An investigation into the cyber attacks on Google and other corporations has led to computers based at two universities in China, Shanghai Jiaotong University and the Lanxiang Vocational School. The New York Times reports:
Computer security experts, including investigators from the National Security Agency, have been working since then to pinpoint the source of the attacks. Until recently, the trail had led only to servers in Taiwan.
If supported by further investigation, the findings raise as many questions as they answer, including the possibility that some of the attacks came from China but not necessarily from the Chinese government, or even from Chinese sources.
Tracing the attacks further back, to an elite Chinese university and a vocational school, is a breakthrough in a difficult task. Evidence acquired by a United States military contractor that faced the same attacks as Google has even led investigators to suspect a link to a specific computer science class, taught by a Ukrainian professor at the vocational school.
Update: CDT’s further online investigation has found that, according to the school’s own website, the School of Information Security Engineering of Shanghai Jiaotong University is one of the main research units of the China’s “National Information Security Application Demonstration Project” “国家信息安全应用示范工程” – (code name S219) , and the Information Security Project* within the “National 863 Program**.” The school is “a training base for high-level Information Security experts in the national 863 production (east) base” (“国家863产业化(东部)基地信息安全高级专业人才培养基地”).
And who are the trainers of these high-level information security experts? Here is just one example:
Professor Li Jianhua (李建华), Deputy Dean of the School of Information Security Engineering. Research area:Information Security, Computer Communication Network , Information/Signal Processing, Artificial Intelligence. His titles include: Chief Expert of the Expert Group of Information Security Project of National 863 Program; Expert Committee of National 863 Program Anti-Computer-Invasion and Anti-Virus Technology Research Center (Ministry Public Security) 公安部国家863计划反计算机入侵和防病毒技术研究中心专家委员会成员(公安部)国家863计划信息安全主题专家组首席/管理专家 (科技部)
Together with Shanghai Jiaotong University, the Lanxiang Vocational School is also one of the five colleges which are known to have associated with the national “information security” research program, including the Great Firewall of China. The other three schools known to have participated are Harbin Institute of Technology, Beijing University of Post and Telecommunications, and National University of Defense Technology.
From information available online, it is not difficult to find connections linking these university research units to the government’s “Information Security” technology research network. For example, from this already deleted list of “Second Term of (National) Internet and Information Security Working Committee (2007),” professor Li Jianhua is listed as a “Member of the Standing Committee”. And the Head of this Committee is none other than Dr. Fang Binxing (方滨兴), a computer scientist, widely known as the the father of the Great Firewall of China. Fang Binxing is the honorary director of the National Computer network Emergency Responses technical Team/Coordination Center of China (CNCERT), a.k.a. the Great Firewall. In Dr. Fang’s public resume, he is the current president of the Beijing University of Post and Telecommunications, and he taught and conducted research from 1984-1999 at the School of Computer and Electronic Engineering at the Harbin Institute of Technology. Since 2005, he has also been a Specially Hired Professor (“特聘教授”) at the National University of Defense Technology. Among many other titles held by Dr. Fang, he has been the Ministry of Public Security’s Specially Hired Expert on Information Security since 2007; a member of the Informationalization Expert Consulting Committee of the People’s Liberation Army General Logistics Department; and in 2001 he was awarded the title of “Outstanding Individual”, jointly given by the Chinese Communist Party Central Organizational Department, Chinese Communist Party Central Propaganda Department, Chinese Communist Party Political and Legal Committee, Ministry of Public Security, Ministry of Civil Affairs and Ministry of Human Resources and Social Security.
What is this mysterious “Lanxiang Vocational School” then? How could a obscure “Vocational School” be listed among China’s top research universities in “information security” research? This school includes a special training program for future PLA technology officers. According to the Lanxiang Vocational School website, translated by CDT, “Deputy Chief of Staff of the Jinan Military District, Major General Zeng Qingzhu came to Shandong Lanxiang to review the national defense education work. In March 2006, the Lanxiang Vocational School established the first military department among the private schools in Shandong, specializing in educating and training high quality technology officerstechnical sergeants for the military. In the last two years, a large number of excellent graduates have enlisted in the PLA and become the important technology backbone of the military.”
