The Lanxiang Vocational School Hacked Google
(New York Times) Two Chinese Schools Said To Be Tied To Online Attacks. By John Markoff and David Barboza. February 18, 2010.
¡§We have to understand that they have a different model for computer network exploit operations,¡¨ said James C. Mulvenon, a Chinese military specialist and a director at the Center for Intelligence Research and Analysis in Washington. Rather than tightly compartmentalizing online espionage within agencies as the United States does, he said, the Chinese government often involves volunteer ¡§patriotic hackers¡¨ to support its policies.A series of online attacks on Google and dozens of other American corporations have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military, say people involved in the investigation.
They also said the attacks, aimed at stealing trade secrets and computer codes and capturing e-mail of Chinese human rights activists, may have begun as early as April, months earlier than previously believed. Google announced on Jan. 12 that it and other companies had been subjected to sophisticated attacks that probably came from China.
Computer security experts, including investigators from the National Security Agency, have been working since then to pinpoint the source of the attacks. Until recently, the trail had led only to servers in Taiwan.
If supported by further investigation, the findings raise as many questions as they answer, including the possibility that some of the attacks came from China but not necessarily from the Chinese government, or even from Chinese sources.
Tracing the attacks further back, to an elite Chinese university and a vocational school, is a breakthrough in a difficult task. Evidence acquired by a United States military contractor that faced the same attacks as Google has even led investigators to suspect a link to a specific computer science class, taught by a Ukrainian professor at the vocational school.
The revelations were shared by the contractor at a meeting of computer security specialists.
The Chinese schools involved are Shanghai Jiaotong University and the Lanxiang Vocational School, according to several people with knowledge of the investigation who asked for anonymity because they were not authorized to discuss the inquiry.
Jiaotong has one of China¡¦s top computer science programs. Just a few weeks ago its students won an international computer programming competition organized by I.B.M. ¡X the ¡§Battle of the Brains¡¨ ¡X beating out Stanford and other top-flight universities.
Lanxiang, in east China¡¦s Shandong Province, is a huge vocational school that was established with military support and trains some computer scientists for the military. The school¡¦s computer network is operated by a company with close ties to Baidu, the dominant search engine in China and a competitor of Google.
Within the computer security industry and the Obama administration, analysts differ over how to interpret the finding that the intrusions appear to come from schools instead of Chinese military installations or government agencies. Some analysts have privately circulated a document asserting that the vocational school is being used as camouflage for government operations. But other computer industry executives and former government officials said it was possible that the schools were cover for a ¡§false flag¡¨ intelligence operation being run by a third country. Some have also speculated that the hacking could be a giant example of criminal industrial espionage, aimed at stealing intellectual property from American technology firms.
Independent researchers who monitor Chinese information warfare caution that the Chinese have adopted a highly distributed approach to online espionage, making it almost impossible to prove where an attack originated.
Spokesmen for the Chinese schools said they had not heard that American investigators had traced the Google attacks to their campuses.
If it is true, ¡§We¡¦ll alert related departments and start our own investigation,¡¨ said Liu Yuxiang, head of the propaganda department of the party committee at Jiaotong University in Shanghai.
But when asked about the possibility, a leading professor in Jiaotong¡¦s School of Information Security Engineering said in a telephone interview: ¡§I¡¦m not surprised. Actually students hacking into foreign Web sites is quite normal.¡¨ The professor, who teaches Web security, asked not to be named for fear of reprisal.
¡§I believe there¡¦s two kinds of situations,¡¨ the professor continued. ¡§One is it¡¦s a completely individual act of wrongdoing, done by one or two geek students in the school who are just keen on experimenting with their hacking skills learned from the school, since the sources in the school and network are so limited. Or it could be that one of the university¡¦s I.P. addresses was hijacked by others, which frequently happens.¡¨ At Lanxiang Vocational, officials said they had not heard about any possible link to the school and declined to say if a Ukrainian professor taught computer science there.
A man named Mr. Shao, who said he was dean of the computer science department at Lanxiang but refused to give his first name, said, ¡§I think it¡¦s impossible for our students to hack Google or other U.S. companies because they are just high school graduates and not at an advanced level. Also, because our school adopts close management, outsiders cannot easily come into our school.¡¨
Mr. Shao acknowledged that every year four or five students from his computer science department were recruited into the military.
This story has catapulted the Lanxiang Vocational School into worldwide celebrity. For example:
Why should Chinese students bother attending CalTech, MIT or Stanford when there is a world-class technology school right at home? Here is a brief introduction to the Lanxiang Vocational School:
The homepage of the Lanxiang Vocational School is at: http://www.lxjx.cn/
At the Lanxiang Vocational School, there are eight academic tracks:
- Automobile maintenance/repair
- Numerical control of factory instruments/equipment
- Computers
- Bulldozer/Forklift/Earth Excavators, etc operations
- Welding
- Professional cooking
- Beauty/hairdressing
- Electrical/mechanical machine maintenance/repair
Under "Lanxiang news," the entry says "undefined" in English.
"... The computer specialty has two sets of equipment: multimedia and practical computer usage. Both theory and practice are emphasized. All students will take at least four courses on multimedia classes.
The practical computer usage classes are conducted in ten huge high-standard laboratories equipped with 2,000 Founder brand computers.
The Lanxiang server room is also the world's biggest room with the largest number of computers. It has been certified by World Guinness as the top in the world.
(Note: the record has been broken since)
"Professional management: In order to ensure that the students will truly learn a skill, the students will use their personal cards to log onto the computers in order to guarantee that they complete all the coursework."Here are some photos of uniformed students training in the computer laboratory.
Recently Zhang Yingyue of Jinan city (Shandong province) complained to us: "My younger brother is studying at the Shandong Lanxiang school. We saw their TV ad and we thought that they were not bad. So he sent him there. But the school's ideas of education as well the environment was completely not what we expected and different from the ads on TV and the Internet. Based upon my understanding as well as the personal experience of my young brother that this school is running false advertising to rake in money. The worst part is the "free trial" which has tricked many people. Actually, as soon as you step in the front door, you better not expect to get out. After your "free trial," you better pay up and continue or else you will be in big trouble. This is completely a hooligan school. I can't imagine how such a school can be allowed to exist in this law-abiding society today. They even had the nerve to run TV ads and openly deceively people. Zhang Yingyue hopes that the media and the relevant government departments will pay attention to this matter and follow up.
With respect to our questions, the Lanxiang Vocational School has made no replies.
These videos were posted long before the New York Times article made the school famous worldwide.
This is the television commercial for the Shandong Lanxiang Vocational School featuring spokesperson Tang Guoxiang, who is famous in his role as Chairman Mao Zedong. The slogans used in this commercial were the basis for many of the current jokes about the new fame attained by the school.
Here is a leader addressing four hundred cook-students from the Lanxiang Vocational School. Please note that behind the leader stood a tall Causasian. Does that mean that Lanxiang actually hires foreigner teachers which they have recently denied? Oh, wait a minute. This video was taken at the Beijing Olympics (you can see the Olympic flames in the background) during which Lanxiang provided cooking help. It is not unreasonable to hire foreign consultants to cook food that meet the tastes of the foreign athletes.
This video is taken by a student of his class. This looks very much unlike the clean environment shown in the television commercial.
This video was posted by someone who went to the school to learn how to operate an excavator. Netizens wrote: "As soon as I enrolled, my greatest wish was to leave." "Dog fart Lanxiang, fuck his mother! I went there to learn to operate an excavator, but I was deceived!" "In a class with more than 100 students, we had two excavators to share among us." But please note that some of the students are dressed in military fatigues/camouflaged uniforms.In this Tianya Forum post, it was said that the dormitory conditions were appalling, including wet floors. The following videos were taken by students who had the assignment to clean up their living quarters.
Here is an 'incriminating' video of a ceremony in which a total of 10 Lanxiang students dressed in military fatigues were sent off to join the military as "technicians." It is not stated whether they will be automotive repairmen, bulldozer operators, cooks or computer hackers. But as pointed out, it is nothing unusual for vocational school graduates to join the military.
This pair of Tianya Forum posts were made last year before the New York Times brought the Lanxiang Vocational School into global celebrity status for being "Hacker Central" in China.
(Tianya Forum, March 25, 2009)
I have been out of the Lanxiang Vocational School for more than half a year already. I really don't understand what made me go to that damned place at first. Last year, I was home with nothing to do. I saw the promotional TV ad about the Lanxiang Vocational School. So I thought that I could learn to operate an earth digger there. China is developing rapidly and a construction machine operator job pays well. So I thought that since it didn't seem to cost much, I went over to Shandong. Once I got to the school campus, all my doubts were removed. The school campus occupied over 1,000 mu of land. There were many students there. So I thought how can there be any doubts when so many students are studying there? Later on, I found out that these people also had their doubts removed by the television ads for that dick Tang Guoxiang as well as the sight of the campus.
On the first day in school, a teacher took me around the campus and made a brief presentation. He asked me what I wanted to study. I said I wanted to learn to operate an earth digger. He asked me whether I wanted a six-week or eight-week course. I said six weeks is fine. He kept pushing the eight-week course but I insisted on only six weeks. Then their attitudes changed. After I paid the fee, someone got me a student ID and a card (which can be used to buy stuff and pay for meals inside the school). Then he took me to get a blanket and a mattress. In my entire life, I have been seen a blanket so filthy. It also exuded a strong and unbearable stinking odor. Then he took me to my dormitory, which is a room less than 30 square meters in area for 16 persons to share.
After putting my stuff down, I was taken to a classroom in which 50 to 60 persons were seated. A twenty-something-year old man was on the dais telling dirty jokes. Later on, I found out that he was the teacher. Then it was noon and time for lunch. We took our own lunch boxes to get in line. There were many people there. I have never eaten anything so disgusting and I threw most of the food out. So I gradually realized that things were not as great as I previously thought.
In the afternoon, I sat in the classroom to listen to more bullshit from them. We had to wait for more people to arrive because they were not going to start a class until they got enough students. Then it was dinner time. After dinner, we went back to the classroom for more bullshit. We went back to the dormitory at 8 o'clock to sleep. I did not bathe that first night, because I had no idea where the bathroom was yet. There was only one bathroom in the whole school. It is about 80 square meters. Some people bathed in the restrooms and others bathed in the water pool by the building. But it is important not to be caught by the patrolling inspectors who will curse you out. The water was pumped from the school's own well, which can be cool even in the month of August. Many students caught colds, and ended up spending hundreds of yuan on cold medicine.
Usually, students are not allowed to go out. This can be said to be a completely sealed campus. Actually, they are worried that you can create trouble if you go out. Therefore those eight weeks were like jail time and made me appreciate how wonderful freedom is.
I took eighteen days of classes of theory. Then the teachers began to ask which students wanted job referrals. Many people raised their hands, including me of course. The teachers said that the school will make job referrals only for those students who studied two disciplines (that is, either (earth digger + forklift) or (earth digger + bulldozer)). This meant an extra 2,000 plus yuan in fees. Otherwise, the school will not make referrals. Many people felt that they were deceived, but they just had to continue because they had already paid in already.
When the teachers saw that many people were resistant, they explained that employers will surely hire someone who knew two disciplines who only knew one. Besides, one can easily earn the 2,000 yuan back within one month on the job. So some people paid up. Events later would show that the smart thing is not to pay up!
Then we moved into the classes on practice. It became apparent why they wanted me to sign up for eight weeks instead of six. If you signed up for eight weeks, you get to practice 30 minutes a day on a machine; if you signed up for six weeks, you only get 15 minutes a day on a forehand machine (when most industrial machines are backhand machines nowadays). So I paid another 700 yuan to get into the eight week course. After the 30 minutes of practice a day, I worked on chores for the school without pay. Anyone who didn't do their work could be beaten by the instructors who can punish you by not letting you practice on the machines.
When we first arrived, the teachers told us that we were going to live in a brand new building during our practice period. It was true, except that we were going to live in the basement. Even in August, you have to use a blanket at night. The floor was always damp. If you didn't dry your blankets out in the sun during daytime, you will have a wet blanket at night. People with skin problems were in trouble here. As I saw people graduating, I was jealous and I wished that I could join them soon.
