Tuesday, 9 March 2010

Hacking Inquiry Puts China’s Elite in New Light

With its sterling reputation and its scientific bent, Shanghai Jiaotong University has the feel of an Ivy League institution.

2 comments:

Guanyu said...

Hacking Inquiry Puts China’s Elite in New Light

By DAVID BARBOZA
22 February 2010

SHANGHAI — With its sterling reputation and its scientific bent, Shanghai Jiaotong University has the feel of an Ivy League institution.

The university has alliances with elite American ones like Duke and the University of Michigan. And it is so rich in science and engineering talent that Microsoft and Intel have moved into a research park directly adjacent to the school.

But Jiaotong, whose sprawling campus here has more than 33,000 students, is facing an unpleasant question: is it a base for sophisticated computer hackers?

Investigators looking into Web attacks on Google and dozens of other American companies last year have traced the intrusions to computers at Jiaotong as well as an obscure vocational school in eastern China, according to people briefed on the case.

Security experts caution that it is hard to trace online attacks and that the digital footprints may be a “false flag,” a kind of decoy intended to throw investigators off track.

But those with knowledge of the investigation say there are reliable clues that suggest the highly sophisticated attacks may have originated at Jiaotong and the more obscure campus, Lanxiang Vocational School in Shandong Province, an institution with ties to the Chinese military.

Last weekend, the two schools strongly denied any knowledge of the attacks, which singled out corporate files and the e-mail accounts of human rights activists.

A spokesman for Jiaotong told local news outlets that school officials were “shocked and indignant” to learn of the allegations. And a Lanxiang spokesman called the reports preposterous.

But analysts say Jiaotong and Lanxiang are certain to come under close scrutiny.

Jiaotong is one of China’s top universities, and one charged with helping transform this country into a science and technology powerhouse.

The school has exchange programs with some of the world’s leading universities. Early this year, Duke said that with the help of Jiaotong, it would build its own campus near Shanghai.

Michael J. Schoenfeld, a spokesman for Duke, said on Friday that the university was troubled by the allegations.

“We’re going to have to explore that with Shanghai Jiaotong and understand the situation,” he said. “It’s a very complex situation.”

One of Jiaotong’s strongest departments is computer science, which has garnered support from some of America’s biggest technology companies, including Cisco Systems. Microsoft has collaborated with Jiaotong on a laboratory for intelligent computing and intelligent systems at the university.

Two weeks ago, Jiaotong students won an international computer programming competition sponsored by I.B.M., known as the Battle of the Brains, beating out Stanford and other elite institutions. It was the third time in the last decade that Jiaotong students had taken the top prize.

Jiaotong is also home to the School of Information Security Engineering, which specializes in Internet security. The school’s dean and chief professor have both worked on technology matters for the People’s Liberation Army, according to the school’s Web site.

The school, which has received financing from a high-level government science and technology project, code-named 863, has also regularly invited world-famous hackers and Web security experts to lecture there.

The latest clues do not answer the question of who was behind the attacks. But it is likely to put added pressure on Beijing to investigate a case that has prompted Google to threaten to pull out of China.

Beijing has not announced an investigation, but Web security experts emphasize that the Chinese government would need to be involved to find the ultimate perpetrators of the attacks.

“The U.S. would not be able to trace this” back to the source, said O. Sami Saydjari, the founder of the Cyber Defense Agency, a private Web security firm based in Wisconsin. “We cannot trace it beyond borders. We’d need the cooperation of the Chinese.”

Guanyu said...

Xiao Qiang, an expert on Chinese Internet censorship and control, says Jiaotong is studying not just Web security but also how to filter content that the government may deem unhealthy.

“Computer security may sound neutral, but in China, it also includes content, including content the government doesn’t like and wants to get rid of,” he says.

Scott J. Henderson, the author of “The Dark Visitor: Inside the World of Chinese Hackers,” said that in 2007, a prominent Chinese hacker with ties to China’s Ministry of Security also lectured at Jiaotong.

“He gave a lecture called ‘Hacking in a Nutshell,’ “ said Mr. Henderson, whose research was partly financed by the American military.

In a statement on Sunday, Microsoft said it could not comment on reports that some hacking had been traced to Jiaotong.

But the statement also said: “We condemn cyberattacks and industrial espionage no matter who is ultimately responsible. We hope officials will conduct a full investigation and cooperate fully with international authorities to get to the bottom of this situation.”

Google and other companies that were victims of the attacks have declined to comment.

Investigators are also looking into whether some of the intrusions originated at Lanxiang Vocational School, in the city of Jinan.

Lanxiang, which has 30,000 students studying trades like cosmetology and welding, was founded in 1984 by a former military officer on land donated by the military, according to Jinan’s propaganda department.

On its Web site, the school records visits to the campus by military officers and boasts of sending “a large batch of graduates to the army” and says “those graduates become the backbone of the army.”

Graduates of the school’s computer science department are recruited by the local military garrison each year, according to the school’s dean, Mr. Shao, who would give only his last name.

School officials also insist that Lanxiang students are not capable of sophisticated hacking.

“It’s impossible for our students to hack Google and other U.S. companies,” Mr. Shao said in a telephone interview. “They are just high school graduates and not at an advanced level.”

Little information is publicly available about the school’s computer science department. But the school says its computer laboratory is so enormous that it was once listed in the Guinness World Records book.

Bao Beibei and Chen Xiaoduan contributed research.