By Mara Hvistendahl
Computer-security experts who are investigating the recent online attacks on Google and other companies have identified two institutions of higher education in China as suspected sources of the attacks, according to The New York Times. If those suspicions are confirmed, it would not be the first time one of those institutions has been linked to an international hacking incident: Seven years ago, a student at Shanghai Jiaotong University, claimed involvement in a 2001 hack that brought down the White House Web site.
While that student and others hacked independently, evidence suggests that administrators at Shanghai Jiaotong and its information-security school knew of the students’ activities. Administrators stood by as students formed hackers groups, organized hacking seminars, and exchanged tips on intrusion techniques.
But that doesn’t mean that the institution is responsible for the Google attacks, which could have been perpetrated by outside hackers through hijacked servers in Shanghai. Google announced in January that it was among dozens of companies whose systems had been compromised by attacks originating in China and directed, at least in part, at the Gmail accounts of human-rights activists.
Administrators at both Shanghai Jiaotong and Lanxiang Vocational College, the other institution named in the newspaper report, have denied any connection to the recent attacks.
And while both institutions receive strategic funds from the Chinese government, experts differ on whether that connection implies government support or encouragement of any cyberattacks carried out by students.
Boasts About Hacking
In 2003, an information-security student named Peng Yinan logged into a Shanghai Jiaotong University information-security forum and, using a screen name that would later be traced back to him, claimed involvement in a 2001 attack on the White House Web site. That attack was a group effort, coordinated by individual “patriotic hackers” distributed across China. But before long, Mr. Peng’s screen name had appeared on other hacks, including the sites of a Taiwanese Internet company and a Fox News affiliate in the Washington, D.C., area.
He did so under the guise of Javaphile, a hacking group he founded that included at least two other students from Shanghai Jiaotong’s School of Information Security Engineering. A scholarship student who went on to earn both undergraduate and Ph.D. degrees from Shanghai Jiaotong, Mr. Peng later became involved in a nationalistic student group that in 2007 was host for a seminar on hacking held in a university conference room.
The presentation explained hacker code and covered common intrusion techniques, emphasizing weaknesses in American Web sites.
When Scott Henderson, a retired U.S. Army linguist working for a private intelligence contractor in Fort Leavenworth, Kan., stumbled across Mr. Peng’s work, highlighting it in a 2007 post on his blog, Mr. Peng again went to the Shanghai Jiaotong forum to boast. University forums in China are censored, but Mr. Peng’s comments were allowed to remain.
Shanghai Jiaotong’s School of Information Security Engineering is one of several elite institutions that receives funds under the 863 Program, a major technology project that the central government unveiled in 1986 in response to President Ronald Reagan’s Star Wars initiative. Lanxiang Vocational College, meanwhile, was established with funds from the People’s Liberation Army.
Beyond the strategic support they receive from the government and military, however, the two institutions are very different. Shanghai Jiaotong is one of China’s top research universities, and its information-security school, in particular, is highly respected. “Jiaotong University probably has the strongest, or close to the strongest, computer-science and computer-engineering programs in China and arguably the rest of the world,” said Stanley Rosen, director of the East Asian Studies Center at the University of Southern California.
The information-security school occupies a handful of sparkling buildings in a spacious satellite campus in southern Shanghai, surrounded by a software park favored by multinational technology companies. Those companies actively recruit among the institution’s 200-some graduate students.
Other students go on to work for the Chinese government. Upon graduation, Mr. Peng became a consultant for the Shanghai Public Security Bureau, according to an event announcement posted on the Shanghai Jiaotong Web site.
Another student who signed his name to Javaphile Web-site defacements went on to work for a while for Google.
Lanxiang Vocational College is at the other end of the educational spectrum. One of hundreds of new vocational institutions that have cropped up in China’s rapid expansion of its higher-education system, it offers specializations in hairdressing, construction work, and welding. It recruits students through flashy television advertisements portraying its degrees as quick and cheap.
On public forums, students have complained of insufficient rest rooms, cafeteria food infested with flies, and instructors who beat them.
But those ads also show vast, hangarlike rooms filled with row upon row of students in red uniforms staring into computer terminals. Some of the college’s computer-science graduates now work for the military.
Doubts About Connections
Experts disagreed on what to make of those connections. “I doubt that the government is behind the scenes” in the cyberattacks, said Qiang Zha, an expert on Chinese higher education at York University, in Toronto. “I believe it should have much better means than using these two institutions.”
Instead, nationalistic students at the two institutions could have perpetrated the attacks, Mr. Qiang said.
But others point out a strong central-government connection is the one thing those two vastly different schools have in common. At Shanghai Jiaotong, information-school deputy dean Li Jianhua sits on an advisory committee for an information-security research center under the Ministry of Public Security.
Mr. Henderson, the intelligence analyst, says that and other connections bear more investigation. “The links are circumstantial right now, but still it’s interesting that these universities are involved in this sort of information-security research,” he said.
On Saturday, the School of Information Security Engineering appeared to have removed content from several sections of its Web site, leaving some nearly empty pages.
But the school’s chat rooms remain. In one of them, a student posted the New York Times article.
“Things are getting pretty lively,” the student wrote.