I heard from the graduating students that an additional 100 yuan was charged for the diploma. But you can choose whether to have it or not. When I first got here, I was immediately reimbursed with 100 yuan for travel expenses. So this diploma fee was the way that get their 100 yuan back. I have never heard of any school charging for a diploma which is just an A4 paper document.
Actually, everybody here knew that they had been conned. But who can we complain to? Who will defend our rights? Many people spend more than 10,000 yuan here. They are people without much social experience. They saw on television that the campus has movie houses and libraries. That is true, except they charge 2 yuan for each movie and 1 yuan to read a library book which cannot be taken out. They charged 2 yuan at the bathhouse for each visit. You are going to spend at least 7,000 to 8,000 yuan during the two months there.
How can such a school be allowed to run ads on television? Doesn't the Jinan government know that such a school cannot help those who really need a job? I know that some of the students were survivors of the Sichuan earthquake, so this whole thing is like adding ice on top of snow in their lives. They only wanted to learn a skill to rebuild their homes, but they came across this in Shandong!
(Tianya Forum) September 29, 2009.
I lived in the countryside. I saw the Lanxiang Vocational School commercial on television, so I went there to learn how to operate an earth digger.
There is a reception booth at the train station. As soon as you register at that reception booth, you won't be able to escape from them.
They will take you by car to the Lanxiang Vocational School and inspect the campus. You will be overawed by the campus and its facilities. Then they will prompt you register. I didn't have any money with me. So I paid a 100 yuan registration first. Then they took me to another place where I waited. I couldn't do anything there except to call my family to send the money over. I can only wait until the money arrives before I can attend school. The earth digger course does not have trial classes, even though the television ad said that there free trials. At the waiting place, there are no current students around so that you cannot find out what it is really like until after you paid.
After I paid my fees (5,180 yuan in tuition + 520 yuan in living expenses + 50 yuan deposit for the blanket + 65 yuan in bedsheets - 100 yuan travel reimbursement = 5,780 yuan, but they will charge you 100 yuan for the diploma later), they gave me a student ID and a charge card which carried my expense money. All my expenses will be deduced against that charge card. I asked for a receipt, but they said that there was no reason why such a large school would be unable to honor its obligations to me.
I was then taken to a dormitory. Conditions were bad with 12 persons per room, one restroom per floor which also served as the bathroom. Each time, you bring your food back to eat in the dormitory, you will see people with naked butts washing themselves.
Then I went to the theory class. The teacher was telling jokes to the students, because he was not going begin a new class until enough students arrive (it usually takes one to three days for seventy students to arrive). The teacher is a 20-something-year-old guy. You can read any book on earth digger and give the course yourself. The teachers do not get good wages and they mainly count on the commission (which I will explain later).
The food in the school was unspeakable. They claimed that living expenses were 7 yuan per day. Well, you can do it if you only eat steamed buns. If you want a dish of vegetables, it is 3 yuan; rice is 1.5 yuan per bowl. While 4.5 yuan is not expensive for a meal, this food is disgusting and I often spotted flies in the food. I wanted meat sometimes, so I ordered an 8 yuan braised pork dish. Well, the pork meat still had black hair and it smelled as if it was rotting in the summer heat. The school's supermarket was very expensive. They charged 1 yuan for ice cream that sells for 0.50 yuan outside. I spend 2,000 yuan or so in living expenses during my two months. This was not because I was not frugal, but that was how much it costs. You cannot buy from the outside because the school campus is completely sealed -- they don't want you to spend money outside.
After a few days of theory class, the teachers told us that the XXX company is hiring earth digger/forklift/steamroller operators to build the Burmese expressway. The construction period would last three years and eight months paying between 380,000 yuan and 450,000 yuan. They were only looking for people with multiple skills (that is, who can operate two or more types of machines). This implied that we must learn another specialty. Two skills earned 380,000 yuan, three skills earned 450,000 yuan. They told us that most of our parents have had hard lives trying to farm the land, and this was the chance to repay them. This touched many of the students from the rural area and more than half of them signed up for more specialties. I signed up for three skills, adding forklift/steamroller at 4,660 yuan. (Once again, I did not get a receipt. I got a student ID several days later which stated that I was learning for free!)
Then we went to the practice base. We learned from students already there that they were also conned to sign up for multiple specialties. The reality was that while they promised to assign you to jobs, they will actually just tell you to go home and wait for someone to contact you. So you go home and wait ...
The theory class should have been 10 days. But it took 18 days to complete. For the 9 hours of class per day, 5 was spent on bullshitting (including dirty jokes). We figured that the actual course material only took four days or so to complete. They only wanted you to drag it out as long as possible. An extra day of practice would have cost them more gasoline!
After 18 days of theory, we went to the practice base in north campus. Conditions were even worse. We lived in a work shed with 48 students in the same space. The roof leaked when it rained. We only got to operate the machine 30 minutes per day. After practice, we had to work in school (such as tending to the cows, sheep, chickens and ducks). We had to take turns to act as nightwatchmen to look out for thieves at night. If we fall asleep on duty, the instructors beat us or ban us from machine practice. Because the instructors can expel us from school, we made sure not to offend them.
In order to go to the practice base, we have to pay for 500 yuan for a practice permit. I paid 1,000 yuan to practice earth digger and forklift.
Although we were told that school would last two months, we graduated in 55 days. When we graduated, we did not get jobs assigned.
If you want a job, nobody will hire you if you don't have experience (unless, of course, you have connections).
I looked for five days in Jinan. I could not even get an apprentice position.
I was desperate. I had spent 13,000 yuan in tuition and expenses. My family does not have any connections to get me a job. I don't want to go home and be idle. So I am going to look for some other kind of work in the interim. All my schooling was a waste.
I want to tell anyone with ideas of going to the Lanxing Vocational School not to bother. Frankly, you can spend a few thousand yuan to get a veteran worker to teach you for a few months and get you a place afterwards. Construction work requires experience. Nobody will hire you if you don't have experience ...
(Hong Kong Commercial Radio 881093.com) February 20, 2010.
The Shandong Lanxiang Senior Vestibule School denied that they hacked Google and other American companies. The school's party secretary Li Zixiang was interviewed by Xinhua and said that they found not signs that the school staff did anything like that. Meanwhile the students are away for the Spring Festival vacation. He emphasized that the school does not have a cooperative relationship with the military, they have no military background and they do not have a Ukrainian professor teaching computer classes. He emphasized that they have never hired any foreign teachers. He criticized the New York Times report for being completely unfounded. The New York Times must produce the evidence to show that it is true.
The school said that the school was founded in 1984 and has taken in 20,000 students who learned cooking, automobile maintenance/repair, hairdressing and other skills. In their computer classes, they only teach basic courses such as 3D drawing and document handling and they do not teach software engineering. Since 2006, 38 students have joined the military on the basis of their skills in automobile maintenance/repair, cooking, welding and other things. It is normal for certain people in a certain age group to want to join the military.
Here are the course descriptions for the computer science track at the Lanxiang Vocational School (via hb0724.com, November 22, 2009):
Basic computer class: Two months; 2,700 yuan tuition fee. Learning basic computer knowledge, the five-stroke character input method, word processing software MS Word, electronic spreadsheet software MS Excel, presentation production software PowerPoint.
Computer art design class: Seven months, 8,080 yuan tuition fee. Learning basic computer skills, factors in two-dimensional images (such as shapes, letters, color, etc), two-dimensional image composition rules and aesthetics, two-dimensional design software (PhotoShop, CorelDraw, PageMaker), indoor/outdoor design styles and procedures, three-dimensional design software (3DS, AutoCAD, Lightscape).
Computer network class: Six months, 7,880 yuan tuition fee. Learning basic computer knowledge, computer network basic knowledge, Internet network usage, local area networks, network engineering, network security techniques, network management, computer equipment principles and characteristics, equipment installation, commonly found peripheral equipment principles and usage, image handling software (PhotoShop), website building software (Dreamweaver, Flash, Fireworks).
Comment: As a former student, I sincerely want to say: Don't be stupid (there are too many frank words that I cannot write out!!!!)
(Hoop China) Netizen comments on New York Times article. February 19, 2010.
- This is so awesome!
- This must be a joke?
[Actor Tang Guoqiang is the spokesperson for Lanxiang Vocational School. He has portrayed Mao Zedong during his career.]
So Tang Guoqiang heads the Chinese secret agents ...- I saw Grand Emperor Tang many times during the Spring Festival vacation ... I grew up watching these ads ...!
- The Shandong Lanxiang Vocational School. What a familiar sounding name! "Which is the best school to learn to operate an earth digger? Go to Lanxiang in Shandong." But I never imagined that they are also awesome in computer technology.
- Watch your mouth! You must not give out too many details.
- Uh oh, I have learned too much, and that is very dangerous.
- Be careful, because the Internet police can cross provincial borders to make arrests ...
- Oh, that was the reason why the school principal refused to accept me when I tried to register ...
- Isn't this school just a diploma mill? Does it really have such a deep background?
- No wonder the place does not require tuition payment (and they even reimburse travel expenses).
- This is a commercial advertisement.
- An advertisement ... hype ...
- Someone must have paid for the New York Times to run a commercial for them ...
- Lanxiang must have paid the newspaper to write such a paid advertorial.
(The Guardian) Google attacks 'traced to Chinese schools' By Bobbie Johnson and Tania Branigan. February 19, 2010.
A spate of internet attacks that hit Google and other companies have been traced to two schools in China, according to reports ¡V but Chinese sources have responded by denying knowledge of the strikes.
According to the New York Times, security experts investigating a string of hacking attacks on American companies have linked them to origins in mainland China.
The story, which quoted anonymous sources close to the investigation, said that the so-called Project Aurora attacks appeared to originate from Shanghai Jiaotong University and the Lanxiang Vocational School in Shandong province.
Jiaotong is well regarded as a centre for computer studies, and has an extensive information security programme that boasts its "high-level talent" and has links to military research projects.
Lanxiang, around 250 miles south of Beijing, is a prominent school that has developed some reputation for developing computer skills.
The report suggested that intelligence agents working on the case had linked the strikes to a specific class taught at Lanxiang.
While the Chinese authorities have not commented on the report, a female member of staff from Lanxiang told the Guardian that the school was not aware of the attacks on Google.
"We did not know Google was hacked before the New York Times contacted us ¡V when they called, we told them we know nothing but they still made the story up," she said. "Our students are middle school graduates, and we train them to use software like Photoshop. If our students are so skilled they can hack Google, then what are they here for?"
She also urged caution against drawing the conclusion that Chinese schools were training hackers to attack American targets.
"I hope the media can be cautious about this report," she said. "We don't want to worsen US-China relations or draw national attention."
Google, which has continued investigating the source of the attacks since going public, did not respond to a request for comment.
It has been more than a month since the internet company revealed that it had been targeted in a series of strikes aimed at uncovering personal details of Chinese dissidents and stealing elements of its software.
At the time the company threatened to stop censoring its Chinese search engine in protest at the attacks, which it called "highly sophisticated".
"This information goes to the heart of a much bigger global debate about freedom of speech," said the company at the time. "These attacks and the surveillance they have uncovered have led us to conclude that we should review the feasibility of our business operations in China."
The company has not yet acted on its threat to stop censoring its search results ¡V a move which would be likely to result in its expulsion from the country ¡V but has drawn support from the US government.
Google and a number other companies hit by the Aurora attacks have been investigating its origins, and have linked up with America's National Security Agency as they attempt to pinpoint the culprits.
(Wall Street Journal) Google Probe Studies Role of China Schools By Jessica A. Vascellaro and Ben Worthen. February 20, 2010.
As investigators study whether Chinese schools played a role in attacks on Google and other U.S. companies, they may face a new challenge: the need for cooperation in China.
The attacks, which came to light in January, affected Google and more than 20 other U.S. companies. In the latest development, investigators have been examining links between the attacks and computers at educational institutions in that country, according to people briefed on the matter.
Spokespeople for the two institutions -- Shanghai Jiaotong University and Lanxiang Vocational School ¡V denied the allegations, according to a report filed Saturday by the state-run Xinhua news agency.
Several people familiar with the probe caution that the origins of the highly sophisticated series of attacks are still unknown and that investigators are still pursuing a number of theories. Even if computers at the schools were involved, security professionals point out, they may have been used as intermediaries for attacks that began elsewhere.
