U.S. military intelligence has identified a headquarters for a Chinese military hacking unit — inside two Beijing hotels.
According to an open-source intelligence report produced by the Army’s Asian Studies Detachment, “the Headquarters/Jintang and Seasons Hotel appear to be located in the same or at least adjacent buildings, both of which are, according to available information, owned by or connected to the People’s Liberation Army 4th Department.”
The Fourth Department, known as 4PLA, until recently was part of the military’s General Staff Department and is also known as the Electronic Countermeasures and Radar Department. The unit was reorganized into a new PLA service called the Strategic Support Force. The roll of the department is to conduct offensive electronic warfare and information warfare, including offensive cyberattacks.
The electronic and information warfare are among China’s most secret operations, and the location of the headquarters at the hotels appears to be following the strategic dictum of hiding in plain sight.
The 4PLA is considered one of China’s most threatening spy agencies because of its mandate for high-technology warfare and intelligence-gathering.
Its capabilities extend into space and include disrupting enemy communications, navigation and synthetic aperture radar satellites.
“The 4PLA’s cybermission is first and foremost focused on the disruption and denial of enemy computer networks,” according to testimony by John Costello, a former Navy intelligence official, before the congressional U.S.-China Economic and Security Review Commission.
“The targeting necessary to successfully carry out these missions requires the 4PLA to have a strong network surveillance component,” Mr. Costello added. “This operational targeting in both cyber and electronic domains forms the basis of 4PLA’s role as an intelligence service.”
China’s military units have been blamed for the massive hack of 21.5 million records of federal workers from the Office of Personnel Management networks over the last two years. The Justice Department also indicted five PLA hackers in 2014 for cyberattacks against U.S. companies.
The OPM hack was strategically significant because it allows China’s intelligence services to conduct more targeted technical and human intelligence operations against American government personnel, especially those with access to secret information and those in charge of managing government computer networks.
Chinese military hacking very often involves the use of so-called “spear-phishing” cyberattacks — the use of fraudulent emails to trick unsuspecting computer users into loading malware that allows the penetration of large-scale computer systems.
According to the U.S. Army intelligence report, the Fourth Department owns the two hotels in northern Beijing called the Seasons Hotel and Headquarters/Jintang Hotel. The report does not explain why the hotels were used by the Chinese for hacking, although it is likely that it will be used to conduct intelligence gathering. China’s electronic and cyberwarfare intelligence units are considered high-interest targets.
The report highlights how internet searches in the digital age often produce valuable intelligence.
In the case of the 4PLA headquarters, the Army learned about the connection to the PLA from an online posting from 2012 when a customer stated in a review that the Jintang Hotel was “owned by the PLA General Staff 4th department” and, as a result, was much quieter than other Beijing hotels.
Further records’ searches revealed that both hotels are owned by the 4PLA.
A company called Beijing Philisense Technology Co., Ltd. stated in a public Chinese documents that the company was leasing the third and fourth floors of the Seasons Hotel from “People’s Liberation Army (PLA) General Staff 4th Department Hotel, No. 2 Zhixincun, Huayuan Road, Haidian, Beijing.” The lease was signed in 2009 and runs through 2023.
Another public document stated that the 4PLA has leased the first 12 floors of the adjacent hotel to Philisense Technology from 2012 through 2024.
The entire Seasons Hotel is said to be wired for wireless internet access, while the adjacent Jintang/Headquarters Hotel also has wireless connectivity in conference rooms and guest rooms.
The report noted that commercial hotel booking websites offer rooms at both hotels. But the Army tried to arrange for a room stay and found doing so was “largely impossible.” Those seeking rooms through online booking sites were met with error messages or notices that the hotel is no longer open.
All the hotels were observed to be open as of December 2015, a month before the Army report.