Strategy Page points out that it’s not just American and allied secrets that have been exposed by WikiLeaks:
Chinese Cyber War units have been plundering foreign government and military online data for over five years now. But thanks to Wikileaks, and several other sources, the identity and location of the main Chinese Cyber War operation is now known. The Chinese Chengdu Province First Technical Reconnaissance Bureau (1st TRB) is a Chinese Army electronic warfare unit located in central China (Chengdu), and is the most frequent source of hacking attacks traced back to their source. The servers used by the 1st TRB came online over five years ago, and are still used. The Chinese government flatly refuses to even discuss the growing pile of evidence regarding operations like the 1st TRB.
The 1st TRB is part of the Chinese Army’s Third Department, which is responsible for all sorts of electronic eavesdropping. But given the praise showered on the 1st TRB, a lot of valuable data has apparently been brought to Chengdu, and then distributed to the appropriate industrial, diplomatic or military operations. The hacking operation has been so successful, that it has obtained more staff and technical resources. As a result, in the last five years, detected hacking attempts on U.S. government and corporate networks has increased by more than six times. Most of these hacks appear to be coming from China. Not all the hacking is done by 1st TRB personnel. A lot of it appears to be the work of Chinese freelancers, often working for pay, but sometimes just to “serve the motherland.”
Reuters has a special report on “Byzantine Hades”:
According to U.S. investigators, China has stolen terabytes of sensitive data — from usernames and passwords for State Department computers to designs for multi-billion dollar weapons systems. And Chinese hackers show no signs of letting up. “The attacks coming out of China are not only continuing, they are accelerating,” says Alan Paller, director of research at information-security training group SANS Institute in Washington, DC.
Secret U.S. State Department cables, obtained by WikiLeaks and made available to Reuters by a third party, trace systems breaches — colorfully code-named “Byzantine Hades” by U.S. investigators — to the Chinese military. An April 2009 cable even pinpoints the attacks to a specific unit of China’s People’s Liberation Army.
Privately, U.S. officials have long suspected that the Chinese government and in particular the military was behind the cyber-attacks. What was never disclosed publicly, until now, was evidence.
U.S. efforts to halt Byzantine Hades hacks are ongoing, according to four sources familiar with investigations. In the April 2009 cable, officials in the State Department’s Cyber Threat Analysis Division noted that several Chinese-registered Web sites were “involved in Byzantine Hades intrusion activity in 2006.”