But there is a growing consensus that it will be difficult, if not impossible to confirm the involvement of the schools or track the attackers further through that connection without the cooperation of institutions in China¡Xand thus the Chinese government. Security experts doubt authorities there would compel a university to turn over information.
In order to determine whether computers at the universities were used in the attack¡Xin addition to who used the computers, and whether they were accessed by a hacker located somewhere else¡Xinvestigators would need to analyze computer logs and traffic on the schools' data networks, security experts say.
"It's going to be really hard to get the Chinese to give you a full honest report," says Robert Rodriguez, a former Secret Service agent who now heads the Security Innovation Network, which aims to improve collaboration between the public and private sectors on security issues. Even if China does cooperate "we are not going to have the opportunity to verify" the information, he says.
Without cooperation from Chinese officials, U.S. intelligence agencies would only be able to use clandestine means to learn more. And even these methods could come up short. "It's not like you can fly the U2s over Cuba and say here are the pictures of the missiles," says Daniel Castro, an analyst with the Information Technology and Innovation Foundation, a Washington, D.C., think tank.
Law enforcement and intelligence officials are investigating links between the attacks and China's Shanghai Jiaotong University and the Lanxiang Vocational School, according to a person familiar with the investigation. The development was reported earlier by the New York Times.
Chinese authorities have denied involvement in the attacks. An email to the Chinese Embassy in Washington D.C. was not returned.
The attacks¡Xand the mystery around them¡Xhave created a political tempest. While disclosing the attack, Google said it would stop censoring its search results in the country in response. But first, the company said it wanted to discuss the matter with Chinese authorities on the off chance that they would be allowed to operate an unfiltered search engine, which would violate Chinese law.
Those discussions have been moving slowly, according to people familiar with the matter, but Google executives have repeatedly stressed that they are hopeful that they will be able to keep some operations in China.
The investigation has been underway since December, when Google first noticed that its computer systems had been compromised. The company said it had traced the attack back to China but didn't elaborate. The company has been working with law enforcement agencies and the National Security Agency.
In the first phase of the probe, investigators found electronic evidence tracing the attacks to servers in Taiwan, according to people familiar with the matter. But following the trail beyond that has proved tricky, in part because some of the servers believed to be used in the attacks are no longer active, according to these people.
(Washington Post) Diverse group of Chinese hackers wrote code in attacks on Google, U.S. companies By Ellen Nakashima. February 20, 2010.
Some of the computer codes used in the recent attacks on the networks of Google and dozens of other major U.S. companies were developed by a diverse group of Chinese hackers, including security professionals, consultants and temporary contractors, according to an industry source.
The series of attacks, disclosed Jan. 12 by Google, were routed in part through servers at technical schools in China, a commonly used tactic that allows hackers to obfuscate their identity, said the source, who is familiar with the investigation into the security breaches.
The source said that some of the contractors involved in the attack were based at Chinese and U.S. tech companies in China. He and another industry source said other servers in China were also used.
The two schools whose servers were used are Shanghai Jiaotong University, a prestigious institution in China akin to Caltech, and Lanxiang Vocational School, both of which have links to the top ranks of information security specialists in China, said one of the sources. Neither source was authorized to speak on the record. The connection to the schools was first reported Thursday night on the New York Times Web site.
It is not clear who ordered or coordinated the attacks. The Chinese government has denied involvement.
The developers of the code, who took advantage of a vulnerability in systems using Internet Explorer 6, include students who "hack for prestige," said one source, whose firm is among several investigating the attacks. He said investigators have narrowed the list of hackers to about six individuals but declined to divulge their names.
The code developers did not execute the attack or "nose around" in the networks of Google or other companies, he said. "They're out in the open with it, passing the code back and forth to one another on open source hacker forums," in some cases with their "hacker handles" attached, he said.
None of the handful of code developers involved in the Internet Explorer part of the attack -- there could be other code developers involved -- is a graduate of the two Chinese schools, though they have links to them through people they are working with, the source said.
Jiatong University has a long history of cooperation with Chinese information security companies. It receives funding from the Chinese Ministry of Science and Technology, under a national program known as 863, to train information security experts and advance China's leadership in the field. Professors include government public security officials.
Lanxiang Vocational helped create what has become known as China's "Great Firewall," which filters Internet information in the country. According to the school's Web site, it established a military department in 2006 to train "high quality technology officers." Many of those students have gone on to form "the important technology backbone" of the People's Liberation Army, the site said.
Computer servers at universities and businesses have been used before by hackers in China to route attacks, often without the institutions' knowledge, said James C. Mulvenon, a China cyber expert and a director at the Center for Intelligence Research and Analysis in Washington. He said several think tank networks were penetrated last spring in attacks in which hackers used servers housed at Lanxiang Vocational. Although he did not know whether those hackers were part of the same wave of attacks that hit Google, he said, "it would be a remarkable coincidence . . . to be attacked by the same obscure vocational school in Jinan in China."
The decentralized nature of the attack helps explain why it's so difficult to determine who ordered it and why.
Despite China's denial, the government there is believed to have used a series of proxies in the past to carry out different aspects of cyberattacks. Russia has used similar tactics, experts say.
"You will not necessarily find a card-carrying Chinese government or military person doing the activity," Mulvenon said. "They're much more comfortable casting a wider net in terms of people to help them, in sharp contrast to our system. We don't just let random strangers do this stuff."
Rob Lee, a director at the Northern Virginia cyber forensics company Mandiant, said hackers in China routinely direct their attacks through a series of constantly changing Internet protocol addresses. They do that "to maintain a foothold on targets' networks but also to try to bury where they're coming from," he said.
(Qilu Evening News) February 21, 2010.
Since February 19, the office of the president of the Shandong Lanxiang Vocational School has been getting telephone calls from foreign media. Suddenly, this vocational school which usually draws zero media attention has become a hot spot.
These media were basically all trying to confirm one thing: On February 18, the New York Times (USA) claimed that Lanxiang Vocational School and Jiatong University (Shanghai) launched network attacks against Google and other American companies -- is this true or not?
...
On the afternoon of February 20, our reporter went to the Lanxiang Vocational School.
The school's Office Director Mr. Zhou did not meet with our reporter. He only said over the telephone: "These reports are nonsense fabrications. Several days ago, a Chinese-speaking woman called up under the pretext of asking questions about student enrollment. She did not identify herself. We teach mainly motor vehicle maintenance/repair, and some of those students eventually joined the military to maintain/repair vehicles. It is also said that there is a Ukrainian professor teaching here. That is preposterous. Our school does not have any foreign teachers. We are not licensed to hire foreign teachers. Besides, we did not decline to answer the question about whether there was a Ukrainian teacher here -- she simply never asked."
The school's chairman Rong Lanxiang said: "British and French media also published that fake report. Many foreign reporters called about this matter. They are making this up. We have students who go into the military as allowed by the military recruitment policy. It is an open process to recruit local talents to join the military. What is there to it? Our computer room has more than 2,000 machines. But it has nothing to do with Baidu. They even said that we have a military background. That is laughable."
The reporter also tried to find leads among students. On the afternoon of February 20, our reporter found a student association cadre outside the Lanxiang Vocational School campus. He said that he had not read the New York Times report, but he is familiar with the rumor from the Internet.
He said: "In our computer classes, we learn very simple computer skills. We learn basic applied skills such as how to make pictures. Where do we get hacker skills? Some students may have attended a few days of computer school somewhere and then go to boast at Baidu that they are hackers. It is not true that the school is training hackers."
The Zhejiang School of Media's Shandong alumni association president He Lin told our reporter that while the western media claimed to stand for fairness and objectivity in news reporting as well as freedom of speech, they have frequently violated journalistic ethics and professional codes because of pre-established ideology and influence from special interest groups. In the history of the New York Times, there have been many scandals. During the Iraq war, the New York Times ran into a confidence crisis when its reporter Jason Blair made up and plagiarized news at will.
"In the present case, the story of the Lanxiang Vocational School attacking Google is very clearly flawed both in terms of journalistic practice and professional conduct. They committed the old sin of establishing the theme first and then sieving for supporting evidence afterwards. Chinese reporters who know the situations in China as well as the Lanxiang Vocational School would not have written such an amusing fake news story."
The Beijing Youth Daily reporter saw that the New York Times article was credited to John Markoff and David Barboza, with the additional note at the back: Bao Beibei and Chen Xiaoduan also contributed to this article from Shanghai.
The Beijing Youth Daily reporter called up the Shanghai bureau of the New York Times. A worker there said that the Shanghai-based correspondent David Barboza was out of the office. "He said everything there is to say in that article. As to why the details of the investigation were not published, it may be out of consideration to protect the news sources."
When the New York Times article appeared, it became the target of teasing by netizens. A netizen twisted the television commercial slogans used by Lanxiang Vocational School from "Want to learn to operate an earth extractor? Come to Lanxiang" to "Want to become a hacker? Come to Lanxiang," and also "Which is the best place to learn to operate an earth extractor? Come to Lanxiang in Shandong, China" to "Which is the best place to learn to become a hacker? Come to Lanxiang in Shandong, China."
From these comments, it can be seen that many netizens are skeptical about this New York Times report: it was just incredible that a vocational school could launch a hacker attack with military background.
The Lanxiang Vocational School's hotline for student recruitment is overwhelmed with calls. The teacher answering the phone said: "If you have any questions, please go and ask the New York Times. We are only responsible for recruiting students here. We really don't know anything."
As to the allegation that "the Internet attack on Google is related to the Lanxiang Vocational School" and "the Internet service provider for the Lanxiang Vocational School is intimately tied with Baidu," our reporter interviewed the Baidu representative in Shandong province. He said that there is zero chance of Baidu manipulating Lanxiang Vocational School to attack Google.
This representative said that the New York Times is insinuating that the black hand behind the attack on Google was Baidu. He said: "Everybody knows that Google and Baidu are competitive opponents. When Google is attacked, everybody can easily imagine that it must be Baidu. The report stated clearly that the Internet service provider for the Lanxiang Vocational School is intimately connected to Baidu. The intent is very clear."
This worker said that even if there is a cooperative relationship, the scope of that cooperation is only limited to Badiu running advertisements for Lanxiang Vocational School to recruit students over the Internet.
This worker also said that if "Lanxiang Vocational School" is searched on Google, the detailed information of that school is still available. "Lanxiang Vocational School can also be a partner of Google. If so, then how can partners be attacking each other? This does not make sense." This worker concluded that the American media reports were logically flawed.
Our reporter tried to reach the Google China headquarters. A tape-recorded message said that they are still on vacation. Previously, the Google China leader had said during an interview that they will not make any further comments on the matter.
(Global Times) Hacking claim entices potential students By Lin Meilan. February 22, 2010.
A small vocational school in East China's Shandong Province has suddenly become a hot attraction after it was accused of taking part in the cyber attack against Google. The telephone in the recruitment office at the school, Lanxiang, has been ringing nonstop shortly after the New York Times reported that the school, along with Shanghai Jiaotong University, renowned for its computer science programs, were behind the hacking of Google and other firms. "We have been receiving phone calls from all over the country, asking about our computer science programs, which is one of the most popular pro-grams in our school," a recruitment teacher at Lanxiang, who declined to be named, told the Global Times Sunday. Google said last month it was prepared to leave China over the attacks, asserting that the sophisticated cyber attacks were aimed at their source codes and Gmail accounts. Many people are interested in a computer-programming certificate from the school, which was founded in 1984 and has about 20,000 students who study cooking, automotive repair and computer science.
The New York Times report said the school's computer network is operated by a company with close ties to Baidu, the dominant search engine in China that is also a competitor of Google.
Many Internet users were talking about the schools in online forums. Some discussion threads attracted thousands of clicks and responses. Some Internet users said the US newspaper did an "international advertisement" for the school. "Wanna be a hacker and hack Google? Go to Lanxiang!" an Internet user said on mop. com. "The report is better than any local advertisements the school has ever done. It is a popular American paper after all," another Internet user said. Some expected the school's graduates to have a better chance at finding a job in the shrinking employment market.
The recruitment teacher said students of all ages could apply to the school. "There is no limitation of age and education background, and there is no deadline for our recruitment. Students are welcomed to join the class any time they want," the teacher said.
(Tianya Forum) February 21, 2010.
