I really think the OP is on to something no one works for free and if it's not ad supported how is it supported.
That's
a model, not
the model.
How does Adobe support the free flash player, from which they make absolutely NO revenue at all
directly? How does Microsoft support the free IE browser, from which they make absolutely no revenue at all, directly?
The answer is not quite the same in those two cases and probably not quite the same in EStrong's case, but what all of them in common is that the free products fit into a more large scale business plan, and they best fulfill that role by being free products. I think if you look at the email EStrong sent the OP from post #20, and consider what I said about them (evidently) not being set-up to direct retail COTS ware, then their plan and how it makes sense might be a little clearer.
I also think you should consider who Chinese cyber-warfare intelligence units are and what they are interested in. They are not interested in your passwords, personal or financial information, etc. What they are interested in is establishing anonymous zombie networks for DOS attacks. I suppose you could do that this way, but it would be a very stupid way to go about it because 1) it would be easily detected, 2) subsequent to first use, the ease of detection would mean the whole enterprise is worthless, 3) it is more convoluted than existing, harder to detect methods.
In short it is
not realistic that this is a military front. And with regard to them being just plain criminals, why would they bother? Evidently they have a successful business doing contract work for hardware companies and adware for other people (again, see post #20 -- I'm pretty impressed they replied in detail at all, I doubt most software companies, Chinese or otherwise, would bother, particularly if they had something to hide), they also have attracted investment capital, and have doubled in size in a short time. Why would they want to ruin that with a scam they would inevitably get caught out for?