|
|
Two Chinese Schools Said to Be Tied to Online Attacks
By JOHN MARKOFF and DAVID BARBOZA
Published: February 18, 2010
SAN FRANCISCO — A series of online attacks on Google and dozens of other Amer
ican corporations have been traced to computers at two educational institution
s in China, including one with close ties to the Chinese military, say people
involved in the investigation.
They also said the attacks, aimed at stealing trade secrets and computer codes
and capturing e-mail of Chinese human rights activists, may have begun as ear
ly as April, months earlier than previously believed. Google announced on Jan.
12 that it and other companies had been subjected to sophisticated attacks th
at probably came from China.
Computer security experts, including investigators from the National Security
Agency, have been working since then to pinpoint the source of the attacks. Un
til recently, the trail had led only to servers in Taiwan.
If supported by further investigation, the findings raise as many questions as
they answer, including the possibility that some of the attacks came from Chi
na but not necessarily from the Chinese government, or even from Chinese sourc
es.
Tracing the attacks further back, to an elite Chinese university and a vocatio
nal school, is a breakthrough in a difficult task. Evidence acquired by a Unit
ed States military contractor that faced the same attacks as Google has even l
ed investigators to suspect a link to a specific computer science class, taugh
t by a Ukrainian professor at the vocational school.
The revelations were shared by the contractor at a meeting of computer securit
y specialists.
The Chinese schools involved are Shanghai Jiaotong University and the Lanxiang
Vocational School, according to several people with knowledge of the investig
ation who asked for anonymity because they were not authorized to discuss the
inquiry.
Jiaotong has one of China’s top computer science programs. Just a few weeks a
go its students won an international computer programming competition organize
d by I.B.M. — the “Battle of the Brains” — beating out Stanford and other
top-flight universities.
Lanxiang, in east China’s Shandong Province, is a huge vocational school that
was established with military support and trains some computer scientists for
the military. The school’s computer network is operated by a company with cl
ose ties to Baidu, the dominant search engine in China and a competitor of Goo
gle.
Within the computer security industry and the Obama administration, analysts d
iffer over how to interpret the finding that the intrusions appear to come fro
m schools instead of Chinese military installations or government agencies. So
me analysts have privately circulated a document asserting that the vocational
school is being used as camouflage for government operations. But other compu
ter industry executives and former government officials said it was possible t
hat the schools were cover for a “false flag” intelligence operation being r
un by a third country. Some have also speculated that the hacking could be a g
iant example of criminal industrial espionage, aimed at stealing intellectual
property from American technology firms.
Independent researchers who monitor Chinese information warfare caution that t
he Chinese have adopted a highly distributed approach to online espionage, mak
ing it almost impossible to prove where an attack originated.
“We have to understand that they have a different model for computer network
exploit operations,” said James C. Mulvenon, a Chinese military specialist an
d a director at the Center for Intelligence Research and Analysis in Washingto
n. Rather than tightly compartmentalizing online espionage within agencies as
the United States does, he said, the Chinese government often involves volunte
er “patriotic hackers” to support its policies.
Spokesmen for the Chinese schools said they had not heard that American invest
igators had traced the Google attacks to their campuses.
If it is true, “We’ll alert relative departments and start our own investiga
tion,” said Liu Yuxiang, head of the propaganda department of the party commi
ttee at Jiaotong University in Shanghai.
But when asked about the possibility, a leading professor in Jiaotong’s Schoo
l of Information Security Engineering said in a telephone interview: “I’m no
t surprised. Actually students hacking into foreign Web sites is quite normal.
” The professor, who teaches Web security, asked not to be named for fear of
reprisal.
“I believe there’s two kinds of situations,” the professor continued. “One
is it’s a completely individual act of wrongdoing, done by one or two geek s
tudents in the school who are just keen on experimenting with their hacking sk
ills learned from the school, since the sources in the school and network are
so limited. Or it could be that one of the university’s I.P. addresses was hi
jacked by others, which frequently happens.”
At Lanxiang Vocational, officials said they had not heard about any possible l
ink to the school and declined to say if a Ukrainian professor taught computer
science there.
A man named Mr. Shao, who said he was dean of the computer science department
at Lanxiang but refused to give his first name, said, “I think it’s impossib
le for our students to hack Google or other U.S. companies because they are ju
st high school graduates and not at an advanced level. Also, because our schoo
l adopts close management, outsiders cannot easily come into our school.”
Mr. Shao acknowledged that every year four or five students from his computer
science department were recruited into the military.
Google’s decision to step forward and challenge China over the intrusions has
created a highly sensitive issue for the United States government. Shortly af
ter the company went public with its accusations, Secretary of State Hillary R
odham Clinton challenged the Chinese in a speech on Internet censors, suggesti
ng that the country’s efforts to control open access to the Internet were in
effect an information-age Berlin Wall.
A report on Chinese online warfare prepared for the U.S.-China Economic Securi
ty Review Commission in October 2009 by Northrup Grumman identified six region
s in China with military efforts to engage in such attacks. Jinan, site of the
vocational school, was one of the regions.
Executives at Google have said little about the intrusions and would not comme
nt for this article. But the company has contacted computer security specialis
ts to confirm what has been reported by other targeted companies: access to th
e companies’ servers was gained by exploiting a previously unknown flaw in Mi
crosoft’s Internet Explorer Web browser.
Forensic analysis is yielding new details of how the intruders took advantage
of the flaw to gain access to internal corporate servers. They did this by usi
ng a clever technique — called man-in-the-mailbox — to exploit the natural t
rust shared by people who work together in organizations.
After taking over one computer, intruders insert into an e-mail conversation a
message containing a digital attachment carrying malware that is highly likel
y to be opened by the second victim. The attached malware makes it possible fo
r the intruders to take over the target computer.
The recent invasions of the computer systems of Google and several dozen other
American companies have placed a spotlight on the dismal state of American co
mputer security.
Many American corporations take a reactive approach to attacks and are depende
nt on off-the-shelf antivirus products.
John Markoff reported from San Francisco and David Barboza from Shanghai. Bao
Beibei and Chen Xiaoduan in Shanghai contributed research. |
|
IP卡
狗仔卡
提升卡
置顶卡
变色卡
抢沙发