Recently, Lanxiang hacked Google and came to the attention of the US National Security Administration. When the hack was exposed by the New York Times, Lanxiang suddenly became famous. Actually, I am not surprised at all. As a Lanxiang worker, I know many things. For reasons of national security, I cannot tell all. But I will tell you the following.
1. Lanxiang is not as simple as in the television ads that you have seen.
2. Lanxiang does have a military background. The five schools Lanxiang, Tsinghua University, Harbin Institute of Technology, National University of Defense Technology and Shanghai Jiatong University are involved in a major national defense project whose purpose must be kept secret. Not just any institute was allowed to participate. Tsinghua has the means, Harbin Institute of Technology is the big brother of national defense technology and engineering, National University of Defense Technlogy is the big brother of military schools and Lanxiang provides the secret base.
Shanghai Jiatong originally did not qualify. However, it was able to join through the efforts of an alumnus (you don't need to ask who!). We are mainly responsible for electronic interference and Internet warfare research. I cannot go into too much detail. Peking University and the Beijing Institute of Technology applied to join but they were turned down.
3. Lanxiang has eight specialty areas.
Numerical control is actually robotics.
Cuisine is actually the manufacturing of chemical weapons and defensive measures.
Automobile repair is actually manufacturing robots and heavy war machines.
Excavation machines are actually advanced robotics.
Cosmetology is actually disguise and tactical deception.
Welding is actually design of laser-based and high-energy particle weapons.
Wireless is actually electromagnetic monitoring and early warning systems.
Computers ... no explanations are necessary.4. Although Lanxiang is good in computers, it is not necessary what it is best at. The four best disciplines at Lanxiang are numerical control, automobile repair, excavation and welding. Computers are ranked somewhere between fifth and seventh, but Lanxiang is already unmatched in all of China. By the way, we invented the Galaxy computer. However, due to the need to maintain secrecy, we gave it to the National University of Defense Technology.
5. According to what I know, the best tank in China was secretly developed by the automobile repair department. Due to national secrecy considerations, credit was given to other universities instead. The welders work mainly on welding satellites and rockets, but they are not as good as Harbin Institute of Technology. For this reason, the leaders are very upset. Therefore, the teachers in the Welding Department are under a lot of pressure. Last year two of them quit, one to become a professor at the Imperial College, London and the other went to Taiwan. The government tried to stop them. One general exclaimed that the person leaving for Taiwan was equivalent to five army divisions. However, the action was unsuccessful due to interference by the CIA.
6. The government had considered letting Lanxiang join the 985 project, but the Central Military Commission vetoed it because the best instruments of the state should not be revealed. In Lanxiang, many teachers did not agree either, because it would be a major dishonor for a secret and excellent institute such as Lanxiang to be listed along the side of second-rate institutions such as Hunan University, Chongqing University, Huanan Institute of Technology and so on.
7. The current "Hacker Gate" was a surprise, because it came as a result of a romantic quarrel between a teacher and a student (who was a graduate student named Ying from the Northwestern Institute of Technology and has been here for two years) fell in love with the same female student. The teacher threatened to fail the student. The student begged for mercy. The teacher said that he would pass the student provided he hacked Google. The result was ...
8. In China, many things cannot be revealed to the outside because of national security issues.
9. I can only say this much, because I would be invited to have tea if I say more.
10. Our slogan to the outside world is: A cook who does not want to be a hacker is not a good chauffeur.
11. Recently, we have seen the slogan: "Shanghai Jiatong rules in the south, Lanxiang rules in the north." Many of my colleagues felt deeply insulted because these two schools are not in the same class. Lanxiang may occasionally take a glance at Cambridge University, Oxford University, Harvard University, Yale University, can't think of what other university? ... So when someone said "Shanghai Jiatong rules in the south, Lanxiang rules in the north," our instruction director was crying bitterly: "Forget it, forget it, who asked us to assume the disguise of a vocational school? ..."
WARNING: To eliminate any misunderstanding, this is SARCASM.
(Irish Times) Chinese colleges deny Google hacking By Clifford Coonan. February 22, 2010.
Two educational establishments in China have dismissed allegations that hacking attacks on Google and other firms originated from them, and said they were shocked at the accusations.
Last month, Google announced that it had faced a ¡§highly sophisticated and targeted attack¡¨ in mid-December. The search engine giant said the attacks, which also affected 30 other companies, came from inside China and were focused on the e-mail accounts of rights activists and dissidents.
Incensed by the incidents, Google said it was considering pulling out of China over the attacks, as well as because of Beijing government policies to restrict internet freedom.
The attacks were reported last week by the New York Times to have originated from servers at Shanghai¡¦s Jiaotong University and Lanxiang Vocational School in the eastern province of Shandong.
¡§We were shocked and indignant to hear these baseless allegations, which may harm the university¡¦s reputation,¡¨ a Jiaotong spokesperson told the Xinhua news agency.
The spokesperson told Xinhua that the university would fully co-operate with investigators if Google seeks judicial remedies.
The Communist Party chief at Lanxiang, Li Zixiang, denied the report, saying: ¡§Investigation in the staff found no trace that the attacks originated from our school.¡¨ He said the school had no relations with the military. The New York Times report said Lanxiang had strong ties to the army.
Lanxiang has about 20,000 students learning vocational skills such as cooking, auto repair and hairdressing, Xinhua reported. It has basic courses in computer skills such as Photoshop, 3D drawing and Word, but does not teach software engineering.
China has repeatedly denied any involvement in internet attacks, saying it is opposed to hacking and has a consistent policy aimed at stopping cyber-attacks taking place.
Maj Gen Luo Yuan, who is with the Academy of Military Sciences, told the China Daily : ¡§China has on many occasions reiterated that it opposes hackings, of any form and such activities are strictly prohibited by law. Its military would not go against the rules.¡¨ Beijing also defends its censorship of the internet, saying that it is aimed at cracking down on pornography and ¡§helping young people¡¨.
Chinese universities have strong military aspects. All university students take a month of compulsory military training, but the military has only recently started to woo graduates in a major way as the government tries to revolutionise the armed forces to keep in step with western armies.
¡§It was not until 2006 that our graduates began to join the army. So far, 38 students have been recruited by the military for their talent in auto repair, cooking and electric welding,¡¨ said Zhou Hui, director of Lanxiang school¡¦s general office. He disputed claims in the New York Times article, which cited anonymous officials from the US National Security Agency, that there was a link to a computer science class taught at the school by a Ukrainian professor.
(The Inquirer) Google was bought down by Chinese hairdressers By Nick Farrell. February 22, 2010.
The western press appears to be desperate to back up Google's claim that it was hacked by the Chinese government in a Communist plot. The fairly minor hack was blown up out of all proportion with Google threatening to leave China if the country does not stop spying on it.
However last week the New York Times reported that "unnamed security sources" had tracked the attacks to two Chinese schools, the Shanghai Jiaotong University and the Lanxiang Vocational School. Not deterred with the fact that the attack was not traced to a government department in Beijing, the newspaper claimed that the schools had Chinese military backing and trained computer scientists. It talked about a mysterious Ukrainian professor who provided tips on how to bring down the West using the latest hacking techniques.
Such a Russian and Chinese alliance is exactly the line that is being peddled to the US administration by the country's defence contractors. It was touted publicly at the recent cyber warfare exercise sponsored by the US defence industry promoting why it should get more cash to defend the country from cyber attacks.
However, according to the AFP, it seems that the New York Times did not actually check out the so called spy school and relied on its security industry sources for its colourful descriptions.
The Lanxiang Vocational School was founded in 1984 and has about 20,000 students. Rather than having been founded by the military as a computer spy school, its main focus has been on vocational skills such as cooking, auto repair and hairdressing. There is a computer science course but it teaches students basic stuff like how to turn their computer on and print a document. It is not run by a mysterious Ukrainian either.
In its entire history the school has packed only 38 students off to the military and that was because they were pretty good at auto repair, cooking and electric welding. If the Google hack was done at this school then it means that the search engine outfit was not bought down by a crafty Chinese spy, but by a cook, a welder or a hairdresser. It does not say much for Western security, or the US newspaper of record.
(Wall Street Journal) Hacking Probe Elevates Lanxiang School Aaron Back and James T. Areddy February 22, 2010.
One Chinese school under investigation for alleged links to last year¡¦s cyberattacks on Google and other companies has already reaped some benefit from the controversy: a surge of applicant interest in China.
The Global Times, an English-language daily known for its nationalist tone, reported on Sunday that Lanxiang Vocational School in eastern Shandong Province has been flooded with calls from potential applicants since reports surfaced that it was linked to the cyberattacks.
¡§We have been receiving phone calls from all over the country, asking about our computer-science programs, which is one of the most popular programs in our school,¡¨ the paper quoted an unnamed professor at the school as saying.
U.S. law enforcement and intelligence officials are investigating links between the attacks and two Chinese schools: Lanxiang and Shanghai Jiaotong University, according to a person familiar with the investigation. The development was initially reported by the New York Times . Google cited the attacks in its threat to halt operations in China last month.
For Lanxiang, it might not be a disadvantage to be lumped together with Jiaotong, one of China¡¦s most prestigious universities with a well-regarded computer technology department. This month, the university took first place in a global programming contest run by Baylor University and sponsored by IBM called International Collegiate Programming Contest, which was held in the northeastern Chinese city of Harbin. The top ranked U.S. universities in the contest were Carnegie Mellon, Cornell, Massachusetts Institute of Technology, Stanford, Maryland and Michigan. Moscow State University and National Taiwan University came in second and third respectively. (Full results here)
But Jiaotong has long been regarded a hacking center in China as well. In October 2007, the university issued a press release to highlight a talk by Peng Yinan, who was described as a hacker famous for attacking U.S. Web sites as well as being a contracted security agent with the Shanghai Public Security Bureau.
In an interview last month, Scott J. Henderson, a retired U.S. Army officer who speaks Chinese and has studied China¡¦s hacking community, highlighted that event at Jiaotong as an example of how blurry links can be in the country between state and non-state actors.
Meanwhile, Lanxiang was a little-known vocational school prior to last week¡¦s reports. According to a report by the official Xinhua news agency, besides computer science it also offers courses on cooking, auto repair and hairdressing.
A woman who answered the phone at Lanxiang¡¦s recruitment office declined to comment on any rise in the number of applicants to the school.
In the Xinhua report, Lanxiang strongly denied any link to the attacks. But that hasn¡¦t stopped some Chinese from thinking the school could be a ticket to an exciting life of online subterfuge. The Global Times quoted Chinese Internet users, who left enthusiastic messages on online message boards following the news. ¡§Wanna be a hacker and hack Google? Go to Lanxiang!¡¨ said one. ¡§The report is better than any local advertisements the school has ever done. It is a popular American paper after all,¡¨ said another.
(Guardian.co.uk) US links China to Google cyber attacks -- report. By Bobby Johnson. February 22, 2010.
Investigators are closing in on the source of internet attacks that hit a string of US companies, most notably Google.
Over the weekend, two Chinese schools linked to the attacks ¡V which hit dozens of companies in an attempt to steal private information and trade secrets ¡V denied their involvement. Reports last week suggested that the source of the strikes had been traced to Shanghai Jiaotong University and the Lanxiang School, a large vocational training centre in Jinan.
Today a report in the Financial Times suggests that US officials have tracked the individual they believe authored the computer code used, and have linked his work to Chinese officials.
The Chinese state news agency Xinhua reported that the two schools had nothing to do with the strikes, dubbed Operation Aurora by security experts. "We were shocked and indignant to hear these baseless allegations which may harm the university's reputation," Xinhua quoted a Jiaotong spokesman as saying.
The organisation added that the evidence said to link the school to the attacks centred on the hackers' internet protocol (IP) address, which can easily be forged. "The report of the New York Times was based simply on an IP address. Given the highly developed network technology today, such a report is neither objective nor balanced," the spokesman said.
Communist party officials at Lanxiang, which trains up to 20,000 students in trade skills, said the report was false and suggestions that the attacks were performed during a class taught by a Ukrainian professor were "unfounded".
"Investigation in the staff found no trace the attacks originated from our school," said Li Zixiang. "There is no Ukrainian teacher in the school and we have never employed any foreign staff."
China has expressed concerns about its own online vulnerability, and there are reports today that a senior Chinese army officer has called for a new national body to enforce internet controls, and for a reduction in the reliance on foreign technology.
