China denies colleges' role in hacker attacks

Robert Clark
22 Feb 2010

Speculation China’s role in hacker attacks has resurfaced, with the US and Chinese media trading claims and counter-claims in recent days.

But as the Wall Street Journal today puts it, progress is unlikely without the cooperation of the Chinese authorities.

The hacker story developed last Thursday with a New York Times reporting that investigators – including the NSA - had traced the attacks on Google and other US businesses to two Chinese colleges – the Shanghai Jiaotong University and the Lanxiang Vocational School in Shandong province.

The report noted that Jiaotong has one of the country’s most successful computer science schools, while Lanxiang trained some scientists for the PLA and its campus network was run by a Baidu-linked company.

The Times said evidence from a US military contractor that had been hit by the same attacks as Google had even led investigators to suspect a specific computer science class at Lanxiang, taught by a Ukrainian professor.

The official Xinhua news service denied the claims over the weekend, with a Lanxiang spokesperson claiming it had never employed any foreign staff and denied any links to the military.

If the US investigators are correct, it doesn’t necessarily finger those colleges or anyone in China of course – although one wonders what sort of IT security was being taught if it allowed the network to be so massively compromised.

“If supported by further investigation, the findings raise as many questions as they answer, including the possibility that some of the attacks came from China but not necessarily from the Chinese government, or even from Chinese sources,” the Times said.

But support from Chinese authorities is essential if the inquiry is to take the next logical step, which is to check these findings against data available from those campus networks. Given the political sensitivity of the issue, that’s not going to happen.

Yet as more and more of the world’s commerce is conducted a) online and b) with China, the international business community needs the US and China to come to make common cause against the growing threat of organized cyber-crime.

Meanwhile, foreign IT firms in China are more hopeful of being able to push back on the government’s IT procurement scheme. As in previous efforts, like WAPI, China is proposing new IT security rules which offer clear advantages to domestic industry.

From May 1, all foreign firms will be required to submit their source code for certification in order to be allowed to bid for government contracts. It poses the obvious threat of the loss of intellectual property, or of Beijing building in “backdoors” for surveillance.

Foreign IT firms say these kinds of rules will push them out of the China market. But they take heart from the fact that the rules have already been delayed by a year, and from the success of previous lobbying efforts on issues such as the Green Dam filter.

Related content

No Comments Yet! Be the first to share what you think!