(济南军区副参谋长曾庆祝少将来到山东蓝翔视察国防教育工作。06年3月,蓝翔技校成立山东首家民办学校武装部,专门为部队培养高素质的高级技术士官。两年来,大批优秀学员应征入伍,成为军队的重要技术骨干)
The following photo is currently circulating in Chinese cyberspace. It shows students of the “Lanxiang Vocational School” in 2008 wearing military fatigues.
Update 2: On Feb. 21, Rong Lanxiang (荣兰祥), the Founder and the Chairman of the Board of the Lanxiang Vocational School made a public statement regarding the report in the New York Times. According to the Chinese media, Rong said: “The report (by NYT) is merely a fabrication. We do have students joining the PLA, but it is part of the national policy of military recruitment. Our computing center has more than 2000 computers, but this fact has nothing to do with Baidu. [The NYT report] said we have a military background, this is a joke. (他们纯属瞎编,我们是有学生入 伍,但这符合国家的兵役政策。我们的计算机房有2000多台机器,但这和百度一点关系没有。说我们有军方背景,简直是笑话。)”
Does Lanxiang really not have any military background? CDT’s online investigation says just the opposite. In addition to the samples illustrated in this post earlier, here are more examples showing that Lanxiang does have strong connections to the PLA.
(1) A long profile about Mr. Rong on Lanxiang School’s blog reveals this very background, translated by CDT:
“In 1988, the PLA started the wave of entrepreneurial operations. Rong Lanxiang decisively grabbed this opportunity, using the platform of the the PLA, created Shandong Lanxiang Vocational School ”
“1988年,部队掀起搞三产的热潮,荣兰祥果断抓住机遇,利用部队这一平台创建山东蓝翔职业技能培训学校。”
(2)From Lanxiang School’s blog, summarized by CDT:
On December 25, 2009, the Lanxiang Vocational School party secretary Li Zixiang reported to a senior visiting PLA officer about the school’s work of training PLA officers over the years.
(3) From hrbmzj.gov.cn:
Over the past five years, Lanxiang Vocational School has trained 3000 PLA soldiers, officers, veterans and their families.
天桥区有一个旨在为退役士兵、优抚对象搭建就业平台的双拥培训基地,这就是山东蓝翔高级技工学校。近5年来,学校对近3000名部队官兵、退伍士兵、军嫂进行免费技能培训,安置转业干部53名、转业军人156名、军嫂25名。
* The phrase “Information Security” may be very “neutral” sounding. But in recent public policy speeches, Dr. Fang Binxing has emphasized a unique Chinese government concept of “content security“, which includes information surveillance and blocking, and public opinion analysis and monitoring. According to Dr. Fang, China’s top “Information Security” expert, the concept of “content security” is included in the Chinese “Information Security” category. Fang Binxing’s latest research project is none other than “Online Public Opinion Surveillance and Monitoring System.” Professor Li Jianhua’s work also includes “Internet Media Content Ranking Technology for Surveillance and Management” (2001-2002) (网络媒体的内容分级监管技术), “Internet Media Surveillance and Management Information System” (2003) (“网络媒体监管信息系统) and “Content Security Surveillance and Management System and Methods Based on Digital Tags” “基于数字标签的内容安全监控系统及方法” which is already patterned in China.
** National 863 Program is the code name of China’s High Technology Development Program 《高技术研究发展计划(863计划)纲要》, which is a state-funded research program on high-technology. According to researcher Greg Walton in this report in 2001: “The 863 Project was initiated in March 1986 as China’s response to the Reagan Administration’s Strategic Defense Initiative/”Star Wars.” The 863 concentrates government investment in seven distinct areas, including information technology, which have military and state security applications. Other examples of 863 investments include lasers and anti-satellite systems.”
Update 3:The New York Times report and other coverage of this story, including this CDT post, has continued to generate debate and discussion. See, for example:
– The official response to the New York Times story via Xinhua.
– “The Google/China hacking case: How many news outlets do the original reporting on a big story?” from Nieman Journalism Lab
– “Lanxiang Vocational’s Mistaken Identity Traced” from Fool’s Mountain