‘Don’t blame us for Google hack,’ say indignant Chinese schools

Two schools in China where computers were reportedly linked to cyberattacks on Google and other companies have denied involvement in the hack, Chinese state media said Sunday.

Investigators say they have traced the attacks back to computers at Shanghai Jiaotong University, which is one of China’s top universities, and Lanxiang Vocational School in eastern Shandong province, The New York Times reported this week.

That may not mean the attacks were launched from those computers since their IP (Internet Protocol) addresses could have been used by attackers elsewhere seeking to hide their location.

A spokesperson said the Shanghai university was “shocked and indignant to hear these baseless allegations” and denied any link to students or teachers at the school, the state-run Xinhua news agency said.

A representative of the vocational school said investigation of its staff found no trace that the attacks originated there, Xinhua said. The representative also denied any ties between the school and China’s military.

The Chinese vocational school has about 20,000 students learning skills such as cooking, car repair and hairdressing, Xinhua said.

Google said last month that it planned to stop censoring results on its China-based search engine, citing cyberattacks apparently launched from China as one reason for the move.

Google has said it is in talks with Chinese authorities, but Google.cn is still censoring sensitive political and other search results.

Whitehouse assault?

But the Chinese academic institutions have other charges to respond to apart from their alleged involvement in the  Google attack.

One of two Chinese schools identified as the apparent source of the Google attacks has also been linked to a hacker who may have been involved with the takedown of whitehouse.gov in 2001.

Last week The New York Times reported that the recent cyberattacks against Google and more than 30 other organizations appeared to have originated from computers at two schools in China.

One of the schools was identified as the Shanghai Jiaotong University; the other, as the Lanxiang Vocational School, an academic institution in China’s Shandong Province with apparent ties to the country’s military.

A U.S. military contractor attacked in the same manner as Google, has even pointed investigators to a specific computer science class taught by a Ukrainian professor at the vocational school as one source of the attacks, the newspaper said.

Quoting unnamed investigative sources, it said the attacks on Google and more than 30 other technology companies appear to have begun in April — much earlier than previously believed.

If evidence of the schools’ involvement bears out, it could cast doubt on the assumption that the Chinese government or military was directly involved in the attacks, the Times said.

The Shanghai Jiantong University is one of China’s top academic institutions. Earlier this month, it won an international collegiate programming contest sponsored by IBM.

The competition, entitled “Battle of the Brains,” pitted students from 103 of the world’s top universities in a software design challenge. As winners of the competition, students from Shanghai Jiantong University have a guaranteed offer of employment or internship with IBM, according to a statement from the company.

Jiantong University officials, speaking with the Times said they had not heard about the Google attacks being traced back to their computers but indicated a willingness to investigate.

A professor at the school didn’t rule out the possibility that the attacks came from the school, but said they might simply have been someone “experimenting with their hacking skills.”

While the cyberattacks remain under investigation, Shanghai Jiaotong University has been linked with at least one leading Chinese hacker in recent years.

Scott Henderson, a former U.S. Army Intelligence officer who has written a book on Chinese hackers called Dark Visitor, has identified Peng Yinan as a one-time student at the school. Yinan is believed to have been involved in a series of DDoS attacks against whitehouse.gov nine years ago. That is the site for the White House.

According to Henderson’s blog, Yinan used the online handles Coolswallow and Ericool and was a fairly active political hactivist during the spat between the U.S and Chinese governments in 2001 following a collision between a U.S. reconnaissance aircraft and a Chinese fighter jet.

A February 2009 story in Popular Science magazine based on interviews with Henderson, said that Yinan in September 2000 established a group at Shanghai Jiahnton University called Javaphile.

The group, originally meant to be a forum for discussing physics and programming topics, turned to hacking amid the outrage over the plane collision, according to the Popular Science.

“On May 20, 2003, a man named Peng Yinan, then known only by the moniker coolswallow, logged into a public Shanghai Jiaotong University student forum and described how he formed a group at the university’s Information Security Engineering School that coordinated with other hackers to bring down whitehouse.gov in 2001,” the story said.

The same individual also bragged about how his group had defaced other sites deemed to be anti-Chinese.

Over the next two years, Yinan and his accomplices allegedly broke into a Taiwanese firm’s home page and defaced it with an obscenity opposing its pro-independence movement.

Yinan also is alleged to have broken into a couple of U.S Navy Web sites and the Fox News Web site following the U.S invasion of Iraq in 2003, according to the magazine.

Henderson meanwhile has also linked Yinan to a Jiaotong University graduate student group called Beasts of Burden Society, for which he delivered an October 2007 lecture titled “Hacker in a Nutshell.”

“According to the press release, Peng Yinan is a security information consultant for the Shanghai Public Security Bureau and a senior hacker,” Henderson wrote in his blog. As recently as 2008, Yinyan was invited back to Jiaotong University to give a career talk to graduate students at the university’s Information Security Engineering School, Henderson’s blog notes.

There’s nothing in either the Popular Science story or Henderson’s blog to suggest that Jiaotong University was in any way directly or indirectly involved with Yinan’s alleged activities — or was even aware of them.

The Lanxiang vocational school, meanwhile, was described by the Times as a school that trains some computer scientists for the Chinese military and whose computer network is operated by a company with close ties to Google rival Baidu.

According to the Times, security analysts are divided over whether the schools are being used as a camouflage for government operations or were a cover for an intelligence operation run by someone else.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs