Many hackers working directly for the Chinese government are men in their 20s and 30s who have been trained at universities run by the People’s Liberation Army and are employed by the state in myriad ways. Those working directly for the military usually follow a 9-to-5 weekday schedule and are not well paid, experts and former hackers said. Some military and government employees moonlight as mercenaries and do more hacking on their own time, selling their skills to state-owned and private companies. Some belong to the same online social networking groups.
“There are many types of relationships,” said Adam Segal, a China and cybersecurity scholar at the Council on Foreign Relations in New York. “Some P.L.A. hackers offer their services under contract to state-owned enterprises. For some critical technologies, it is possible that P.L.A. hackers are tasked with attacks on specific foreign companies.”
The Obama administration makes a distinction between hacking to protect national security, which it calls fair play, and hacking to obtain trade secrets that would give an edge to corporations, which it says is illegal. China and other nations accuse the United States of being the biggest perpetrator of both kinds of espionage.
In what may be Chinese retaliation for the indictments, a state agency announced plans on Thursday for tighter checks on Internet companies that do business in China. The State Internet Information Office said the government would establish new procedures to assess potential security problems with Internet technology and with services used by sectors “related to national security and the public interest,” reported Xinhua, the state-run news agency.
In the indictments, unsealed on Monday, the United States accused Mr. Wang, Mr. Sun and three others of working in the Chinese Army’s Unit 61398, which a report last year by Mandiant, a cybersecurity company in Alexandria, Va., said operated out of a 12-story white tower on the outskirts of Shanghai. That unit is now the most infamous of China’s suspected hacking groups, and the Western cybersecurity industry variously calls it the Comment Crew, the Shanghai Group and APT1.