­­Lhadon Tethong was the first to open the email. How could anyone ignore the subject line? “Fwd: please save my Tibetan wife,” it read. The email was sent on April 28, 2010. It was well written, “or at least it was better written than a lot of the messages we get that are full of spelling and grammatical mistakes,” Tethong says. But it still seemed malicious. The name in the Yahoo email address was Nate Herman, but someone named Martin Lee signed off on the request for help. The text invited the recipient to click on a .zip file, apropos of nothing. 

In May 2011, Tethong forwarded the email to the Citizen Lab, a University of Toronto research group that works with civil-society groups to fight cyber-attacks. The Citizen Lab is known for exposing a cyber-espionage ring called Ghostnet, which by 2009 had compromised nearly 1,300 computers in over one hundred countries, including some at the Dalai Lama’s office in India. Tethong was working for Students for a Free Tibet at the time, and, she says, its Gmail accounts regularly show login attempts from China and Hong Kong. Since China very much opposes a free Tibet, Tethong suspected the Chinese were behind the email.

Others increasingly suspect the Chinese, too. Chinese cyber-espionage already costs American businesses an estimated $100 billion in intellectual property losses a year, according to a recent National Intelligence Estimate. National Security Agency and US Cyber Command chief Keith Alexander has called thisthe greatest transfer of wealth in history. On February 19, a US security firm called Mandiant published one of the most detailed accounts of Chinese cyber-espionage ever. The report is called APT1: Exposing One of China’s Cyber Espionage Units.

The Virginia-based Mandiant virtually nailed its findings to the front door of a twelve-storey building in Shanghai. Although it resembles an average apartment, the building is believed to be to headquarters of the People’s Liberation Army (PLA) Unit 61398. Mandiant blamed the PLA for stealing intellectual property from 141 defense, aerospace, IT and law firms, plus a few think tanks, going back almost a decade. But Mandiant said little about non-governmental organizations like Students for a Free Tibet. Among the organizations included in the study, only six are civil-society groups, says Dan McWhorter, managing director of threat intelligence for the company. Mandiant stuck to companies that might have access to information about military technology.

But Mandiant did provide more data for follow-up research than most cyber security firms do, says Seth Hardy, a senior security analyst at the Citizen Lab. So Hardy decided to do some digging. He wrote up his findings in a February 25 post for Citizen Lab called “APT1’s GLASSES—Watching a Human Rights Organization.” It revisits the Students for a Free Tibet incident from 2010, and attributes the attack to the same group that Mandiant calls Unit 61398—although Hardy stops short of calling out the Chinese government by name.

Unit 61398 is also known as the Comment Crew because of signature remarks left embedded in code on compromised websites. Mandiant renamed it APT1, for Advanced Persistent Threat. If Mandiant is right, hundreds if not thousands of APT1 cyber-spies are waging espionage from within the Shanghai building. Explicitly attributing the crimes of individual actors to nation-states is controversial in cyber-circles, since network traffic can easily be disguised. But, argues McWhorter, either the PLA is the source of the attacks, or a freelance crew is using the Chinese army’s neighborhood as its base and, somehow, in an authoritarian state, the government is not involved.

Mandiant has benefited from a new kind of Cold War alarmism about Chinese cyber-espionage, and the company’s accusations have provoked denials from the Chinese government. Former Foreign Minister Yang Jiechi, the highest-level official to comment publicly so far, told reporters at a party conference, “Those reports may have caught the eye of many people, but they are built on shaky ground.” Yang argued that China’s critics want to “turn cyberspace into another battlefield, or capitalize on virtual reality to interfere in another country’s internal affairs.”

It probably didn’t hurt Mandiant’s business that, in the weeks before publication, the New York Times, among other news organizations, went public about its own dealings with suspected Chinese hackers. Those attacks, which Mandiant helped investigate, and attributed to a group it calls APT12, followed reports by the newspaper about corruption and family wealth at the highest level of Chinese politics.

But the stakes, and the tools available for preventing and responding to attacks, are different for civil-society groups like SFT, which can’t afford to hire the likes of Mandiant—McWhorter acknowledges that its client base is “high-end”—and therefore turn to places like the Citizen Lab for help.

