its own citizens, their connections, and their political thoughts.
Chinese spy agencies finished building the system around July 2013. In March 2014, Chinese hackers originally tried, and failed, to breach OPM.
The source said one of the leading organizations involved in the project was the 61 Research Institute, which is one of four known research institutes under the Third Department of the General Staff Department—the branch of the People’s Liberation Army in charge of its military hackers.
The Epoch Times exposed in a previous investigation that the 61 Research Institute is one of the leading organizations behind the CCP’s state-run cyberattacks.
The organization is led by Wang Jianxin, a son of Wang Zheng, who helped establish the CCP’s signals intelligence operations under Mao Zedong.
While the 61 Research Institute’s role in the project ties it to global cyberespionage, the source said many other Chinese domestic security branches were also involved in building the system—including various branches of the police and about six branches of the secret police.
The functions of the spy system, and the departments involved, suggest it will be used not only as a database on foreigners, but also as a system to better monitor Chinese people. The source noted that one of its functions will be to gather information on individuals from all available sources in China, and outside China, that can be used for criminal trials.
“Our intelligence sources corroborate this information,” said Casey Fleming, CEO of BLACKOPS Partners Corporation, which provides cybersecurity intelligence, strategy, and risk reduction to some of the largest companies in the world.
“Our ongoing intelligence gathering shows indication that this database has been in process at least over the last three years—commanded at the highest levels of the Chinese government,” he said in a phone interview.
Big Data Espionage
According to the source, the software used for the database was originally a big data analytics program for smart city measurements, and the CCP altered it for its own uses.

Chinese hackers stole personal information on approxiamtely 21.5 million Americans from the computer files of the U.S. government’s Office of Personnel Management. (Chinamil.com.cn)
What made the software attractive was its powerful functions for gathering information, and showing relationships between data. The source said it was also scalable—enough to hold credentials on every Chinese citizen, and to display everything from their personal data, to data on their family members, relations, and personal background.

The spy database displays data in nodes, which can be displayed by themselves, in relation to other data or events.
The system is capable of ingesting and sorting large amounts of data. The source noted the spy database is even better at this than some open source programs designed for the purpose.
A security service using the system could conduct deep data mining on personal files in the system, to show how individuals relate to one another, even over set timeframes.
The system can also be used to collect data on individuals. The source said it can gather information on people from Chinese security offices, from its own internal database, and from sources abroad, outside the Chinese firewall.
According to the source, getting personal data on foreigners—including Americans—is fairly easy. He said it’s often not necessary for the Chinese regime to use cyberattacks to steal sensitive information.
He said U.S. banks, for example, often hire many people from other countries, and many tech industries do the same. Many of these individuals can be given trusted positions within these companies, and he said it’s not uncommon for some of these individuals to take data out of the companies, and sell it.
It’s not difficult, he said, to create a fairly deep profile on a person using data stolen from just a handful of sources.
The Chinese spy system he helped build, he said, takes this information and organizes it in a form that departments of the Chinese regime can then use—whether it be for industrial espionage, or other purposes.
Fleming said that although the most visible Chinese cyberattacks feeding

Read the full article here

This news analysis was originally dispatched as part of Epoch Times China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article.
 
Targets of major Chinese cyberattacks in 2015 could hint at what industries will be hit this year, according to a new report from cybersecurity company CrowdStrike.
Personal records of more than 22 million U.S. federal employees were stolen from the Office of Personnel Management, in a cyberattack announced in June 2015. It followed another attack on the Anthem health insurance company, where hackers stole close to 80 million records.
Hints at the new direction can be found in the Chinese Communist Party’s 13th Five-Year-Plan, which was released in November 2015 and should be finalized early this year.
“These plans typically provide a roadmap for what China will target using cyber means,” the report states.
The Chinese regime is trying to push out foreign technology, in favor of domestic technology, and is also trying to build a middle class.
“The combination of China becoming increasingly distrustful of western information technology and a desire to promote its own sectors of industrial manufacturing and retail may lead to a gradual tapering off of targeting against these sectors,” the report says.
It says Chinese hackers may instead focus on areas including agriculture, healthcare, and alternative energy, which “China deems crucial to promoting the wellbeing of its growing middle class, and where it has the most technological gaps.”
These would add to the list of industries the Chinese regime has already identified for theft. Under Project 863, Chinese hackers and spies target nine industries including biotechnology, information technology, automation, and telecommunications.
The U.S. Office of the National Counterintelligence Executive said in a 2011 report that Project 863 “provides funding and guidance for efforts to clandestinely acquire U.S. technology and sensitive economic information.”
The Chinese hackers may start broadening their nets as well. Instead of just going after intellectual property, the Crowdstrike report says they may go after basic know-how “such as building native supply chains and administrative expertise.”
I’ve reported previously that Chinese were already going after this type of information. They’re looking at everything from how companies are managed, to how they market their products.
It may now be even more so, however, since the Chinese regime is making a serious effort to push out foreign firms and take the place they once occupied.
MORE:Cyberattack From China Targets Epoch Times and New Tang Dynasty TelevisionCHINA SECURITY: Chinese Electronics Force You to Abide by Chinese Censorship
The report says we may also see some changes—at least in the short term—in how the Chinese hackers operate, since the Chinese regime is undergoing a structural shift, set to be completed by 2020.
Hackers in the Chinese military may see their new positions sooner. The report says, “cyber will likely be a priority due to China’s emphasis on winning informatized wars, meaning that the shift may be observed soonest in that arena.”
In the meantime, it says, some of the Chinese cyberattacks may be carried out by its civilian intelligence agencies and associated contractors—such as the Ministry of Public Security.

