Return to

March 29, 2018
Notes from the Pentagon

China cyber spy chief revealed
The activities of one of China’s cyber spymasters has been revealed for the first time in a government report on Beijing’s unfair trade practices made public last week.

The role of People’s Liberation Army (PLA) Maj. Gen. Liu Xiaobei, until recently the director of the Third Department of the PLA General Staff known as 3PLA, was disclosed. The Chinese military hacking group has been linked by U.S. intelligence agencies to massive cyberattacks and data theft from the U.S. government, military and private sector for more than a decade.

Gen. Liu’s current status is not known, but 3PLA is now the core unit of a new service-level military organization known as the Strategic Support Force whose main component is called the Cyber Corps. The Cyber Corps also absorbed the PLA’s psychological warfare unit called 311 Base, which conducts information warfare — disinformation and influence activities.

It was the first time the U.S. government publicly identified one of China’s senior military hackers, an indication that he may face U.S. sanctions in the future.

Four years ago, the U.S. government indicted five midlevel PLA hackers who were part of a Shanghai-based group known as Unit 61398.

The Cyber Corps is believed to employ 100,000 hackers, language specialists and analysts at its headquarters in the Haidian District of Beijing. Branch units are located in Shanghai, Qingdao, Sanya, Chengdu and Guangzhou.

The recently published report by U.S. Trade Representative Robert Lighthizer highlights Beijing’s unfair trade practices and reveals that Gen. Liu directed cyberspying operations on U.S. companies during talks with officials from the state-owned China National Offshore Oil Corp. (CNOOC). The investigative report is the basis for Trump administration plans to impose tariffs on Chinese technology products and to curb investment by Chinese firms in the coming weeks.

The detailed report, citing U.S. government information, says CNOOC ordered the 3PLA to spy on several U.S. oil and gas companies engaged in cutting-edge shale gas technology. The report outlines two cases involving U.S. companies that were hacked by 3PLA.

The Chinese military hackers in one case broke into a U.S. company’s network and stole details of its plans for negotiating a deal with CNOOC.

“CNOOC attributed their ultimate success in the negotiation with U.S. Company 1 to the information that CNOOC had received from the intelligence services,” the trade report said without identifying the American company.

The report added that “senior Chinese intelligence officials, including a PLA director, Liu Xiaobei, endorsed the use of the intelligence information” in the talks between CNOOC and the company.

CNOOC also employed the 3PLA in a second case to spy on five U.S. oil and natural gas companies, seeking key data relating to operations, asset management, the movements of senior company officials, shale gas technology, research on lab procedures, fracking technology and fracking formulas.

“These examples illustrate how China uses the intelligence resources at its disposal to further the commercial interests of Chinese state-owned enterprises to the detriment of their foreign partners and competitors,” the report said.

The Chinese are using cyberattacks as part of an industrial policy of supporting science and technology development.

Former Pentagon China specialist Mark Stark in 2015 identified Gen. Liu as 3PLA director, a former deputy director and political commissar of the electronic spying agency often compared to the National Security Agency.

An NSA document made public by renegade former contractor Edward Snowden revealed that 3PLA’s Technical Department is one of the Chinese government’s most aggressive cybertheft actors, with 19 confirmed and nine other possible cyberunits under its command, according to information as of 2013.

The other major cyberspying organization is the Chinese Ministry of State Security, which runs six known and 22 suspected cyberspying units.

China also has seven other Chinese-based cyberattack units that are listed by the NSA as “unattributed” to the Chinese government.

Another leaked NSA document revealed the massive scope and costly damage inflicted by Chinese military cybertheft.

Under the title “Chinese exfiltrated sensitive military technology,” the NSA lists radar design, including numbers and types of modules; detailed jet engine schematics such as the methods used to cool gases; aircraft wing leading and trailing edge treatments on stealth jets; and an aft deck heating contour map.

“Many terabytes of data [have been] stolen,” the NSA stated.

In a Chinese cybertheft operation code-named Byzantine Hades, the NSA in 2013 logged more than 30,000 incidents, 500 of which were described as significant intrusions of Pentagon computer systems. More than 1,600 network computers were penetrated, compromising 600,000 user accounts and causing over $100 million in damage to rebuild networks.

A 2014 report by the CIA-based Open Source Enterprise identified Gen. Liu, 62, as an encryption specialist and director of Technical Reconnaissance Department, another term for the 3PLA. He was born in Hongan County, Hubei province, dubbed the “No. 1 country of generals” for the many famous PLA revolutionary-era generals who hail from there.

In a political propaganda video in 2013 called “Silent Contest,” Gen. Liu said the United States is the main target of Chinese cyberoperations because it is the birthplace of the internet and controls its core resources.

“The U.S. adopted a double standard regarding internet control: Internally, the U.S. implemented tight control, while externally, the U.S. wantonly expanded,” he said. “The U.S. took advantage of its absolute superiority of the internet and vigorously promoted network interventionism in order to reinforce ideological penetration, and it secretly supported hostile forces to create obstructions and conduct acts of sabotage.”

Gen. Liu has accused the United States of trying to subvert Communist Party rule in China through influencing the Chinese public via the internet. He made clear in published interviews that China is engaged in information warfare against America.

“The internet has become a new field and platform for ideological struggle,” he said. “Accordingly, we must not lower our guard; [we] must take control of the commanding height of the internet and maintain both the initiative and discourse power.”

Gen. Liu, in another report, criticized the United States for suborning Chinese academics and targeting the PLA.

“Recalling what the U.S. has done over the past 30 years, whether they win over academics by taking advantage of foundations or affect major decision-makers by utilizing ideological penetration, U.S. actions have enjoyed great success within China’s academic and ideological circles,” he said.

“The last obstacle is China’s military,” he added. “Even if the U.S. cannot disintegrate China’s armed forces or turn China’s military against itself, the U.S. can at least suppress the combat wisdom and willpower of China’s armed forces.”

Speaking of Chinese information thievery, the U.S. trade representative report on Chinese unfair trade practices estimates that Beijing’s intellectual property theft costs Americans $225 billion to $600 billion annually in lost information. The losses are one reason the Trump administration is imposing $50 billion to $60 billion in tariffs on imports from China.

Those tariffs, however, do not cover the additional billions of dollars in losses caused by China’s cyberthefts, administration officials said.

A new report by a commission of the National Bureau of Asian Research bolsters the U.S. trade representative’s report, noting that China is behind 87 percent of all intellectual property theft incidents globally.

“The scourge of IP theft and cyber espionage likely continues to cost the U.S. economy hundreds of billions of dollars a year despite improved laws and regulations,” the report by the Commission on the Theft of American Intellectual Property states.

Sometime this week, a bus-sized Chinese satellite is expected to fall out of orbit and come back to Earth. The impact area of the Tiangong-1 space station is expected to enter the atmosphere sometime from Saturday to Wednesday, and although it is expected to burn up, some pieces may reach the surface. The impact zone covers the entire continental United States. Defense analysts are calling on China to use one of its new anti-satellite missiles to destroy the falling space station to prevent any debris from posing a danger. That was what the Navy successfully did back in 2008 when a nonfunctioning National Reconnaissance Office satellite was destroyed with a modified Navy SM-3 anti-missile interceptor fired from a ship west of Hawaii. By exploding the falling NRO satellite, the blast created smaller pieces — all of which burned up in the atmosphere.

  • Contact Bill Gertz on Twitter via @BillGertz.

  • Return to