When Google Inc. last month alleged that it and more than 20 other companies were breached in a cyberattack it traced to China, the attack, dubbed Aurora, appeared orders of magnitude more complex than the Panda attack. Unlike the Panda attack, which left a calling card and spread quickly and randomly, the perpetrators of Aurora targeted specific employees within the companies they attacked and went to great lengths to cover their tracks.
There is no evidence thus far that the Google hack has any connection to the Panda’s pandemonium. What is clear is that Mr. Li learned his craft and launched his attack within a hacker network in China that remains an active and growing threat to global computer users.
The identity, motivation and methods of Chinese hackers are rarely traceable. But based on interviews with security experts, forensic reports from independent tech firms, and the hackers themselves, the Panda case offers a rare window into how the underground world of Chinese hacking operates.
…Investigators probing the Google matter still don’t know where it began but have been examining whether computers at China’s Shanghai Jiaotong University and Lanxiang Vocational School in Shandong Province were involved in the attacks, according to a person briefed on the matter. The New York Times reported Thursday that the attacks have been traced to computers at the two schools.
Li Zixiang from the Lanxiang Vocational School in Shandong Province, said “investigations …found no trace the attacks originated from our school.”…
Citing unidentified anonymous sources, the newspaper said trails led to Shanghai Jiaotong University and the Lanxiang Vocational School, which was created with military backing and trains some of its computer scientists.
Update: On Feb. 21, Rong Lanxiang (荣兰祥), the Founder and the Chairman of the Board of the Lanxiang Vocational School made a public statement regarding the report in the New York Times. According to the Chinese media, Rong said: “The report (by NYT) is merely a fabrication. We do have students joining the PLA, but it is part of the national policy of military recruitment. Our computing center has more than 2000 computers, but this fact has nothing to do with Baidu. [The NYT report] said we have a military background, this is a joke. (他们纯属瞎编，我们是有学生入 伍，但这符合国家的兵役政策。我们的计算机房有2000多台机器，但这和百度一点关系没有。说我们有军方背景，简直是笑话。)”
Does Lanxiang really not have any military background? CDT’s online investigation says just the opposite. In addition to the samples illustrated in the post earlier, here are more examples showing that Lanxiang does have strong connections to the PLA.
(1) A long profile about Mr. Rong on Lanxiang School’s blog reveals this very background, translated by CDT:
“In 1988, the PLA started the wave of entrepreneurial operations. Rong Lanxiang decisively grabbed this opportunity, using the platform of the the PLA, created Shandong Lanxiang Vocational School ”
(2)From Lanxiang School’s blog, translated by CDT:
On December 25, 2009, the Lanxiang Vocational School party secretary Li Zixiang reported to a senior visiting PLA officer about the school’s work of training PLA officers over the years.
(3) From hrbmzj.gov.cn
Over the past five years, Lanxiang Vocational School has trained 3000 PLA soldiers, officers, veterans and their families.