Bloomberg, a magazine apparently resigned to being blocked within China, has published a long article which claims to prove that the Chinese People’s Liberation Army has been hacking targets in the US and elsewhere.
When the New York Times announced in January that it had been the victim of coordinated and sophisticated hacking, many people pointed at the PLA as the likely perpetrators. Now Bloomberg seems to have found a smoking gun of sorts.
Investigators at dozens of commercial security companies suspect many if not most of those hackers either are military or take their orders from some of China’s many intelligence or surveillance organizations. In general, they say the attacks are too organized and the scope too vast to be the work of freelancers. Secret diplomatic cables published by WikiLeaks connected the well-publicized hack of Google to Politburo officials, and the U.S. government has long had classified intelligence tracing some of the attacks to hackers linked to the People’s Liberation Army (PLA), according to former intelligence officials. None of that evidence is public, however, and China’s authorities have for years denied any involvement.
A security researcher who blogs under the name Cyb3rsleuth, traced one hacker through a myriad of forums and online hacker hotspots, eventually identifying the hacker, who went by the pseudonym Eric Charles, thanks to Charles’ side business in black hat SEO and social media promotion (selling fake Twitter followers etc). Eric Charles, according to Cyb3rsleuth, is really Zhang Changhe, a Chinese man from Zhengzhou province.
A Chinese-language search on Google turns up a link to several academic papers co-authored by a Zhang Changhe. One, from 2005, relates to computer espionage methods. He also contributed to research on a Windows rootkit, an advanced hacking technique, in 2007. In 2011, Zhang co-authored an analysis of the security flaws in a type of computer memory and the attack vectors for it. The papers identified Zhang as working at the PLA Information Engineering University. The institution is one of China’s principal centers for electronic intelligence, where professors train junior officers to serve in operations throughout China, says Mark Stokes of the Project 2049 Institute, a think tank in Washington. It’s as if the U.S. National Security Agency had a university.
Bloomberg alleges that Zhang Changhe is linked to a hacking group that has targeted computers all over the world, from “government ministries in Vietnam, Brunei, and Myanmar, as well as oil companies, a newspaper, a nuclear safety agency, and an embassy in mainland China.”
The Chinese government and the PLA have always vehemently denied allegations of hacking. China wouldn’t be the first country to use electronic espionage or cyberwarfare. The Stuxnet virus, discovered in June 2010, was believed to have been developed by the US and Israel to target Iranian nuclear facilities. A series of attacks which swamped computers in South Ossetia, Georgia, and Azerbaijan in 2008 have been linked to the Russian intelligence services.