On China’s Twitter, Discussion of Hacking Attacks Proceeds Unblocked

As The New York Times reported yesterday evening, U.S.-based cybersecurity firm Mandiant has just released a deeply troubling report called “Exposing One of China’s Cyber Espionage Units.” The report alleges wide-spread hacking sponsored by the People’s Liberation Army, which is controlled by the Chinese Communist Party. The report states, “Our research and observations indicate that the Communist Party of China is tasking the Chinese People’s Liberation Army [PLA] to commit systematic cyber espionage and data theft against organizations around the world.”

In particular, the report fingers the PLA’s General Staff Department’s Third Department, Second Bureau—also called Unit 61398—as the main source of such attacks. Mandiant describes the difficulty of finding online references that link Unit 61389 to the Chinese Government.

This does not mean, however, that one cannot read Chinese language discussion of Unit 61398. Tea Leaf Nation recently conducted searches for terms related to the Mandiant report on Sina Weibo, China’s pre-eminent social media discussion platform, and found them all unblocked. These included “Mandiant,” “61398,” Chinese terms for the PLA units found to lie behind the hacking (“61398部队,” “总参二局,” and “总参三部二局”), and words referring to particularized Mandiant terms, such as “Comment Crew” and “Apt1.”

Source: Mandiant.

China’s Defense Department promptly replied that it “has never supported any hacking activities,” further stating that “hacker attacks are a global problem. Like other countries, China also faces a serious threat from cyber attacks, and is among the world’s major victims of hacker attacks.” A number of mainstream Weibo outlets carried the news, including China Central Television, or CCTV (@央视新闻), China News (@中国新闻网), and Breaking News (@头条新闻). On China’s frequently censored Internet, the current state of play likely reflects a calculation by Chinese authorities that it is better to begin with a public challenge to the Mandiant allegations, perhaps allowing online discussion in order to glimpse how grassroots Web users react to the official argument.

Among several hundred aggregate reactions to the Mandiant report, an outline of preliminary grassroots reaction could be clearly discerned.

Perhaps unsurprising in a country where the state remains heavily involved in its media, many commenters evinced a monolithic conception of the United States that linked Mandiant, media outlets, and the U.S. government. In particular, users responding to the CCTV post took a negative tack toward the U.S., telling the “yankees” that “America is always turning a little mirror towards others, and never towards itself!” Others felt that turnabout was fair—or necessary—play. One wrote that the U.S. “has been openly seeking top hackers; [it's] China that has been timid.” Another commented, “China has far more people, American technology is better. In an online war, it would be 100 on 1.”

But the domestic perception of China as an underdog remains, and many simply found it sensible for China’s PLA to employ hackers. One wrote, “These days, can an army without hackers even be called an army?” Another observed that hackers were “today’s special forces.” One user cast hacking as a fact of life: “Where there’s an Internet, there will be hackers.” Another commented that “hacking attacks have long been a method used by every country.”

One user sought to put the matter in historical context: “I think the U.S. hyping online warfare is like [President] Reagan’s Star Wars [missile defense] program, which was the final straw that broke the Soviet economy.” The user compared pursuing online warfare to an arms race in space: “China knows it can’t beat the U.S., but it cannot remain uninvolved.”

Commenters appeared split on whether to be proud or ashamed at the news. One said it was a “loss of face” that the unit had been discovered; another was “proud, but [does] not believe it.”

As always, Weibo users fancied themselves sleuths. One user astutely noted that there appeared to be a white license plate or two in the New York Times photograph of the Shanghai apartment building from which Mandiant believes many Chinese cyber attacks originate. Chinese Web users are keenly aware that a white plate connotes PLA affiliation. In addition, a number demonstrated the Chinese Web’s enduring fascination with Lanxiang (蓝翔), a school in Shandong province. As Tea Leaf Nation reported on January 31, although Lanxiang bills itself as a vocational school and “advertises tirelessly on local television as the training grounds for future tractor drivers, chefs, auto repairmen and hair dressers,” Chinese Web users have continued to believe that Lanxiang doubles as a training ground for elite hackers.

Despite the evident lack of heavy censorship at this early stage, the volume of commentary on this issue has thus far remained thin. While Chinese cyber attacks are deeply troubling to Americans, Chinese Web users must remain constantly aware of authorities monitoring, and sometimes deleting, their own words. In this respect, hacking—or its cousin, censorship—is a fact of life for China’s online citizens. That perhaps explains why some users drew an explicit, if humorous, line between hackers and censors. Using the incisive gallows humor so common on the Chinese social Web, one user wrote, “It’s a rumor! We don’t call them ‘hackers,’ we call them ‘Sina’s little secretaries,’” slang for Sina’s in-house censors. To one commenter, it actually showed “progress” if the PLA was in fact hacking the U.S.; “Before, the army was only able to oppress Chinese people.”