- The Washington Times - Wednesday, August 24, 2011


Chinese computer hackers, some linked to the military, engaged in an aggressive international campaign of electronic espionage through the Internet from 2003 through at least 2009, according to documents obtained by Inside the Ring.

The electronic spying campaign targeted large amounts of data and information from U.S. government and private sector networks, as well as from the French and German governments, other states and international organizations.

The documents, labeled “secret,” provide some of the first details to be made public on Chinese cyberspying and reveal a U.S. government program to monitor and halt the activity that was code-named “Byzantine Hades.”

A State Department cable dated April 2, 2009, states that Byzantine Hades activity appeared linked to the Chinese military in Chengdu. The cable was a department Diplomatic Security Bureau report that discussed the findings of Canadian security researchers, who dubbed the worldwide Chinese intrusions “GhostNet.”

The researchers identified four Internet domains that “were involved in Byzantine Hades intrusion activity in 2006,” the cable says.

“Subsequent analysis of registration information also leads to a tenuous connection between these hostile domains and the People’s Liberation Army [PLA] Chengdu Military Region First Technical Reconnaissance Bureau [TRB].”

The disclosure is the first official U.S. government report linking global computer hacking to China's military.

According to the cable, a Chengdu hacker named Chen Xingpeng was linked to the PLA Technical Reconnaissance Bureau, which also is called the Military Unit Cover Designator 78006.

The cable says there was no official link between Byzantine Hades spying and the PLA reconnaissance bureau, but noted “much of the intrusion activity traced to Chengdu is similar in tactics, techniques, and procedures to BH activity attributed to other PLA [Technical Reconnaissance Bureaus].”

The link between Mr. Chen and the Chinese military “further emphasizes the idea that this clandestine ‘cyber-spying’ network may in fact be a state-sponsored intelligence-gathering operation,” the cable says.

The documents were first disclosed by the Reuters news agency.

Further signs of China’s Byzantine Hades activities surfaced in the past two weeks in a report by the McAfee computer security firm, which dubbed unidentified computer intrusions in more than 71 networks “Shady Rat.”

The McAfee report did not name China in the computer attacks, but other experts said all indications pointed to Beijing’s involvement and methods similar to those used in the government’s Byzantine Hades intelligence.

A Nov. 5, 2008, State Department cable disclosing international talks in Berlin on cyber-espionage also provide new details of Byzantine Hades computer strikes.

Story Continues →