But who would target a small NGO? Adam Segal, an expert on China and cyber security with the Council on Foreign Relations, wrote following the alleged Chinese hack on the New York Times that data from non-corporate organizations is harder to monetize than blueprints and business plans, and thus there’s less incentive for criminal hackers to attack; sometimes, a nation-state lurks in the background, prodding hackers against dissidents and gadflies who have run afoul of the authorities.

While Hardy’s Citizen Lab report shows that APT1 is interested in specific political targets, not just corporations, others are not totally convinced by Mandiant’s claim that APT1 has a regular mission from the Chinese government. Take Jeffrey Carr, author of Inside Cyber Warfare. Carr believes the Mandiant report suffers from analytical flaws, and he argues that Mandiant fails to eliminate other possibilities. Maybe the PLA and the hackers have an agreement, but that doesn’t mean that APT1 is on the Unit 61398 payroll. Instead, the hackers might simply be trying to curry favour with the Chinese government. “While attacks against NGOs can reasonably ensure that a nation-state would be among the suspects, it doesn’t eliminate non-state actors that may be seeking the favor of a nation state, or providing a favor in exchange for other paying work,” Carr wrote in an email.

Chinese animus against Tibetan causes is well understood, and Chinese hackers, whether rogue or military-directed, have plenty of incentive to target Tibetan activists. More than a hundred Tibetans have set themselves on fire in recent months, ostensibly for a Tibet free from Chinese rule. For China, Tibet is an important piece of real estate that it currently runs as an “autonomous” province. “Without Tibet, mainland China would be much more susceptible to attack from India,” says Jennifer Richmond, China director at Stratfor, a geopolitical intelligence firm. “The Tibetan plateau creates a defensible border that is imperative to the protection of the mainland and, barring a massive country-wide revolution, there is absolutely no policy in consideration that would allow Tibetan independence.” Indeed, Carr wrote, it’s “important to remember that there are thousands of Chinese hackers who don’t like Tibet and they have a 20-year history of going after organizations who they believe have acted in an offensive manner against China.”

James Lewis, a senior fellow at the Center for Strategic and International Studies, recently published an annotated bibliography of attacks attributed to China, going back to 2001. It mentions Ghostnet, the 2009 attacks on the Dalai Lama and others, which trace back to an intelligence facility operated by the Third Technical Department of the PLA on China’s Hainan Island, in the South China Sea.

AlienVault Labs also tracks hackers in China. “There are several dozens of groups operating from China right now. Some of them focus on NGOs and activists and others are targeting a wide range of industries including activists,” wrote director Jaime Blasco in an email. “My question is, guess who is the only one interested in targeting high profile entities in the US and Tibet/Uyghur activists around the world?”

But Seth Hardy says he hasn’t seen enough evidence to directly attribute GLASSES, the targeted attack on SFT analyzed by the Citizen Lab, to the Chinese government. Same goes for the newer GOGGLES, described in the Mandiant report, which used the same compromised eyewear website to launch its attacks. In other words, Hardy understands what APT1 is doing, but won’t say whom he thinks signs the checks.

Hardy might be more willing to blame the Chinese government if he had better information. “The problem with attribution is just because the data gets sent to a Chinese IP does not mean the attacker is even Chinese,” he says. “There are any number of ways to redirect traffic.” Hardy adds that, with “political issues, we don’t make any statements of attribution unless we are absolutely sure.”

It seems clear enough that someone wants to know American business secrets and spy on Tibetan activists. But forget, for now, trying to identify the primordial loyalties of the human behind the malware. Forget that the security-clearance-lacking masses don’t quite know what China does with the intelligence it gathers, perhaps because the media’s getting hacked just like everyone else, and even chased off from the Shanghai site by uniformed guards. What Seth Hardy does know is that APT1 tried to hack a Tibetan organization in 2010. (Due to Citizen Lab policy, he did not mention Students for a Free Tibet’s name in his report, or in conversation, though Tethong confirmed that SFT was the organization in question.) Call the antagonists Comment Crew or APT1. They target people. They leave trails, more or less. Yet you’d have to call them professionals.