Read the full article here

I had the pleasure of speaking at Pace University’s recent Threat Intelligence Forum about what’s really behind Chinese cyberespionage, and I thought it would be useful to replicate that talk here.
There are enough Chinese cyberattacks where it’s fair to say most of us are familiar with the surface picture. There were close to 700 Chinese cyberattacks designed to steal corporate or military secrets in the United States between 2009 and 2014, according to an NSA map released by NBC News.
It’s also important to note the attacks designed for economic theft are only a small piece of the larger picture. Many Chinese cyberattacks are designed to spy on dissidents living abroad, keep tabs on foreign news outlets, spy on governments, or to censor individuals and organizations that are critical of the Chinese regime.
In March, for example, it launched cyberattacks on the anti-censorship website GreatFire.org. In June, it stole 21.5 million background checks from the U.S. Office of Personnel Management on current and former federal employees. In September, the Chinese regime was caught spying on the U.S. government and European news outlets.
The attacks designed for economic theft usually get the most attention—and with good reason. Retired federal prosecutor David Loche Hall explained the economic seriousness of these attacks in his recent book, “Crack99.”
There are 75 industries in the United States identified as intellectual property (IP) intensive, according to Hall. These industries hold 27.1 million American jobs, or 18.8 percent of all employment. Each of these jobs also supports one additional job through the supply chain.
So, when you look at the whole picture, close to 40 million jobs, or 27.7 percent of all employment in the United States, relies on protection of IP. And it’s this IP that the Chinese regime has been stealing with cyberattacks.
Close to $300 billion and 1.2 million American jobs are lost each year to IP theft, according to the Commission on the Theft of Intellectual Property.
“When this innovation is meant to drive revenue, profit, and jobs for at least 10 years, we are losing the equivalent of $5 trillion out of the U.S. economy every year to economic espionage,” said Casey Fleming, CEO of BLACKOPS Partners Corporation, in a previous interview with Epoch Times.
MORE:CHINA SECURITY: China Reaps What It Sows, as Paranoid North Korea Lashes OutCHINA SECURITY: In Cybersecurity, the Chinese Regime Has Become the Boy Who Cried Wolf
BLACKOPS Partners Corporation provides intelligence and cyber strategy to the Fortune 500. He emphasized that to understand the impact of economic theft, you need to look at the full economic life cycle of raw innovation, including trade secrets, research and development, and information for competitive advantage.
Chinese cyberattacks are also a lot different from other cyberattacks, and this is why experts often place them under a different category.
Cybersecurity company MANDIANT wrote in 2010, “These intrusions appear to be conducted by well-funded, organized groups of attackers. We call them the ‘Advanced Persistent Threat’—the APT—and they are not ‘hackers.’ Their motivation, techniques and tenacity are different. They are professionals, and their success rate is impressive.”
It also notes, “… we’ve been able to correlate almost every APT intrusion we’ve investigated to current events within China.”
So, the big question is what’s really behind the APT. To understand this, you need to understand the structure and operations of the Chinese Communist Party’s (CCP) spy departments.
The overt spy operations are mainly carried out by two departments. The United Front Work Department works to expand the CCP’s sphere of influence in foreign communities, while the Overseas Chinese Affairs Office works to monitor Chinese living abroad and manage the CCP’s overseas systems of governance.
These departments are important to mention here because, while their focus is spying on individuals living abroad, their operations are aided by CCP cyberspy operations that can give them intel on targeted groups or individuals.
As an example, if the United Front Work Department was trying to butter up a U.S. senator, the CCP’s cyberspies could give them information from the senator’s emails or background check, which they can then use.
When it comes to cyberattacks for economic theft, most of these are attributed to the Third Department of the People’s Liberation Army General Staff Department. The Third Department runs the signals intelligence (SIGINT) operations of the CCP.
Alongside the Third Department is the Second Department, which runs many of the conventional human intelligence (HUMINT) operations. Then there’s the Fourth Department that handles the electronics intelligence (ELINT) operations.
There is a lot of overlap in Chinese spy operations. Physical spies may help the cyberspies by “accidentally” infecting a computer in a company where they’ve been planted. The CCP’s hackers may also help cover the tracks of an insider by launching a cyberattack to make it appear information was stolen by a cyberattack, instead of by the insider spy.
These departments handle the bulk of the CCP’s spy operations under its military, and they run large-scale operations. The Project 2049 Institute think tank estimated in November 2011 there were 130,000 personnel under the Third Department. Wall Street Journal estimated the department has 100,000 hackers, linguists, and analysts.
Both the above estimates, however, were based on earlier pictures of the Third Department, which said it has only 12 operational bureaus. It’s now known the Third Department has at least 20 operational bureaus.
The CCP’s cyberspies are also divided into three tiers, as was detailed in the 2013 edition of “The Science of Military Strategy,” published by a People’s Liberation Army research institute. The details were outlined in March by Joe McReynolds, research analyst at the Center for Intelligence Research and Analysis.
The first tier of the CCP’s cyberspies are military units “employed for carrying out network attack and defense,” McReynolds said. The second tier are specialists in civilian organizations—including with government offices—that are “authorized by the military to carry out network warfare operations.” The third are groups outside the government and military “that can be organized and mobilized for network warfare operations.”
The Chinese military also runs front companies to aid in these operations. The FBI’s former deputy director for counterintelligence said the Chinese regime operates more

