ImageQuest Meet a Cybercriminal

In 2017, Xu Ke, a soldier in China’s Peoples Liberation Army, reached from the Beijing-based Research Institute No. 54 to servers in Alpharetta, Ga.

The servers belonged to Equifax, and a U.S. indictment alleges he was one of four named members of the PLA to steal sensitive credit data.

The FBI provided little information on Xu or his co-defendants, other than to say they likely live in Beijing. The FBI also said little about the Research Institute, other than it was Beijing-based.

The Equifax breach shocked the world due to its size and news that the company failed to follow basic cybersecurity measures. The indictment out of Atlanta alleges more than 145 million Americans – or half of all American citizens – had their credit reports stolen in the breach.

So far, the records haven’t surfaced, and the indictment supports theories that a rogue nation, rather than a criminal hacker, carried out the breach.

“(T)he thieves routed their internet traffic through 34 servers in nearly 20 countries, extracted data in compressed files, and wiped the computer logs from a leased server on a daily basis,” reported Cyberscoop.com, which called Xu “an officer in China’s People’s Liberation Army.”

In 2018 the Cyber Defense Review published an article saying China had reorganized the PLA in 2015 to create a Strategic Support Force that took over the PLA’s responsibilities for space, cyberspace, and seas – three areas Chinese leadership deemed to be “strategic frontiers.”

The reorganization came a year after the U.S. created its own U.S. Cyber Command.

The article further said China’s Strategic Support Force oversees two divisions, one of which is called the Network Systems Department. It handles cyber warfare, electronic warfare, psychological warfare, and technical surveillance.

The article also included organizational flow charts showing the 54th Research Institute unit always under PLA commands responsible for computer network attacks. The report says the 54th is now “likely” under the supervision of the Network Systems Department.

The article says the 54th is specifically responsible for research and development of operational electronic and network countermeasures.