Chinese Schools Fingered as Source of Past Cyberattacks
One of two Chinese academic institutions identified in a New York Times report Thursday as the apparent source of the recent attacks against Google , has also been linked to a hacker who may have been involved with the takedown of whitehouse.gov in 2001.
The Times yesterday reported that the recent cyberattacks against Google and more than 30 other organizations appeared to have originated from computers at two schools in China . One of the schools was identified as the Shanghai Jiaotong University; the other, as the Lanxiang Vocational School, an academic institution in China's Shandong Province with apparent ties to the country's military.
A U.S. military contractor attacked in the same manner as Google , has even pointed investigators to a specific computer science class taught by a Ukrainian professor at the vocational school as one source of the attacks, the Times said.
The newspaper, quoting unnamed investigative sources, said the attacks on Google and more than 30 other technology companies appear to have begun in April -- much earlier than previously believed. If evidence of the schools' involvement bears out, it could cast doubt on the assumption that the Chinese government or military was directly involved in the attacks, the Times said.
The Shanghai Jiantong University is one of China's top academic institutions. Earlier this month, it won an international collegiate programming contest sponsored by IBM. The competition, entitled "Battle of the Brains," pitted students from 103 of the world's top universities in a software design challenge. As winners of the competition, students from Shanghai Jiantong University have a guaranteed offer of employment or internship with IBM, according to a statement from the company.
Jiantong University officials, speaking with the Times said they had not heard about the Google attacks being traced back to their computers but indicated a willingness to investigate. A professor at the school didn't rule out the possibility that the attacks came from the school, but said they might simply have been someone "experimenting with their hacking skills."
While the cyberattacks remain under investigation, Shanghai Jiaotong University has been linked with at least one leading Chinese hacker in recent years.
Scott Henderson, a former U.S. Army Intelligence officer who has written a book on Chinese hackers called Dark Visitor , has identified Peng Yinan as a one-time student at the school. Yinan is believed to have been involved in a series of DDoS attacks against whitehouse.gov nine years ago. That is the site for the White House.
According to Henderson's blog, Yinan used the online handles Coolswallow and Ericool and was a fairly active political hactivist during the spat between the U.S and Chinese governments in 2001 following a collision between a U.S. reconnaissance aircraft and a Chinese fighter jet.
A February 2009 story in Popular Science magazine based on interviews with Henderson, said that Yinan in September 2000 established a group at Shanghai Jiahnton University called Javaphile. The group, originally meant to be a forum for discussing physics and programming topics, turned to hacking amid the outrage over the plane collision, according to the Popular Science .
"On May 20, 2003, a man named Peng Yinan, then known only by the moniker coolswallow, logged into a public Shanghai Jiaotong University student forum and described how he formed a group at the university's Information Security Engineering School that coordinated with other hackers to bring down whitehouse.gov in 2001," the story said. The same individual also bragged about how his group had defaced other sites deemed to be anti-Chinese.
Over the next two years, Yinan and his accomplices allegedly broke into a Taiwanese firm's home page and defaced it with an obscenity opposing its pro-independence movement. Yinan also is alleged to have broken into a couple of U.S Navy Web sites and the Fox News Web site following the U.S invasion of Iraq in 2003, according to the magazine.
Henderson meanwhile has also linked Yinan to a Jiaotong University graduate student group called Beasts of Burden Society, for which he delivered an October 2007 lecture titled "Hacker in a Nutshell."
"According to the press release, Peng Yinan is a security information consultant for the Shanghai Public Security Bureau and a senior hacker," Henderson wrote in his blog. As recently as 2008, Yinyan was invited back to Jiaotong University to give a career talk to graduate students at the university's Information Security Engineering School, Henderson's blog notes.
There's nothing in either the Popular Science story or Henderson's blog to suggest that Jiaotong University was in any way directly or indirectly involved with Yinan's alleged activities -- or was even aware of them.
The Lanxiang vocational school, meanwhile, was described by the Times as a school that trains some computer scientists for the Chinese military and whose computer network is operated by a company with close ties to Google rival Baidu.
According to the Times , security analysts are divided over whether the schools are being used as a camouflage for government operations or were a cover for an intelligence operation run by someone else.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld . Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Knowledge Center.