Read the full article here

This news analysis was originally dispatched as part of Epoch Times China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article.
The first U.S.-China dialogue under a new cybersecurity agreement concluded last week—but what was left unmentioned was much more important than what was said.
According to Xinhua, the official mouthpiece of the Chinese Communist Party, the Chinese representatives claimed they identified the individuals who breached the U.S. Office of Personnel Management (OPM), and explained that “the case turned out to be a criminal case rather than a state-sponsored cyber attack as the U.S. side has previously suspected.”
The statement is unlikely to be a surprise to anyone following cybersecurity. The Chinese regime always denies its involvement in cyberattacks, regardless of evidence. Most interesting is that in a statement giving a brief recap of the meeting, the U.S. Department of Justice gave no mention of the discussion on the OPM hack.
In a way, the Chinese regime has become a boy who cried wolf: it has lied so often that many experts—including many U.S. officials—don’t give its claims much weight.
The Washington Post reported that even prior to the cybersecurity meeting from Dec. 1 to Dec. 2, the Chinese regime claimed it “arrested a handful of hackers it says were connected to the breach” of OPM, yet also cited an unnamed U.S. official stating “we don’t know that if the arrests the Chinese purported to have made are the guilty parties.”
“There is a history [in China] of people being arrested for things they didn’t do or other ‘crimes against the state,’” the official said.
The bilateral meeting between the Chinese Minister of Public Security, the U.S. Secretary of Homeland Security, and the U.S. Attorney General was the first under the new U.S.-China cybersecurity agreement, announced by President Barack Obama and Chinese Communist Party leader Xi Jinping on Sept. 25.
The stance brought to the table by the Chinese representatives was likely well in line with what U.S. officials expected.
John Carlin, assistant attorney general for national security, explained during a Dec. 3 presentation that after the U.S. Department of Justice indicted five Chinese military officers in May 2014 for their involvement in state-run cyberattacks, the Chinese regime altered its line on cybersecurity.
The Chinese regime’s initial response, Carlin said, was of “indignant denials.” Just a year later, however, it’s response moved towards one claiming that they also oppose and combat theft of commercial secrets—and other forms of cyberattacks.
The shift in official line seems to chime with the ancient Chinese saying: “It’s the thief who yells ‘stop thief.’”
Of course, there are plenty of reasons why experts would choose to not believe the Chinese regime’s claims that it arrested hackers, or that it had nothing to do with the breach.
The Chinese regime’s state-sponsored cyberattacks have already been deeply exposed. Most of its military hackers operate out of its General Staff Department, Third Department. In July, the Project 2049 Institute think tank even traced one the Chinese hacker units to a government office in Shanghai.
The OPM breach was tied to several other Chinese state-sponsored cyberattacks, which cybersecurity experts dubbed “Deep Panda.” The same hackers who breached the OPM also breached health insurance company Anthem.
MORE:Murder, Money, and Spies Investigative SeriesCHINA SECURITY: China Reins in Its Hacker Army
The stolen private information is being used by Chinese agencies to build a database on Americans. An insider in China detailed this database, and told Epoch Times that the system for big data analytics is based on the same database the Chinese regime uses for spying on its own people.
It is also possible that Chinese officials were telling a half-truth, and that the hackers behind the OPM breach were not officially under the Chinese regime or its military. But, with bit of background on the Chinese cyber army, this still wouldn’t free them from blame.
The Chinese regime revealed the structure of its cyber army in the 2013 edition of its military publication, “The Science of Military Strategy.” Its cyber army has three tiers: the first being specialized military units, the second being specialists in civilian organizations and government agencies, and the third being groups outside the Chinese regime “that can be organized and mobilized for network warfare operations.”

