The People's Liberation Army hackers at the center of U.S. allegations of government-led Chinese cyber-theft work in a cluster of buildings that are easy to ignore among Shanghai's skyscrapers.
The U.S. Justice Department on Monday indicted five Chinese military officers on charges they hacked into the computer networks of U.S. companies and stole commercial secrets. It linked all of them to PLA Unit 61398 in Shanghai.
China's government responded that the indictment is based on fabricated information and it suspended certain cooperation with the U.S. government on Internet security. Beijing also issued accusations of U.S. cyber-attacks on Chinese interests in the past two months.
The Justice Department's statement didn't specify the PLA unit's address in Shanghai.But last year, Virginia cybersecurity firm Mandiant Corp. pinpointed Unit 61398's location to a residential-industrial section of Shanghai's Pudong district, about 15 kilometers from its familiar skyline.
A white, 12-floor building with dark rectangle windows is the tallest structure in a particularly restricted area within the PLA base that is inaccessible to outsiders but easily visible from the street. The location is out-of-the-way: incongruently at the edges of hulking riverside facilities of China Petroleum & Chemical Corp. with pipelines snaking across the road and of a more tranquil Netherlands-inspired property development called Holland Village that includes a windmill.
This isn't a section of Shanghai that Chinese officials show off to foreign dignitaries.
A karaoke bar stands across the street from the army unit and auto repair places are to its back, where a red star is affixed to the central building. Other buildings in the area include signage and flags that suggest military links but lack the heavy security.
The central building housing Unit 61398 is seven years old, according to the study of its operations published last year by Mandiant. Like the U.S. government, the security firm said the unit is involved in Internet theft and its report names at least one of the alleged perpetrators who were indicted.
In its report, Mandiant estimated that 'hundreds, and perhaps thousands' of people work in Unit 61398, based on the physical infrastructure it found as described in public records in China, such as construction documents. The report cited evidence that internet provider China Telecom runs a defense-related fiber-optic cable infrastructure to the unit. Key personnel must master English to work there, as well as have training in computer security and network operations, Mandiant said citing records and reports employees themselves posted online.
The report said logistical operations that support the unit, including a clinic and kindergarten, are amenities 'usually associated with large military units or units at higher echelons.'
Little of this can be assessed from a quick look, of course.
The main building rests on a small hill. Darkened windows make it tough to see inside. The roof has least three satellite dishes.
On the wall topped by a steel fencing that surrounds the primary facility, posters show soldiers and tanks -- plus signs in English reminding, 'Restricted Military Area No Photography.' Still, standing inside the front gate on Tuesday was a photographer and another with a video camera -- apparently security personnel -- who appeared to be in radio contact with soldiers dressed in camouflage patrolling the perimeter and who trained their lenses at a reporter's car as it passed.
Agence France-Presse/Getty Images一位行人从一幢12层大楼旁走过。网络安全公司Mandiant发布的一份报告说这幢楼是有中国军方背景的一个黑客组织的基地。
在这个解放军基地内，最高的建筑物是一幢装有黑色长方形玻璃的12层白色大楼，外人不得入内，但是从街上很容易看到这幢大楼。它的地点很偏，位于中国石油化工股份有限公司(China Petroleum & Chemical Co.)沿河厂房的边缘，管道穿过道路，旁边是一个安静的荷兰风情楼盘，叫荷兰新城(Holland Village)，里面还有一个风车。
主要设施周围有围墙，围墙上装着铁栏杆，墙上的招贴画画着士兵和坦克，还有英文警示语“Restricted Military Area No Photography”（军事禁地，禁止拍照）。不过，周二有一名摄影师和一个拿摄像机的人（显然是安保人员）站在正门内，似乎在用无线电与身穿迷彩服在周边巡逻的士兵进行联络，当一位记者的汽车驶过时，门内的两人将镜头对准了汽车。