Major General Huang Yongyin said China needed to match the defensive efforts of other major nations, arguing: "For national security, the internet has already become a new battlefield without gunpowder."
Writing in the latest issue of Chinese Cadres Tribune, a magazine published by the Communist party's influential Central Party School, he said: "Lawless elements and hostile forces at home and abroad have increasingly turned to the internet to engage in crime, disruption, infiltration, reactionary propaganda and other sabotage activities."
The internet attacks, first revealed in January but which have been taking place for some time, led Google to threaten that it would stop censoring its Chinese search engine, and have raised concerns about diplomatic relations between the US and China.
US officials have been working with representatives from the companies affected ¡V believed to include Adobe Systems, Yahoo and Northrop Grumman ¡V as well as experts from the National Security Agency, the US surveillance and codebreaking agency.
Early indications suggested the attacks may have been carried out under direction of authorities in Beijing. That possibility led the US secretary of state, Hillary Clinton, to request clarification from the Chinese government, which denied any involvement.
Dan Blum, principal analyst for the IT consultancy Burton Group, said the preponderance of evidence pointed to Chinese involvement. "Myself, and a lot of people, are well past 99% sure," he said. "Hillary Clinton, who spoke for the US in officially denouncing the attacks, would not do so lightly, and would probably agree with me."
(New York Times) Hacking Inquiry Puts China¡¦s Elite in New Light By David Barboza. February 22, 2010.
With its sterling reputation and its scientific bent, Shanghai Jiaotong University has the feel of an Ivy League institution.
The university has alliances with elite American ones like Duke and the University of Michigan. And it is so rich in science and engineering talent that Microsoft and Intel have moved into a research park directly adjacent to the school. But Jiaotong, whose sprawling campus here has more than 33,000 students, is facing an unpleasant question: is it a base for sophisticated computer hackers?
Investigators looking into Web attacks on Google and dozens of other American companies last year have traced the intrusions to computers at Jiaotong as well as an obscure vocational school in eastern China, according to people briefed on the case.
Security experts caution that it is hard to trace online attacks and that the digital footprints may be a ¡§false flag,¡¨ a kind of decoy intended to throw investigators off track.
But those with knowledge of the investigation say there are reliable clues that suggest the highly sophisticated attacks may have originated at Jiaotong and the more obscure campus, Lanxiang Vocational School in Shandong Province, an institution with ties to the Chinese military. Last weekend, the two schools strongly denied any knowledge of the attacks, which singled out corporate files and the e-mail accounts of human rights activists.
A spokesman for Jiaotong told local news outlets that school officials were ¡§shocked and indignant¡¨ to learn of the allegations. And a Lanxiang spokesman called the reports preposterous. But analysts say Jiaotong and Lanxiang are certain to come under close scrutiny.
Jiaotong is one of China¡¦s top universities, and one charged with helping transform this country into a science and technology powerhouse. The school has exchange programs with some of the world¡¦s leading universities. Early this year, Duke said that with the help of Jiaotong, it would build its own campus near Shanghai.
Michael J. Schoenfeld, a spokesman for Duke, said on Friday that the university was troubled by the allegations. ¡§We¡¦re going to have to explore that with Shanghai Jiaotong and understand the situation,¡¨ he said. ¡§It¡¦s a very complex situation.¡¨ One of Jiaotong¡¦s strongest departments is computer science, which has garnered support from some of America¡¦s biggest technology companies, including Cisco Systems. Microsoft has collaborated with Jiaotong on a laboratory for intelligent computing and intelligent systems at the university.
Two weeks ago, Jiaotong students won an international computer programming competition sponsored by I.B.M., known as the Battle of the Brains, beating out Stanford and other elite institutions. It was the third time in the last decade that Jiaotong students had taken the top prize.
Jiaotong is also home to the School of Information Security Engineering, which specializes in Internet security. The school¡¦s dean and chief professor have both worked on technology matters for the People¡¦s Liberation Army, according to the school¡¦s Web site. The school, which has received financing from a high-level government science and technology project, code-named 863, has also regularly invited world-famous hackers and Web security experts to lecture there.
The latest clues do not answer the question of who was behind the attacks. But it is likely to put added pressure on Beijing to investigate a case that has prompted Google to threaten to pull out of China.
Beijing has not announced an investigation, but Web security experts emphasize that the Chinese government would need to be involved to find the ultimate perpetrators of the attacks. ¡§The U.S. would not be able to trace this¡¨ back to the source, said O. Sami Saydjari, the founder of the Cyber Defense Agency, a private Web security firm based in Wisconsin. ¡§We cannot trace it beyond borders. We¡¦d need the cooperation of the Chinese.¡¨ Xiao Qiang, an expert on Chinese Internet censorship and control, says Jiaotong is studying not just Web security but also how to filter content that the government may deem unhealthy. ¡§Computer security may sound neutral, but in China, it also includes content, including content the government doesn¡¦t like and wants to get rid of,¡¨ he says.
Scott J. Henderson, the author of ¡§The Dark Visitor: Inside the World of Chinese Hackers,¡¨ said that in 2007, a prominent Chinese hacker with ties to China¡¦s Ministry of Security also lectured at Jiaotong. ¡§He gave a lecture called ¡¥Hacking in a Nutshell,¡¦ ¡¨ said Mr. Henderson, whose research was partly financed by the American military.
In a statement on Sunday, Microsoft said it could not comment on reports that some hacking had been traced to Jiaotong. But the statement also said: ¡§We condemn cyberattacks and industrial espionage no matter who is ultimately responsible. We hope officials will conduct a full investigation and cooperate fully with international authorities to get to the bottom of this situation.¡¨ Google and other companies that were victims of the attacks have declined to comment.
Investigators are also looking into whether some of the intrusions originated at Lanxiang Vocational School, in the city of Jinan. Lanxiang, which has 30,000 students studying trades like cosmetology and welding, was founded in 1984 by a former military officer on land donated by the military, according to Jinan¡¦s propaganda department.
On its Web site, the school records visits to the campus by military officers and boasts of sending ¡§a large batch of graduates to the army¡¨ and says ¡§those graduates become the backbone of the army.¡¨ Graduates of the school¡¦s computer science department are recruited by the local military garrison each year, according to the school¡¦s dean, Mr. Shao, who would give only his last name.
School officials also insist that Lanxiang students are not capable of sophisticated hacking. ¡§It¡¦s impossible for our students to hack Google and other U.S. companies,¡¨ Mr. Shao said in a telephone interview. ¡§They are just high school graduates and not at an advanced level.¡¨ Little information is publicly available about the school¡¦s computer science department. But the school says its computer laboratory is so enormous that it was once listed in the Guinness World Records book.
Bao Beibei and Chen Xiaoduan contributed research.
(China Daily) Stop the Google farce. February 23, 2010.
The controversy and issue surrounding the alleged cyber-attack on Google is becoming more absurd and fictionalized as analysts in the United States continue their attempts to prove the fallacy that the Chinese government is behind last month's hacking attacks.
Watching the Google farce unfold is akin to reading an awkward copy of Dan Brown's fiction Digital Fortress. The book succeeds in building a near flawless plot of government surveillance of digital information against the institution of civil liberties and ethics.
In the Google storyline, the US has successfully drawn global attention by placing all blame on China. But it has failed thus far to provide any concrete and indisputable evidence.
To further its allegations that computers in two Chinese education institutions were the culprits in the cyber-attacks, US analysts revealed in Monday's Financial Times that they have identified the author of the programming code. According to the newspaper, the discovery came after US analysts tracked the launch of the spyware to computers inside the two Chinese schools.
Such evidence can hardly hold water.
It does not take a computer scientist to know that cyber-attacks happen to many websites many times everyday and hackers could easily use modern techniques to remotely control a computer and launch attacks on a chosen target. This partly contributes to the headache of identifying hackers worldwide in recent years.
Even if the US evidence could be proven, the two Chinese schools are also victims of cyber-attacks.
Apparently, some in the US have turned a deaf ear to the Chinese government's repeated counterstatement to the accusation. Neither did they listen to Saturday's response from the two Chinese education institutions that have denied any involvement in the cyber-attacks.
This uncompromising attitude can only make people doubt whether the real intention behind all this is to ferret out the wrongdoers and restore order in cyber-world.
Instead, there is strong evidence that some in the US want the Google issue to snowball into a political issue.
If this is the case, it could only push the already flagging bilateral ties to plunge deeper into troubled waters.
Instead of making groundless accusations against a country that the US has vowed to build mutual trust with, it will be far more significant if the world's sole superpower could move to put an end to this Google farce and work together with China to bring the real perpetrators to law.
The China-US relationship has seen enough conflicts so far this year. Adding more fuel to the tension is in neither country's interests.
Washington needs to weigh the interests of a single company against its national interests in maintaining a sound relationship with the world's biggest developing country. It's a test for real statesmanship and only those with insight could pass with credit.
(Xinhua) Chinese vocational school bored of NYT Google hacking reports February 23, 2010.
A Chinese vocational school said Monday it has got bored with the repeated reports carried by the New York Times insisting that it was a source of the Google cyber attacks.
"The reports are too boring, simply unfounded and politically orientated," Li Zixiang, Party chief of the privately-run Lanxiang Vocational School (Lanxiang) in east China's Shandong Province, told Xinhua.
"We really do not want to read such reports again. If the reporter still has doubts, I invite him to come to our school to talk with us personally," he said.
The New York Times has filed two reports recently claiming the cyber attacks on Google and other American firms last year have been traced to Shanghai Jiaotong University (SJTU) and Lanxiang.
Google said last month that it might pull out of the Chinese market, citing it services had been hacked by sources originating in China and that it disagreed with some Chinese government policies.
In the latest report, the New York Times insisted that Lanxiang had ties with the Chinese military as it was founded on land donated by the army and had sent graduates to join the army.
"We had indeed used abandoned barracks for teaching venues when our school was founded in 1984, but the barracks were not a 'donation' because we must pay rent regularly for it," Li said. "We have already moved out of the old barracks and built our own new teaching buildings," he said.
Currently, Lanxiang has more than 20,000 students learning vocational skills such as cooking, auto repair and hairdressing.
"Like any other country, our school graduates can join the army if they so wish. But you cannot say a school has a military background just because some of its graduates are servicemen," Li said.
(China.org.cn) Of Google, hackers and hairdressing schools. By John Sexton. February 23, 2010.
The Western media are again ramping up attacks on China over the Google hacking incident. On February 18, the New York Times (NYT) named Shanghai Jiaotong University and Lanxiang Vocational School in Shandong as sources of last December's phishing attacks on Google, Adobe and other US companies.
How credible are the allegations?
While the NYT simply cited anonymous sources close to the investigation, a subsequent Guardian article identified them as from the US National Security Agency (NSA).
One would have thought that, having been led up the garden path on Iraq, journalists would no longer treat anonymous leaks from intelligence agents with such breathless credulity. But unfortunately the quest for an eye-catching headline often trumps doubts about a story.
In a February 21 follow-up article, the NYT cited Scott J. Henderson, author of a book on Chinese hackers, without informing readers that he is a former US military intelligence officer who was once stationed in Beijing, or that his book, Dark Visitor, is available free for download on the Internet.
Cooking and hairdressing
The suggestion that Lanxiang was a source of the Google attacks was greeted with widespread ridicule in China. One of many large, privately-owned vocational schools in China, it mainly offers courses in cooking, hairdressing and auto repair. Its computer classes cover basic word processing, spreadsheets and Photoshop. Like other schools in the sector, Lanxiang relies heavily on TV advertising to attract students but blog posts from former students complain of high fees, poor quality teaching and general chaos.
Keystone Cops
It is possible a secret hacker unit from Chinese intelligence is located in or using the school. But if so, it must count as the most bungling, Keystone Cops-style outfit in the history of spying.
Why wouldn't China put investigators off the scent by mounting the attacks from abroad? Surely Chinese intelligence could recruit one or two of the 200,000 students who leave China every year to study overseas. Or send an agent abroad for a week to hack Google and bring the results back on a memory stick. Are Chinese spies really dumb enough leave their digital fingerprints all over the Internet for the men in black to pick up?
