NEWS AND ANALYSIS:
U.S. military intelligence has identified a headquarters for a Chinese military hacking unit — inside two Beijing hotels.
According to an open-source intelligence report produced by the Army’s Asian Studies Detachment, “the Headquarters/Jintang and Seasons Hotel appear to be located in the same or at least adjacent buildings, both of which are, according to available information, owned by or connected to the People’s Liberation Army 4th Department.”
The Fourth Department, known as 4PLA, until recently was part of the military’s General Staff Department and is also known as the Electronic Countermeasures and Radar Department. The unit was reorganized into a new PLA service called the Strategic Support Force. The roll of the department is to conduct offensive electronic warfare and information warfare, including offensive cyberattacks.
The electronic and information warfare are among China’s most secret operations, and the location of the headquarters at the hotels appears to be following the strategic dictum of hiding in plain sight.
The 4PLA is considered one of China’s most threatening spy agencies because of its mandate for high-technology warfare and intelligence-gathering.
Its capabilities extend into space and include disrupting enemy communications, navigation and synthetic aperture radar satellites.
“The 4PLA’s cybermission is first and foremost focused on the disruption and denial of enemy computer networks,” according to testimony by John Costello, a former Navy intelligence official, before the congressional U.S.-China Economic and Security Review Commission.
“The targeting necessary to successfully carry out these missions requires the 4PLA to have a strong network surveillance component,” Mr. Costello added. “This operational targeting in both cyber and electronic domains forms the basis of 4PLA’s role as an intelligence service.”
China’s military units have been blamed for the massive hack of 21.5 million records of federal workers from the Office of Personnel Management networks over the last two years. The Justice Department also indicted five PLA hackers in 2014 for cyberattacks against U.S. companies.
The OPM hack was strategically significant because it allows China’s intelligence services to conduct more targeted technical and human intelligence operations against American government personnel, especially those with access to secret information and those in charge of managing government computer networks.
Chinese military hacking very often involves the use of so-called “spear-phishing” cyberattacks — the use of fraudulent emails to trick unsuspecting computer users into loading malware that allows the penetration of large-scale computer systems.
According to the U.S. Army intelligence report, the Fourth Department owns the two hotels in northern Beijing called the Seasons Hotel and Headquarters/Jintang Hotel. The report does not explain why the hotels were used by the Chinese for hacking, although it is likely that it will be used to conduct intelligence gathering. China’s electronic and cyberwarfare intelligence units are considered high-interest targets.
The report highlights how internet searches in the digital age often produce valuable intelligence.
In the case of the 4PLA headquarters, the Army learned about the connection to the PLA from an online posting from 2012 when a customer stated in a review that the Jintang Hotel was “owned by the PLA General Staff 4th department” and, as a result, was much quieter than other Beijing hotels.
Further records’ searches revealed that both hotels are owned by the 4PLA.
A company called Beijing Philisense Technology Co., Ltd. stated in a public Chinese documents that the company was leasing the third and fourth floors of the Seasons Hotel from “People’s Liberation Army (PLA) General Staff 4th Department Hotel, No. 2 Zhixincun, Huayuan Road, Haidian, Beijing.” The lease was signed in 2009 and runs through 2023.
Another public document stated that the 4PLA has leased the first 12 floors of the adjacent hotel to Philisense Technology from 2012 through 2024.
The entire Seasons Hotel is said to be wired for wireless internet access, while the adjacent Jintang/Headquarters Hotel also has wireless connectivity in conference rooms and guest rooms.
The report noted that commercial hotel booking websites offer rooms at both hotels. But the Army tried to arrange for a room stay and found doing so was “largely impossible.” Those seeking rooms through online booking sites were met with error messages or notices that the hotel is no longer open.
All the hotels were observed to be open as of December 2015, a month before the Army report.
Islamic State Targets Indonesia
The Islamic State terror group is increasing its activities in Indonesia, a nation with the largest population of Muslims in the world.
According to a report by the State Department’s Overseas Security Advisory Council, a public-private partnership, security authorities are detecting more activities by Islamic State.
“Recent comments by the Indonesian chief of police indicated that the number of terrorism-related offenses handled by the country’s security personnel in 2016 was more than double that of the previous year,” the report said, noting five terrorist attacks in 2016 with as many as 15 other planned attacks thwarted by counterterrorism operations.
“Authorities attribute the rise in terrorist related activity to the Islamic State in Iraq and the Levant’s (ISIL) efforts to conduct attacks around the world to distract attention from its mounting losses, and suggest that it is likely to persist for the foreseeable future,” the report said.
Indonesian National Police Chief Tito Karnavian said last month that 170 suspected terrorists were captured by security personnel in 2016. By contrast, 82 terror suspects were arrested in 2015.
“Of the 170 cases, 40 militants were sentenced, six were returned to their families, 36 are facing trial, 55 are being investigated and 33 were killed in clashes with authorities,” the report said.
Five terrorists were killed in December during investigations into plots targeting the Christmas and New Year’s holidays.
Among the Islamic State-related terror attacks in Indonesia, eight people, including four militants, were killed in a January 2016 attack on a shopping area in downtown Jakarta, the capital. It was the first terror attack in Jakarta since 2009.
In July, a failed suicide bombing against a police station left a motorcycle-riding terrorist dead but caused no other casualties.
All five attacks were linked to the pro-Islamic State group Jemaah Anshorut Daulah, known as JAD, that surfaced in 2015 out of several extremist groups. It is believed to be led by Aman Abdurahman. The increase in terrorism in Indonesia also appears linked to the activities of Syrian-based Indonesian terrorist Bahrun Naim.
The report said recent evidence uncovered during counterterrorism investigations indicates the terrorists’ capabilities are evolving toward the use of more lethal explosives for possible use in rice-cooker bombs — like those used in the Boston Marathon bombings.
“Despite the continued disruption of extremist plots by Indonesia’s capable counterterrorism authorities, the possibility of isolated extremist attacks is unlikely to disappear anytime soon,” the report said. “This may be particularly true as possible Indonesian foreign fighters find it more difficult to travel to Iraq and Syria and instead are encouraged by Southeast Asian foreign fighters to conduct attacks at home.”
The report warned U.S. government and private-sector personnel to use caution while traveling to Indonesia, to avoid demonstrations and to be wary of shopping malls, nightclubs, bars, restaurants and houses of worship.
• Contact Bill Gertz on Twitter at @BillGertz.