The Third Department: China’s Secret Elite Cyber Warriors

0
341
credits to owners

Many won’t be familiar with ‘The Third Department of People’s Liberation Army’. Many became aware of it when five PLA officers were indicted for cyber espionage by US agencies. The officers were allegedly part of the Third Office of the PLA General Staff Department(GSD) Technical Reconnaissance Department(alternatively known as the Third Department).

The Third department of PLA is responsible for intercepting foreign military communications and producing the necessary intel for PLA. They have the biggest SIGINT (Signal Intelligence) network in the Asia-Pacific region. The network includes widely spread Ground Stations, dozens of naval vessels, airborne systems, and Ground vehicles.

Possible HQ of the Third Dept in Beijing. Credits in pic

They are not subjected to any jurisdiction of any military setup and is a separate entity. In fact, The Department of the General PLA is not under other PLA units and have full autonomy in budget, personnel composition and internal working.

Several elements of the Third Department were identified by western as involved in countless cyber attacks on foreign networks. Chinese government has however declined the allegations ever since. Technical Reconnaissance Bureaus of the Third Department leads these attcks on foreign networks in an attempt to cripple the network or steal trade or military secrets. With a total of 12 TRBs working, each have specific roles to tackle.

List of all TRB in China, Credits in pic
  • First Bureau (Unit 61786): Located in Northwestern Beijing. The bureau‘s mission appears to include decryption, encryption, and other information security tasks.
  • Second Bureau (Unit 61398 ): Offices concentrated in and around Shanghai. Specifically targets US and Canada. Emphasizes on political, economic and military intel.
  • Third Bureau (Unit 61785 ): HQed in Southern Beijing. Dispersed offices. Focuses on front end collection of line of sight radio communications, including border control networks, as well as direction finding, and emission control and security.
  • Fourth Bureau (Unit 61419): HQed in Qingdao. Focused on Japan and South Korean activities. Has trained linguists to intercept data.
  • Fifth Bureau (Unit 61565): HQed in Beijing’s Daxing district. Focused on Russian activity.
  • Sixth Bureau (Unit 61726): HQed in Wuhang’s Wuchang district. No info on activity.
  • Seventh Bureau (Unit 61580): HQed in Beijing’s Northwestern district. Studies conducted on US network models. Bureau engineers specialize in computer network defense and attack.
  • Eighth Bureau (Unit 61046): HQed in Beijing’s northwest suburbs. Several trained linguists are employed. Possible focus on Europe and even the rest of the world.
  • Ninth Bureau :Third Department‘s primary strategic intelligence analysis and database management bureau. Possible involvement in large scale database management.
  • Tenth Bureau (Unit 61886): HQed in Beijing’s Northwest suburb of Shangdi. Focuses on Central Asia and Russia. Other missions include missile tracking, telemetry, nuclear testing etc.
  • Eleventh Bureau (Unit 61672): HQed in Malianwa community of Beijing. Induction of Russian linguists suggest Russia related missions.
  • Twelfth Bureau (Unit 61486); HQed in Shanghai’s Zhabei’s district. Involved in satellite communications, and space based SIGINT extraction. They were identified working with Chinese satellite programs.
PLA has several of these Ground stations scattered across its vast land employed for SIGINT missions.

Even though it’s main function is SIGINT extraction, employees are trained in foreign languages and send for foreign ops. With approximately 20,000+ employees, most of their linguists are trained at the Luoyang Institute of Foreign Languages. Other key elements which support the role of The Third Department are:

  • 56th Research Institute: also known as Jiangnan Computer Technology Research Institute, has serious R&D in performance computing. They have access to some of the fastest supercomputers and has invested in high speed computing.
  • 57th Research Institute: Responsible for development of communication intercept and signal processing systems. Also known as the Southwest Institute of Electronics and Telecommunications Technology, and focuses on satellite communication technology.
  • 58th Research Institute: a.k.a Southwest Automation Research Institute (SWAI). Focused on cryptology and information security technology.
FBI included 5 PLA officers in their wanted list, who were the masterminds behind cyber attacks on US servers, Credits: FBI

Since very little info is available on the agency, their role in active duty cannot be predicted. However several western Cyber security firms have identified them as being behind many malware and DoS (Denial of Service) attacks cyberworld has seen recently. This could also mean that Chinese hackers were behind the latest Ransomware attack which sweeped the globe and took a toll on India too.