“If you directly work for the government, there could be secret projects or secret missions,” the hacker said.
However, government jobs are usually not well-paid or prestigious, and most skilled hackers prefer working for security companies that have cyberdefense contracts, as V8 Brother does, he and others in the industry say.
Self-trained, the hacker teamed up with China’s patriotic “red hackers” more than a decade ago. Then he began working for cybersecurity companies and was recently making US$100,000 a year, he said.
V8 Brother said this cyberworld was so arcane that senior Chinese officials did not know details about computer work at government agencies.
“You can’t even explain to them what you’re doing,” he said. “It’s like explaining computer science to a construction worker.”
In Washington, officials criticize what they consider state-sponsored attacks. The officials say intrusions against foreign governments and businesses are growing, and the Pentagon this month accused the Chinese military of attacking US government computer systems and defense contractors. The administration of US President Barack Obama, which itself has ordered cyberattacks against Iran, has made cybersecurity a priority in talks with China.
The Chinese Ministry of Foreign Affairs says China opposes hacking attacks and is itself a victim.
The furor in Washington intensified in February after the New York Times and other news organizations published details of hacking efforts against their own networks and the findings of a report by a cybersecurity company, Mandiant. The report said a shadowy group within the PLA, Unit 61398, ran a formidable hacking and espionage operation against foreign entities out of a building on the outskirts of Shanghai.
In China, the unit is just one part of the complex universe of hacking and cybersecurity. And the military units are not a well-kept secret. At least four former employees of Unit 61786, responsible for cryptography and information security, have posted resumes on job-search Web sites listing employment in the unit.
Another job seeker reported employment in Unit 61580; the unit has engineers specializing in “computer network defense and attack,” according to the Project 2049 Institute, a nongovernmental organization in Virginia that studies security and policy issues in Asia.
Members of Unit 61398, the bureau mentioned by Mandiant, have written several papers on hacking and cybersecurity with professors at Shanghai Jiaotong University, which has a prominent information security department. Across China, the universities labeled jiaotong (交通) — meaning communications — are taking the lead in building cybersecurity departments. The military recruits at the universities and runs its own training center, the PLA Information Engineering University, in Zhengzhou.
However, cybersecurity experts in China say the schools often churn out students who know theory, but lack practical skills. That could explain why many Chinese hacking attacks that have been discovered do not appear very sophisticated.
US cybersecurity experts say attacks from Chinese groups often occur only from 9am to 5pm Beijing time. And unlike, say, the Russians, Chinese hackers do not tend to cloak their movements, said Darien Kindlund, manager of the threat intelligence group for FireEye, a cybersecurity firm based in Milpitas, California.