During the whole Google affair overexcited journalists have been briefed on the one hand by anonymous spooks, and on the other, by computer consultants enjoying their day in the limelight, and for whom the publicity is gold dust.
Almost nobody is putting the issue in perspective by asking obvious questions such as: Was there a serious security breach? It seems not. How long have similar attacks been going on? The answer is probably for years. What were Google's motives in making this attack public? It will have done them no harm to polish up their "do no evil" image at a time when they are under fire from all sides on privacy issues. Who else is doing similar things? Almost certainly they include the intelligence services of every major power, as well as freelance hackers and "non-state actors".
But perhaps we are looking in the wrong direction. The real story may be America's cyber warfare buildup.
During his election campaign, Barack Obama said "As president, I'll make cyber security the top priority that it should be in the 21st century. I'll declare our cyber-infrastructure a strategic asset and appoint a national cyber adviser who will report directly to me."
US Cyber Strategy
In May 2009, the Pentagon created a new military command for cyberspace. The New York Times remarked that it revealed "preparations by the armed forces to conduct both offensive and defensive computer warfare."
In December 2009, as the attacks on Google were taking place, Obama appointed former Microsoft executive Howard Schmidt as Cyber-security Czar
A White House Cyberspace Policy Review published in June 2009 was peppered with references to public-private partnerships and will have made computer security firms salivate at the prospect of becoming fully-fledged members of the military-industrial complex.
In fact, another great source of bloodcurdling quotes on the Google affair has been computer security experts who have every interest in keeping the story alive.
The CEO of data encryption company PGP went so far as to compare Obama's cyber plans to President Eisenhower's order of the day on D-Day, calling it a "blueprint of what is required for us to achieve victory in this conflict," adding "as Ike [Eisenhower] said, we can accept nothing less than 'Victory!'"
Missile Gap
No-one should blame managers of security firms for taking the White House cyber strategy seriously. After all, there is serious money to be made. But journalists have a duty to be skeptical of government agents and those may profit from a story.
Fifty years ago, in his presidential campaign, John F Kennedy pointed to a "missile gap" between the Soviet Union and the US. President Eisenhower denied the Soviets had an advantage, but the Sputnik program had spooked the public and no-one believed him. By the time the missile gap was revealed as a myth it had played its political role.
2008 was not 1960. Obama's cyber strategy played a very small part in his campaign. But the Google hacking storm has come as a welcome diversion from domestic difficulties. The rest of us would all do well to remember that the balance of power in cyberspace remains heavily weighted in favor of America and that hysteria about Chinese hackers is overblown.
(Xinhua) Commentary: China cyber attacks against Google pure fabrication February 24, 2010.
The New York Times, the Wall Street Journal, Financial Times and some other newspapers have published articles indicating that cyber attacks targeting Google and several other U.S. companies were from China. Such allegations are arbitrary and biased.
These articles take as evidence that hackers' IP addresses could be traced back to two schools in China. However, it is common sense that hackers can attack by hijacking computers from anywhere in the world. This fact also explains why hackers are hard to be tracked down.
Computers in China are easy to be hijacked by hackers as internet security technology and services are still underdeveloped in China. The majority of Chinese internet users also lack security awareness and adequate protection measures.
The hackers' IP addresses could by no means vindicate the newspapers' allegations that the attacks were carried out by Chinese citizens or from within China.
Certain newspapers went even further by indicating that the Chinese government and the military might have supported those cyber attacks.
The New York Times says the Lanxiang vocational school in eastern Shandong province, one of the schools from which the cyber attacks were said to originate, has military support. Another school, the Shanghai Jiaotong University, "has received financing from a high-level government science and technology project."
The New York Times went to great lengths to mention that "graduates of the (Lanxiang) school's computer science department are recruited by the local military garrison each year."
The paper, however, did not care to tell its readers that a school in China does not need to have any special relationship with the military to have its graduates in uniform. It is also true in the United States, where the New York Times is based.
China's attitude toward cyber attacks has been unequivocal and has adopted laws against such crimes, as China is one of the countries that bear the brunt of cyber attacks. It is way far-fetched to say that cyber attacks -- even if they were to originate from China or were to be carried out by Chinese citizens -- would have the support of the Chinese government.
The U.S. government, on the other hand, takes a dubious attitude toward cyber attacks.
According to media reports, the U.S. Homeland Security and Defense departments have both openly recruited hackers.
People with a "blackhat perspective" and know how to "do threat modelling" are the best choices, said Philip Reitinger, Department of Homeland Security deputy undersecretary, at an information security conference last October.
Cyber crimes could cause immense losses for individuals, enterprises and nation-states. Effective supervision and closer international cooperation are ways to boost cyber security. Finger pointing is not.
(Xinhua) China denies government links to cyber attacks on Google February 24, 2010.
China on Tuesday denied government links to cyber attacks against the search giant Google, saying such accusations were "irresponsible and calculating."
"China resolutely opposes the groundless accusations from Google," China's Foreign Ministry spokesman Qin Gang said, referring to Google's statement last month that it might pull out of the Chinese market, citing it services had been hacked by sources originating in China.
Chinese laws prohibit cyber attacks and China's government does not tolerate cyber crime, and China welcomes international Internet companies to conduct businesses in China in line with the law, Qin told a regular new briefing.
"These firms have unblocked access to relevant Chinese government departments in terms of communication," said Qin, who stressed China's unchanged stance in promoting the development of the Internet.
"Foreign Internet enterprises, like foreign businesses of any other kind operating in China, shall abide by Chinese laws and respect its culture, "Qin said.
Qin also said recent accusations of two Chinese schools carrying out cyber attacks against Google did not hold water.
The New York Times has filed two reports recently claiming the cyber attacks on Google and other American firms last year have been traced to Shanghai Jiaotong University (SJTU) and Lanxiang Vocational School (Lanxiang) in east China's Shandong Province.
Both Lanxiang and SJTU said the report was unfounded, and denied being behind the cyber attacks on Google and other American companies.
(Global Times) 'Hacker school' unfairly portrayed in US media By Zhang Sheng. February 25, 2010.
Recent New York Times articles have stirred up the "Chinese hacker" issue again, which has not only peeved Chinese authorities, but also brought fame to Lanxiang, a little known vocational school in Shandong Province in one of the articles.
The paper admitted minor technical errors in the story on Wednesday by pointing out mistakes in "the scrutiny of two Chinese educational institutions to which researchers have traced online attacks on American companies." The correction said the report "misstated the location of Duke University's planned campus in China and the date that plans for that campus were announced." Both the location and time were mistaken: "The campus will be in Kunshan, near Shanghai, not in Shanghai itself, and the plans were announced on Jan 22, not 'last year.'" Yet there are more serious problems with the article than just these mistakes.
Microsoft rapidly responded that it couldn't make comments on reports that China's schools were tied to hacking. Duke, which runs a cooperation program with Shanghai Jiaotong University, also remained silent on the issue. Only the paper continued to investigate after the short apology. After quoting the two schools' negations, the paper exposed their ties with the Chinese military. However, such "exposure" couldn't verify that the two schools were potential sources of hackers.
But the paper's reporters clearly need to do more research, since the story is made up largely of background information drawn from secondary sources. The article mentions that "in 2007, a prominent Chinese hacker with ties to China's Ministry of Security" gave a lecture at Jiaotong. But this information was just drawn from another book, Hacking in a Nutshell.
Second, the paper seems not to have conducted proper interviews with Lanxiang. As expected, the article quoted "the School's dean Mr Shao," who said humbly that the education in his school was not advanced enough to cultivate the best hackers in the world. The article says that Shao "would give only his last name."
US media often quote "an insider" or "an official who wouldn't give his name" to verify an authoritative piece of information, and give "extra protection" of insiders who may encounter persecution. The New York Times' report on Lanxiang is a good advertisement for the little known school.
Why would Shao, director of the School's computer science department, need "protection" when clarifying matters to the paper? Reporters were obviously hiding their embarrassment at a lack of inside information.
The article "exposes" that Lanxiang has ties to the Chinese military. The vocational school "was founded in 1984 by a former military officer on land donated by the military," and sends "a large batch of graduates to the army," who then become the army's backbone. It's natural that foreign media doesn't understand China's actual situation.
Many students in China, after passing China's national college entrance examination, go directly to military schools. Why not pry on those well-known schools instead of a barely heard vocational school? Reporters should at least have heard of Bengbu Tank College in Anhui Province.
Since the Google incident, the hacker topic has triggered hot discussions. The US media seems fond of throwing out China topics on hearsay evidence. Now cyber attack and hackers have become one of their favorite topics.
Earlier there was a rumor saying that Chinese hackers had intruded into the Dalai Lama's office computer. Nevertheless, the Canadian security consulting firm which discovered the "major Chinese spying operation" was the Dalai Lama's security consultant.
The VOA once reported with certainty that a "GhostNet spy network" has been found in China, which threatened US security. Such exposure ended up with no conclusive evidence. The Google incident has now concluded in friendly reconciling, making some wonder whether Google hyped the "hacking" incident deliberately.
If the US media doesn't work harder to provide a full and proper background and sources for its stories on China, it will lose its credibility among global readers while Chinese media provides a fairer account.
The author is the chief editor of the Daily Newspaper Reading program on Phoenix TV.
(UPI Asia) Vocational school behind China's Google attacks? No way By Cong Cao February 26, 2010.
In a most bizarre development, the alleged online attacks on Google are said to have been launched from a vocational school in China. Anonymous security investigators traced the attacks to Google¡¦s computers located at the Lanxiang Vocational School in Shandong province, as well as the Shanghai Jiaotong University, according to a Feb. 18 article in the New York Times.
One cannot identify a cyber attacker by merely tracing an IP address, as the hacker can use a Trojan horse or other vicious technique to remotely control a computer and stage attacks on a specified target behind it. But anyone with the slightest knowledge of education in China cannot help laughing at these ignorant ¡§experts¡¨ and their theory, as well as the message carrier ¡V the New York Times.
Indeed, these allegations are way off the charts. It is true that Shanghai Jiaotong University is one of China¡¦s elite engineering schools and its computer science majors might be capable of the alleged activities. It is also true that the university maintains close ties with the Chinese military, especially in shipbuilding, which dates back to the early years of the People¡¦s Republic. The university has long been part of China¡¦s national defense establishment.
But at the low end of China¡¦s educational hierarchy, vocational schools mainly enroll students who barely finish their nine years of basic schooling. High school graduates in these schools, if any, usually have failed in the annual nationwide college entrance examinations. In other words, they are the most disadvantaged group among Chinese youth. Their faculty also is not sophisticated or highly educated. As a whole, the education in vocational schools is not comparable to that of community colleges in the United States.
Lanxiang Vocational School is best known, locally but not nationally, for its training in cooking, auto repair, hairdressing and welding. Although it claims to have the world¡¦s largest computer lab with the most computers, a ¡§Guinness World Record,¡¨ the school only offers classes in basic computer skills. It is likely that some of the students first touch computers at Lanxiang.
Therefore, it is beyond comprehension that the basic computer skills such students acquire at Lanxiang could enable them to hack into Google in such a leapfrogging way. If so, Google¡¦s computer system would have been very low quality and the hacking would have given it a wake-up call.
The fact that the school was built on a piece of land donated by the Chinese military does not necessarily mean that its computer classes have turned out hackers working for the military.
What has surprised me most is that the New York Times would have made such a careless mistake, which is unprofessional. The irony is not only that the coverage has made a virtually unknown Chinese vocational school world famous overnight. The newspaper has also crippled its reputation and the credibility of its coverage of China by rushing to report a sensational story without even suspecting the credibility of its sources.
No wonder some Chinese have asked rhetorically: ¡§Are you kidding that Google was attacked by a vocational school in China?¡¨
(Beijing Today) Hackers in hairdressing school? ¡V Google hacking report greeted with ridicule China March 2, 2010
One school under investigation for alleged links to last year¡¦s cyber attacks on Google and other US companies has already reaped some benefit from the controversy: a surge of applicants.
Local media reported that Lanxiang Vocational School in Shandong has been flooded with calls from potential applicants since reports surfaced that it was linked to the attacks. ¡§We have been receiving phone calls from all over the country, asking about our computer science program, which is one of the most popular programs in our school,¡¨ said a professor who requested anonymity.
