People’s Liberation Army hackers: they’re just like us.
As noted by IT security firm Mandiant, and detailed in a new article by The Los Angeles Times, a blogger calling themselves “Rocy Bird” had posted several hundred blog entries over a three-year period about life as a Chinese military hacker.
It wasn’t the most exciting existence. He worked a normal workday—8 A.M. until 5:30 P.M., unless some project required late hours—and lived in a dorm. He dined often on instant noodles and enjoyed the television series “Prison Break.” He spent lots of time online, even when off the clock. And like millions of people all over the world, he disliked many aspects of his job.
“What I can’t understand is why all the work units are located in the most remote areas of the city,” the hacker, who the Times identified as having the family name Wang, wrote in a portion of a blog posting reprinted by the paper. “I really don’t get what those old guys are thinking in the beginning. They should at least take us young people into consideration. How can passionate young people like us handle a prison-like environment like this?”
During the workday, the hacker did everything from writing viruses to tinkering with existing Trojan horses, but didn’t find the job all that fulfilling: “My only mistake was that I sold myself out to the country for some minor benefits and put myself in this embarrassing situation.” The blog ran from 2006 until 2009, a year after he reportedly quit his job.
Hacking wasn’t just embarrassing for Wang; a number of U.S. companies and government entities have taken quite a bit of flak for cyber-security breaches over the past few years. Back in February, Mandiant issued a much-publicized report that drew connections between a hacker group behind many of those attacks and the Chinese military.
“Mandiant continues to track dozens of APT [Advanced Persistent Threat] groups around the world; however, this report is focused on the most prolific of these groups,” read part of that report. “We refer to this group as ‘APT1’ and it is one of more than 20 APT groups with origins in China.” The report claims that APT1, which has been operating since at least 2006, “is believed to be the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department,” also known as Unit 61398.
Unit 61398 is located in a 12-story building on Datong Road in Gaoqiaozhen, in the Pudong New Area of Shanghai. The blogging hacker indicated that he worked in Shanghai, although the Times didn’t mention whether he was working for Unit 61398.
“Since 2006, Mandiant has observed APT1 compromise 141 companies spanning 20 major industries,” that report continued. “APT1 has a well-defined attack methodology, honed over years and designed to steal large volumes of valuable intellectual property.” APT1 has the ability to access victim networks for an average of 356 days, stealing terabytes of compressed data during that period. Information stolen by the group includes manufacturing procedures, business plans, policy positions and analysis, emails of high-ranking employees, user credentials, and product development and use; however, Mandiant lacked evidence that would indicate who was receiving all that information.
Whoever was siphoning away all that data, chances are good that they hated their dull, workaday job.