Evidence of China’s state-supported hacking grows

September 24, 2015, 2:57 PM UTC
Silhouette of male hand typing on laptop keyboard at night
Photograph by Rafe Swan—Getty Images/Cultura RF

It is growing far more difficult for China’s leaders to deny that a computer hacking campaign against U.S. business and interests has ties to China’s government.

“Cyber theft of commercial secrets and hacking attacks against government networks are both illegal; such acts are criminal offences and should be punished according to law and relevant international conventions,” China president Xi Jinping told the Wall Street Journal in a written interview before his visit to the U.S. this week.

Since then, a new report has drawn direct connections between China’s People’s Liberation Army and a hacking operation of U.S. allies in the South China Sea.

The Wall Street Journal reported today about a hacker named Ge Xing:

Through accounts allegedly tied to Mr. Ge, the report draws a direct link between his unit, People’s Liberation Army Unit 78020, a military intelligence arm based in China’s southwest, and a hacker collective known as Naikon that security researchers say has successfully penetrated key computer networks in countries competing with China for control over the South China Sea.

The account was based on new research from cyber defense firms ThreatConnect and Defense Group, which focuses on the PLA’s Unit 78020 and details China efforts targeting nations that also claim territory in the South China sea. The reseachers say that PLA unit 78020 targets military, diplomatic and economic targets throughout Southeast Asia and governments including Cambodia, Indonesia, Malaysia, the Philippines, Thailand and Singapore.

We assess Unit 78020’s focus is the disputed, resource-rich South China Sea, where China’s increasingly aggressive assertion of its territorial claims has been accompanied by high-tempo intelligence gathering. The strategic implications for the United States include not only military alliances and security partnerships in the region, but also risks to a major artery of international commerce through which trillions of dollars in global trade traverse annually.

The new reports follow previous accounts linking the PLA to hacking operations. A 2013 investigation in Bloomberg Businessweek tracked a hacker named Zhang Changhe to his teaching job at a PLA University in central China.

A Chinese-language search on Google turns up a link to several academic papers co-authored by a Zhang Changhe. One, from 2005, relates to computer espionage methods. He also contributed to research on a Windows rootkit, an advanced hacking technique, in 2007. In 2011, Zhang co-authored an analysis of the security flaws in a type of computer memory and the attack vectors for it. The papers identified Zhang as working at the PLA Information Engineering University. The institution is one of China’s principal centers for electronic intelligence, where professors train junior officers to serve in operations throughout China, says Mark Stokes of the Project 2049 Institute, a think tank in Washington. It’s as if the U.S. National Security Agency had a university.

On Tuesday, China President Xi told a group of U.S. and Chinese business CEOs that “the Chinese government will not engage in commercial theft or encourage or support such theft by anyone.”

Following such recent reports of PLA-affiliated hacking and the U.S. indictments last year of five Chinese nationals, officers serving in the PLA accused of hacking Westinghouse Electric Co, Service Workers International Union and Alcoa among other business interests, Xi’s statements are unlikely to convince his American hosts that China is anything but fully engaged in hacking.


Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.