US law enforcement and intelligence officials are investigating links between the cyber attacks and two Chinese schools: Lanxiang and Shanghai Jiaotong University, said a person familiar with the investigation. The development was initially reported by the New York Times. Google cited the attacks in its threat to halt operations in China last month. While Jiaotong is one of the country¡¦s most prestigious universities, Lanxiang was a little-known vocational school bfore it made headlines last week. Besides computer science, it also offers courses in cooking, auto repair and hairdressing, Xinhua News Agency reported.
Lanxiang has denied any link to the attacks.
¡§The report is sheer nonsense. Is it April Fools¡¦ Day?¡¨ netizen sdh13814021912 commented on the tianya.cn forum. ¡§A vocational school being used as camouflage for a military-sponsored hacker training cam. Am I reading a science fiction?¡¨ another netizen, azydn, said.
Many joked that the US report was giving Lanxiang free publicity, helping it to gain international fame. ¡§I believe more and more young Americans will soon come to study computer science in Lanxiang,¡¨ netizen Guchen Cangren said. ¡§Computer science majors should go to Lanxiang for their master¡¦s degree,¡¨ netizen Black said on renren.com¡¦s forum.
While netizens are making fun of the report, the unexpected spotlight has troubled the schools. ¡§We don¡¦t want such fame because the report is groundless,¡¨ Li Zixiang, party chief of Lanxiang saiBoth the vocational school and Jiaotong University said the New York Times report was unfounded, and denied being behind the cyber attacks on Google and other US companies. ¡§We computer students do not have to demonstrate our talent through hacking attacks,¡¨ said a student surnamed Xu at Jiaotong University¡¦s Department of Computer Science and Engineering. ¡§Hacking goes against the law, and we have been taught to abide by the law while gaining cyber knowledge and using the Internet,¡¨he said.
Expert: Newspaper report violates journalistic ethics
By Huang Daohen
While Western media claims to stand for fairness and objectivity in news reporting as well as freedom of speech, they have frequently violated journalistic ethics and professional codes of conduct, said Jia Lerong, a professor at the Communication University of China. Jia said Western media operate based on the ideology of interest groups. She said there have been many scandals in the history of the New York Times, including one related to the Iraq war, when the Times reporter Jayson Blair made up and plagiarized news. ¡§In the Lanxiang case, the story is very clearly flawed, both in terms of journalistic practice and professional conduct. They committed the old sin of establishing the theme first and then sieving for supporting evidence afterwards,¡¨ Jia said. Chinese reporters who are familiar with the local situation as well as the background of Lanxiang Vocational School would not have written such an amusing, fake news story, she said.
One of many large, privately-owned vocational schools in the country, Lanxiang mainly offers courses in cooking, hairdressing and auto repair, its website says. Its computer classes cover basic word processing, spreadsheets and Photoshop. Like other vocational schools, Lanxiang relies heavily on TV advertising to attract students. Jia said the Times report simply cited ¡§anonymous sources close to the investigation.¡¨ A subsequent Guardian article identified sources from the US National Security Agency (NSA). ¡§One would have thought that, having been led up the garden path on Iraq, journalists would no longer treat nonymous leaks from intelligence agents with such breathless credulity,¡¨ the professor said. ¡§But unfortunately, the quest for an eye-catching headline often trumps doubts about a story.
The New York Times article was credited to John Markoff and David Barboza, with additional reports from Bao Beibei and Chen Xiaoduan in Shanghai. A call made to the Shanghai bureau of the paper revealed that the Shanghai-based correspondent, Barboza, was out of the office. ¡§He said everything there is to say in that article,¡¨ an unidentified office staff said. ¡§As to why the details of the investigation were not published, it may be out of consideration to protect their sources.
(Reuters) Schools accused in Google hacking case ask "why us?" March 16, 2010.
On the surface, Lanxiang Vocational School in Jinan, capital of eastern Shandong province, would hardly appear to be the kind of place from which sophisticated attacks capable of sparking Google's threat to quit China could emanate.
Barricaded inside the strictly guarded campus, scruffy-looking students train to become everything from chefs to car mechanics. Many say they have never even heard of Google, preferring domestic search engine Baidu.
It therefore came as a surprise to many here when the New York Times reported last month that investigators believed there was evidence suggesting a link between it and the hacking attacks on Google and over 20 other firms.
Beijing has said it opposes hacking, and the school denied the report.
"We had a good laugh about it," said Mr Zhang, a teacher at Lanxiang who declined to give his full name. "They really put our school on a pedestal," Zhang said, emphasizing that Lanxiang was only a vocational school, not a university. "If the (students) had better prospects they won't be studying here."
Still, some current and former students said they would not be surprised if there was a link to the hacking.
"I think it is very possible. The focus of the IT curriculum is very much centered on that kind of stuff," said Shao, 28, a recent graduate who said he was "nearly driven mad" by eight months in Lanxiang's restrictive environment. "It's very controlled inside. You have to pay to charge your phone, you have to pay to use the Internet," he said.
The school's information technology program trains students "to gather information," said a teacher who declined to be named. But hacking in China is also akin to a patriotic hobby with numerous websites offering cheap courses to learn the basics.
WHY US?
The hacking attacks and Google's impatience with Beijing's insistence it censor search results triggered the firm's threat to pull out of China, which has come to a head with Beijing saying Google should obey Chinese rules even if it decides to retreat from the country.
The contrast between Lanxiang and Shanghai's prestigious Jiao tong University, which was also named in the Times report as being linked to the hacking attacks, illustrates not just China's economic and social diversity but the type of market Google could be giving up on should it quit the country.
Lanxiang's 20,000 students walk around the campus's five complexes, with gleaming facades but paint-chipped interiors, wearing chef hats or in army camouflage, under the close supervision of their teachers. Students are only allowed out of the compound on Sundays, all guests have to be registered and tours of the school are strictly guided.
By contrast, at one of Jiaotong's campuses in the old quarter of China's financial capital, future bankers and other professionals stroll around in fashionable clothes on the leafy, open campus.
China has the world's largest online community, with 384 million users at the end of last year. But many of them are more like the students at Lanxiang, struggling to find their niche in the competitive cities of China's heartland.
It is more in places like Jiao tong, which also denied any link to the hacking attacks, where Google stands to lose the most should it pull out of China -- among relatively well-to-do and internationally minded young people.
Even if Google stays, the entire episode of Google's threatening to quit the country and having their university accused will leave an impression on many of the students here. "There are plenty of students from other universities in China who have the capabilities to carry out the attack," said Wu, a smartly dressed 22-year-old male finance student. "Why us?"
(New York Times) F.B.I. to Investigate Gmail Attacks Said to Come From China John Markoff and David Barboza June 2, 2011.
Secretary of State Hillary Rodham Clinton said Thursday that the F.B.I. would investigate allegations by Google that China was the origin of clandestine attacks on its Gmail service.
Mrs. Clinton characterized the charges as ¡§very serious¡¨ and said that the Obama administration was disturbed by the charges of the attacks, aimed at stealing the passwords and monitoring the e-mail of several hundred people, including senior government officials in the United States, Chinese political activists, officials in several Asian countries, military personnel and journalists.
¡§We are obviously very concerned about Google¡¦s announcement,¡¨ Mrs. Clinton said. ¡§These allegations are very serious, we take them seriously, we¡¦re looking into them.¡¨
She referred reporters to Google for details, ¡§and to the F.B.I., which will be conducting the investigation.¡¨
It is the second time that Google has pointed to areas in China as the source of an Internet intrusion. Last year, Google said it had traced a sophisticated invasion of its computer systems to people based in China.
The accusation led to a rupture of the company¡¦s relationship with China and a decision by Google not to cooperate with China¡¦s censorship demands. As a result, Google decided to base its mainland Chinese search engine in Hong Kong. Its latest announcement is likely to further ratchet up the tension between the company and the Chinese authorities.
The Chinese Foreign Ministry said Thursday that the government had no involvement in any such attacks, declaring that it ¡§consistently opposes any criminal activities that damage the Internet and computer networks including hacking and cracks down on these activities according to law.¡¨
¡§Hacking is an international issue, and China is also a victim of hacking,¡¨ a Foreign Ministry spokesman said, according to an official transcript. ¡§The claim that China supports hacking is completely created out of nothing, and is out of ulterior motives.¡¨
A report by Xinhua, the state-run Chinese news agency, on the episode repeatedly questioned Google¡¦s credibility and past practices, saying that the company ¡§arbitrarily pointed its finger at China¡¨ with ¡§baseless complaints.¡¨
The Federal Bureau of Investigation confirmed that it would be reviewing the new allegations.
¡§We are aware of Google¡¦s announcement regarding attempts to obtain passwords and gain access to these accounts,¡¨ said Jenny Shearer, an FBI spokeswoman. ¡§We are working with Google to review this matter.¡¨
The more recent attacks were not as technically advanced, relying on a common technique known as phishing to trick users into handing over their passwords. But Google¡¦s announcement was unusual in that it put a spotlight on the scale, apparent origins and carefully selected targets of a coordinated campaign to hijack e-mail accounts.
Google said that once the intruders had logged into the accounts, they could change settings for mail forwarding so that copies of messages would be sent to another address. The company said it had ¡§disrupted¡¨ the efforts and had notified the victims as well as government agencies. Executives at Google declined to comment beyond the blog post. The company recommended that Gmail users take additional security steps, like using a Google service known as two-step verification, to make it more difficult to compromise their e-mail accounts. But Google said that the password thefts were not the result of a general security problem with Gmail.
Google acknowledged that it had been alerted to the problem in part by Mila Parkour, a security researcher in Washington who posted evidence of a type of phishing attack on her blog in February. She documented examples of what had been described as a ¡§man-in-the-mailbox¡¨ attack, in which the intruder uses the account of one victim and his e-mail contacts to gain the trust of a new victim.
Ms. Parkour wrote that the method used in this attack was ¡§far from being new or sophisticated¡¨ but that she was posting information about it because of ¡§the particularly invasive approach of the attack.¡¨
She highlighted a fake document titled ¡§Draft U.S.-China Joint Statement¡¨ that was circulated among people with e-mail accounts at the U.S. State Department, the Defense Department, the Defense Intelligence Agency and Gmail. Clicking to download the document directed users instead to a fake Gmail log-in page that captured their passwords.
Caitlin Hayden, a spokeswoman for the National Security Council, said the White House was looking into the matter.
¡§We have no reason to believe that any official U.S. government e-mail accounts were accessed,¡¨ Ms. Hayden said.
Google said the attacks apparently originated in Jinan, the capital of Shandong Province in eastern China. The city is a regional command center for the Chinese military, one of seven in the country. It is also home to the Lanxiang Vocational School, which was founded with military support. Last year, investigators looking into the attack on Google¡¦s systems said they had traced some of the hacking activity back to the school.
At the time, government and school officials strongly denied any connection with the attack, and the Chinese Foreign Ministry said linking the Chinese authorities to such attacks was ¡§baseless, highly irresponsible and hype with ulterior motives.¡¨
That earlier attack appeared to be aimed at gathering information on rights activists who were involved in political campaigns aimed at China. It was part of a wave of attacks that affected a range of American companies beginning in mid-2009 and that was first publicly disclosed by Google in January 2010.
Rafal Rohozinski, a network security specialist at the SecDev Group in Ottawa, said it was impossible to lay blame for the campaign on the Chinese government with any certainty. Because of the borderless nature of the Internet, it is easy for intruders to connect through a series of countries to mask their identities. ¡§The fact that someone is harvesting Gmail credentials is not surprising,¡¨ Mr. Rohozinski said.
This year, the Chinese government has stepped up its controls over the Internet on the mainland, with increased scrutiny of news and blog sites, particularly in the wake of political upheaval in North Africa and the Middle East.
The government has also apparently crippled some virtual private network services, or VPNs, which have been used by people on the mainland to gain access to corporate e-mail or get around controls that block many Web sites from being reached, like YouTube, Facebook and Twitter.
Security specialists said the Google warning to users was an indication that efforts to place the responsibility for Internet security on individuals was failing.
¡§I think this is impossible to solve by going to one user at a time and trying to teach them how to behave on the Internet,¡¨ said Nir Zuk, founder and chief technology officer of Palo Alto Networks in California. ¡§It doesn¡¦t matter how much education you put into it ¡X you will always have end users that will make a mistake.¡¨
This article has been revised to reflect the following correction:Correction: June 2, 2011
An earlier version of this article misspelled the surname of the founder and chief technology officer of Palo Alto Networks. He is Nir Zuk, not Nir Zuck.