Read the full article here

Rumor has it the Chinese regime will move its cyberwarfare units under a single command structure. Unnamed sources told Bloomberg in mid-October that Chinese cyber units from all departments would be moved under a centralized command under the Central Military Commission.
Changes were allegedly discussed during the Chinese Communist Party’s (CCP) Fifth Plenum, attended by more than 350 top CCP officials, where they lay out the new five-year economic plan.
Bloomberg followed with some interesting analysis, but in my opinion, it missed the mark. First of all, the Chinese regime already has a command structure for its cyber departments, which on the surface—and under proposed changes—is headed by the Central Military Commission. Second, proposals for the new Chinese military structure give a much more complex picture of how its cyber units will be managed.
As things stand now, the CCP’s cyber units are broken into three tiers. The structure, which is already under the Central Military Commission, was detailed in the latest edition of The Science of Military Strategy, published by the top research institute of the People’s Liberation Army (PLA). While the document was released in 2013, details on the cyber structure were only reported in the West in March this year.
At the top of the cyber structure are the specialized PLA military units assigned to attack and defend networks. Next are the specialists in civilian organizations—including the the Ministry of State Security and the Ministry of Public Security—that are “authorized by the military to carry out network warfare operations.” The third tier are groups outside the regime, which presumably include nationalistic hackers (often known as “Patriot Hackers”), that can be called on for cyber operations when needed.
The Central Military Commission is technically in charge of these units, but when it comes to actual power within the PLA, things aren’t that simple.
According to the surface structure, the Central Military Commission heads the General Staff Department, which in turn heads the hacker units under its Third Department. In an investigative report in September, however, Epoch Times revealed that the real power behind the PLA hackers is the 61 Research Department of the Third Department.
The 61 Research Institute is led by Maj. Gen. Wang Jianxin, son of Wang Zheng who pioneered the CCP’s signals intelligence operations under Mao Zedong. Sources told Epoch Times that while Wang’s department is several tiers below the Central Military Commission, he’s an extremely powerful man.
This is where the new structure comes into play. It ties into plans to restructure the entire PLA, and cut 300,000 troops, announced by CCP leader Xi Jinping in early September.
Shortly after the announcement, South China Morning Post—which has been growing increasingly close to the Chinese regime—released an infographic showing a proposal for the new structure.
Under the current system, most of the military is controlled by the Central Military Commission, with some power shared with the State Council through its joint influence over the Ministry of National Defense.
With the new structure, however, a large chunk of military units would be placed under the Ministry of National Defense—which means the State Council would have more of a hand in their operations.
The State Council is technically the government of China, but it’s still controlled by the CCP.
Meanwhile, the unit in charge of the hackers—the General Staff Department—would be given command over three other departments: General Political Department, General Logistics Department, and the General Armaments Department.
In an odd knot, control of those same three departments will be shared under the Ministry of National Defense. And oddly, also under the Ministry of National Defense will be some departments with ties to cyberespionage. Among them are the regional defense and research departments, the National Defense University, the Academy of Military Science, and the National University of Defense Technology.
In other words, the military hackers would officially remain under the Central Military Commission, but departments tied to their operations would be jointly controlled by an office managed by both the Central Military Commission and the State Council.
Keep in mind, these are still just proposals. But it appears the changes aren’t meant to consolidate command of the CCP’s hackers. Instead, it looks like the changes are designed to reign in the hackers by giving the State Council some indirect sway over their actions. Several sources have told Epoch Times that the Chinese regime has trouble controlling finances tied to military hackers, and this has caused forms of corruption that the leadership wishes to stem.
The new system would give the State Council—the highest executive agency in the Chinese state (though of course below the Politburo Standing Committee)—more oversight. This puts the infrastructure for economic theft under the Ministry of Defense, while giving more government oversight over the activities, thus depriving the PLA of some of its autonomy.

Read the full article here