Monthly plan to access Budget

Journalism of Courage

Explained: The nature of the cyber security threat from China

The working of the authoritarian regime in which the communist party, government, and military, as well as the worlds of business and academia are closely linked, provide a unique advantage to Beijing compared with democracies around the world.

china is watching, china hybrid warfare, china spying, india china news, india china border dispute, indian expressA Chinese national flag flies from a ferry. (Bloomberg Photo: Qilai Shen)

The Indian Express’s ‘China is Watching‘ investigation has spotlighted an elaborate operation by a Shenzen-based technology company with links to the government in Beijing and the Chinese Communist Party, to keep tabs on a very large number of individuals and entities in India.

The company, Zhenhua Data Information Technology Co. Limited, calls itself a pioneer in using big data for “hybrid warfare” and the “great rejuvenation of the Chinese nation”.

China’s authoritarian government, ruling party, military, and many private companies frequently operate as a giant, coordinated operation, of which countries around the world are targets.

When did China’s People’s Liberation Army (PLA) step into the field of cyber warfare?

Subscriber Only Stories

It was soon after the Gulf War of 1991 that the Chinese realised that the days of conventional warfare were rapidly coming to an end. Pavithran Rajan, a former Indian Army officer and information warfare expert, who has authored ‘Engaging China: Indian Interests in the Information Age’, says the Chinese understood that American technology was far ahead of them. “They analysed that if they get into the ICT (information and communications technology), they could leapfrog a couple of generations and get ahead. This decision also coincided with China turning into the electronics factory of the world.”

In 2003, the Central Committee of the Chinese Communist Party and China’s Central Military Commission officially approved the concept of “Three Warfares”, comprising psychological, media, and legal warfare. “It was then decided at the highest levels that the PLA should be an army ready to fight a war in the information domain by 2020,” Pavithran said. Soon, the PLA began to set up intelligence units dedicated to cyber operations.

📣 Express Explained is now on Telegram. Click here to join our channel (@ieexplained) and stay updated with the latest


When did the world discover the PLA’s commitment to cyber warfare?

In February 2013, the Alexandria, Virginia-headquartered American cyber security firm Mandiant published a report that blew the lid off China’s cyber espionage operations.

The Mandiant report documented evidence of cyber attacks by PLA Unit 61398, whose exact location and address in Pudong, Shanghai, the report revealed.


Unit 61398 is the ‘Military unit Cover Designator’ (MuCD) of the PLA’s Advanced Persistent Threat (APT) unit that has been accused of several computer hacking attacks.

“We refer to this group as “APT1”, and it is one of more than 20 APT groups with origins in China,” the Mandiant report said. “APT1 is a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2006. From our observations, it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen.”

According to the Mandiant report, APT1 had stolen billions of terabytes of data from 141 companies across 20 major industries.

“APT1”, the report said, “is believed to be the 2nd Bureau of the People’s Liberation army (PLA) General staff Department’s (GsD) 3rd Department, which is most commonly known by its Military unit Cover Designator (MuCD) as unit 61398. The nature of “Unit 61398’s” work is considered by China to be a state secret; however, we believe it engages in harmful “Computer Network Operations”. Unit 61398 is partially situated on Datong Road in Gaoqiaozhen, which is located in the Pudong New Area of Shanghai. The central building in this compound is a 130,663 square foot facility that is 12 stories high, and was built in early 2007. We estimate that Unit 61398 is staffed by hundreds, and perhaps thousands of people.”

The report also said Unit 61398 requires its personnel to be trained in computer security and network operations, and to be proficient in English.

What was the reaction to these revelations?


Former Northern Army Commander Lt Gen D S Hooda (Retd), who after retirement, headed a panel that called for setting up specialised information warfare units, said that in 2014, the United States government discovered that a Chinese unit had hacked into the Office of Personnel Management, a unit of the federal government, and taken out records of 21 million people. Around 4 to 5 million of these people worked for the US military, and included CIA agents.

“The hackers got hold of 127 page forms, listing every detail of the individual official. This was one of the biggest hacks of classified personnel documents,” Gen Hooda said.


The US Department of Justice under President Barack Obama indicted five PLA officers by name for cyber crime. The names and photos of the officers were released, and they were accused of hacking and stealing information from several companies. “It was for the first time that the US took such a step against a foreign power,” Pavithran said.

What is the nature of the civil-military fusion that China encourages?


According to Pavithran, China started a policy of weaponising its existing manufacturing capability of civilian products for military purposes by leveraging the control over any instrument by the original equipment manufacturer (OEM).

Most mobile phones, for example, are equipped with a ‘soft’ rather than a ‘hard’ switch, Pavithran said: “This means that even if you switch off the phone, the sensors inside continue to feed data to the cloud. Entire populations can be monitored with this control.”

China’s long experience of keeping its own people under surveillance has contributed to its expertise in individual surveillance, Gen Hooda said. “They know how to mine this data.”

According to Pavithran, the Chinese use this information for kompromat, a Russian term for any information that can compromise a person, and which can therefore, be used to blackmail him/her.

Gen Hooda said that in 2017, China passed a law under which all Chinese companies were supposed to assist the country’s intelligence-gathering operations. “They cannot say no. Besides there is a close link among the civil, military establishment and academia in China.”

Don’t miss from Explained | As China, Nepal tensions rise, how Uttarakhand is upgrading defence infra on the border

Specifically, what are the military implications of this fusion?

China, Pavithran said, has graduated from being a force ready to fight information warfare to a force equipped for ‘intelligentised’ warfare. “They have managed to weaponise their appliances all over the world.”

This cyber prowess, he said, gives the PLA the ability to identify key personnel and directly target them in kinetic warfare.

First published on: 15-09-2020 at 19:07 IST
Next Story

TS ICET admit card to be released on September 24, exam from September 30

Next Story