(The Wall Street Journal) Chefs Who Spy? Tracking Google's Hackers in China James A. Arredy. June 6, 2011.
From this city of six million, Shandong Lanxiang Vocational School quietly churns out 30,000 mechanics, barbers and welders each year. One of its triumphs was training chefs who cooked for Olympic athletes at the 2008 Summer Games in Beijing.
Google Inc. issued a surprise announcement this week, accusing Chinese hackers from Jinan of hijacking personal Gmail accounts of senior U.S. officials and others, by tricking them into disclosing their passwords. Among those targeted were White House employees, people familiar with the matter said. Neither the White House nor Google has been more specific about who may have perpetrated the attacks from this provincial capital, which also houses a technical reconnaissance bureau roughly equivalent to the U.S. National Security Agency.
But by singling out Jinan as the source of the attack's origins, attention has also fallen on this giant school, which has longstanding ties to the People's Liberation Army. At least one U.S.-based investigator has asserted the school is a source of previous anti-U.S. hacking. School officials have repeatedly denied any involvement in cyber attacks. They declined to comment for this article.
The story of Lanxiang illustrates the murkiness that makes it so difficult to pinpoint responsibility for computer attacks. Security researchers say it's not difficult for hackers to mask the source of "phishing" emails, which directed Gmail users to spoof websites that tricked them into giving up their usernames and passwords.
And in a country known for top-flight engineering schools, Lanxiang never had much of a profile. It doesn't even provide campus-wide Wi-Fi coverage. "I don't think anybody from this school could be smart enough to attack a big Internet company like Google," said Zhang Jian, a 22-year-old auto-repair student dressed in a basketball jersey and flip flops.
In an hour-long guided tour Friday, it was easy to visit classrooms for aspiring chefs, where up to 80 students at a time learn how to flip vegetables in a wok. The school also has an assembly line, where students learn how to wire automobile headlamps.
Shandong Jinan Lanxiang Vestibule School or Shandong Lanxiang Senior Technical School is named for its founder and primary owner, Rong Lanxiang. Mr. Rong, who turns 47 years old this month, has built a megalopolis of training for China's burgeoning services sector¡Xwith help along the way from the PLA.
In a March 2010 interview with state-run China National Radio, Mr. Rong said his school has offered computer courses for 15 years and has a large computer classroom with over 1,300 computers, which he called a world record. But he said even computer science graduates of top universities have trouble finding a job, so the courses aren't a priority at Lanxiang. Mr. Rong couldn't be reached for comment Friday.
Mr. Rong also explained how the relationship with the PLA started. As a 20-year-old in 1984, Mr. Rong moved to Jinan and began offering a motorcycle maintenance course. He quickly expanded the operations into other trades at a time when many Chinese were pining to go into business. Four years later, so was the PLA. Eager to spur its own revenue growth, the army offered Mr. Rong a deal: a chunk of free land outside the city to expand his school in exchange for a role, essentially incorporating it into the military. "They needed us and we needed them as well," Mr. Rong said.
It isn't clear how the business was structured. In the late 1990s, the government ordered the army to exit businesses. Mr. Rong reassumed control, but some ties remained. Mr. Rong told the radio broadcast that his co-owners today include family members of army officers. "We grew up healthily in the army and got continuous education from the army," he said.
If the school had any hand in the international hacking incident, that was news to a 28-year-old chef who identified himself by the surname Zheng. The slow speed of the Internet in Jinan is a persistent complaint around campus, he said. "It's sometimes impossible to play online games."
¡XYang Jie in Jinan, China, Siobhan Gorman in Washington and Amir Efrati in San Francisco contributed to this article.
(China Daily) Chinese experts: Gmail hacking accusation likely ill-intentioned June 5, 2011
Google lacks evidence to support its accusations that Chinese hackers are behind alleged cyber attacks on hundreds of its e-mail accounts, and the timing of such accusations is ill-intentioned, Chinese experts said over the weekend. "Google's accusation is neither serious nor credible as it has not published any evidence that shows the hackers are from China," said Dai Yiqi, a cyber security expert with Tsinghua University.
Eric Grosse, engineering director of Google's security team, wrote on the company blog Wednesday that unidentified hacker attacks, likely originating from the eastern Chinese city of Jinan, tried to collect user passwords of the Gmail accounts of hundreds of users, including senior US government officials, Chinese "human rights activists" and journalists.
A report released in 2009 by the United States-China Economic and Security Review Commission, an organization created by the US Congress, claimed that Jinan is the home of a Chinese military reconnaissance office.
An anonymous cyber security expert believes, despite Google not referring to the Chinese government in the latest attack claim, the company is targeting the Chinese government by listing the victims of the attacks as those whom only the Chinese government is interested in. "Both their intentions and the timing of the accusation are dubious," Dai said.
Google's accusation followed on the heels of the Pentagon's first formal cyber strategy announcement. The Wall Street Journal reported on Tuesday that the Pentagon concluded that computer sabotage coming from another country can count as an act of war and the United States may respond by using traditional military force.
Li Shuisheng, a research fellow with a top military science academy of the People's Liberation Army, believes there are political motives behind Google's accusation. Google may well have attempted to instigate a new round of the cyber row between China and the United States, Li said. "If Google did suffer the 'hacker attack from China', it can seek solutions through the relevant Sino-US judicial cooperation mechanism, rather than only 'shouting' without any solid evidence," said an insider who works with Chinese officials in charge of Internet security.
China and the US established a Joint Liaison Group (JLG) on law-enforcement cooperation in 1998 to promote bilateral cooperation in combating crimes, the anonymous insider added.
Wednesday's accusation by Google came more than a year after the company allegedly uncovered a cyber attack that it said it had traced to China.
In January 2010, Google said it had been attacked by hackers supported by the Chinese government, and later announced its withdrawal from the Chinese mainland. The row ended with Google redirecting Chinese mainland users to a site in Hong Kong. In such cyber attacks, it is easy to locate the IP address of hackers but hard to tell where the hackers actually are, said Dai. "Hackers usually launch attacks by camouflaging their own IP addresses or controlling computers of others. Therefore, we can hardly tell the location of the hacker unless we have sufficient evidence," he said.
China is one of the leading targets of cyber attacks, according to the China National Computer Network Emergency Response Technical Team (CNCERT). It has the world's largest number of computers infected with bot, a type of malware that allows a cyber attacker to gain control over the affected computer. About 13 percent of the world's computers infected with bot are in China. Last year, 4.5 million IP addresses in China were hit by "Trojans" planted by nearly 220,000 overseas IP addresses, according to CNCERT. Those from the US ranked first, accounting for 14.66 percent, CNCERT statistics show.
"Without cooperation between governments, absolute security cannot be guaranteed in cyber community," said Li , adding that only cooperation can ensure safe information exchange.
(Reuters) China paper warns Google may pay price for hacking claims June 6, 2011.
Google has become a "political tool" vilifying the Chinese government, an official Beijing newspaper said on Monday, warning that the U.S. Internet giant's statements about hacking attacks traced to China could hurt its business. The tough warning appeared in the overseas edition of the People's Daily, the leading newspaper of China's ruling Communist Party, indicating that political tensions between the United States and China over Internet security could linger.
Last week, Google said it had broken up an effort to steal the passwords of hundreds of Google email account holders, including U.S. government officials, Chinese human rights advocates and journalists. It said the attacks appeared to come from China. The Chinese Foreign Ministry rejected those accusations, and the party newspaper warned Google against playing a risky political game.
By saying that Chinese human rights activists were among the targets of the hacking, Google was "deliberately pandering to negative Western perceptions of China, and strongly hinting that the hacking attacks were the work of the Chinese government," the People's Daily overseas edition, a small offshoot of the main domestic paper, said in a front-page commentary.
"Google's accusations aimed at China are spurious, have ulterior motives, and bear malign intentions," said the commentary, written by an editor at the paper. "Google should not become overly embroiled in international political struggle, playing the role of a tool for political contention," the paper added. "For when the international winds shift direction, it may become sacrificed to politics and will be spurned by the marketplace," it said, without specifying how Google's business could be hurt.
A Google spokeswoman said the U.S. firm had no comment on the remarks.
The latest friction with Google could bring Internet policy back to the foreground of U.S.-China relations, reprising tensions last year when the Obama administration took up Google's complaints about hacking and censorship from China. Google partly pulled out of China after that dispute. Since then, it has lost more share to rival Baidu Inc in China's Internet market, the world's largest by user numbers with more than 450 million users.
Google said last week that the hacking attacks appeared to come from Jinan, the capital of China's eastern Shandong province and home to an intelligence unit of the People's Liberation Army.
U.S. Defense Secretary Robert Gates over the weekend warned that Washington was prepared to use force against cyber-attacks it considered acts of war. In February, overseas Chinese websites, inspired by anti-authoritarian uprisings across the Arab world, called for protests across China, raising Beijing's alarm about dissent and prompting tightened censorship of the Internet.
China already blocks major foreign social websites such as Facebook and Twitter.
(Telegraph Blogs) Is Google an agent of the US Government? It certainly gives that impression Peter Foster June 8, 2011.
So, individual Gmail accounts have been the victim of a Chinese hack-attack. As ever, we¡¦ll never know for sure who was responsible, but you don¡¦t need to read too closely between the lines of Google¡¦s blog post to be sure that Google thinks that the Chinese government was, at some level, behind it.
Why do I say that? Well, two reasons.
First Google highlights the subjects of the attacks viz ¡§senior U.S. government officials, Chinese political activists¡Kmilitary personnel and journalists¡¨, with the obvious implication that the purpose of this was political, not commercial espionage.
Second, it pointedly notes the origin of the attack, which was in Jinan, the capital of Shandong Province that is also home of the Shandong Lanxiang Senior Technical School which some US investigators cited as the source of last year¡¦s attack on Google (that prompted them to partially pull out of China).
The attacks throw up a bunch of interesting questions that only serve to fuel the growing suspicions between China and the West. From a Chinese perspective the overriding question about Google¡¦s rather sanctimonious blogpost on net security (note the simplistic, Manichean division of ¡¥good¡¦ and ¡¥bad¡¦ in that opening para) is, ¡§Why now?¡¨
Such ¡§spear phishing¡¨ attacks occur on the web millions of times a day; everyone has experienced them, so why should Google put out a statement about this particular attack? Why not on the millions of others?
The answer in many Chinese minds is clear: it must be political. Either Google is working at the behest of the US Government to smear China, or it wants to attack Beijing for its own commercial reasons ¡V perhaps in pique for its failure to crack the Chinese market.
Michael Anti, one of China¡¦s most renowned net commentators, was among those scratching his head for the motivation behind Google¡¦s announcement when I spoke with him this morning.
This is a very unsophisticated attack, every gang in Nigeria does this kind of thing, so why does Google announce this one and not others? They could make an announcement like this every single day.
Of course people will wonder if it is political, and ask about how Google is attached to the US government, but I guess without a mole in Google HQ we¡¦ll never know.
And equally, without a mole in the Chinese government, we¡¦ll never know at what level this attack, which given its targets would appear to have the finger prints of the Chinese government all over it, was orchestrated.
When I spoke to Anti, I was also curious as to why, if this was a government attack (as he agreed it appeared to be) it was so clumsy and unsophisticated. This attack was nothing like the ¡§highly sophisticated¡¨ hit on Google¡¦s deep infrastructure in January last year that experts say was the work of high-end programmers.
So, why risk the international embarrassment when no doubt China¡¦s cyber-warfare units ¡V presumably like the American ones ¡V must have all manner of sophisticated spy-bots, malware and other gizmos at their disposal to ferret out information in a clandestine manner?
¡§Ah, that¡¦s easy,¡¨ said Anti with a broad smile, ¡§the reason is that they [China¡¦s security agencies] don¡¦t give a sh*t what the world thinks. That¡¦s someone else¡¦s problem.¡¨
Sometimes you have to feel pity for China¡¦s diplomatic corps.
Related Link: The Google/China hacking case: How many news outlets do the original reporting on a big story? Jonathan Stray, Nieman Journalism Lab