March 25, 2013
Faculty members at a leading Chinese university have been linked to the unit of the People’s Liberation Army (PLA) suspected of carrying out government-sanctioned cyber-attacks on American companies and defense contractors.
Shanghai Jiaotong’s School of Information Security Engineering (SISE) personnel have collaborated on at least three technical research papers in the past few years with the PLA’s Unit 61398, Reuters is reporting.
The papers, found by Reuters on a document-sharing website, focused on network security and attack detection. Title pages indicate the papers were penned by Unit 61398 researchers and SISE professors.
A paper from 2007 by PLA researcher Chen Yi-qun and SISE vice-president Xue Zhi discussed strengthening security through the creation of a collaborative network monitoring system.
Xue’s biography on the university website credits him with developing China’s leading infiltrative cyber-attack platform.
Reuters said it was unable to reach either man and the university declined comment.
Associate professor Fan Lei, who specializes in network security management and cryptography, also authored a paper with Chen. Fan told Reuters he worked with Chen in 2010 when he was a SISE graduate student, adding he did not know Chen was with the PLA when they worked together.
Reuters’ report indicates, however, both of the papers Chen co-authored with the university professors affirmed he was with the PLA unit. There also is no evidence that any university personnel who collaborated on papers with Unit 61398 worked with anyone directly engaged in cyber-attacks rather than research.
American security firm Mandiant Corp. released a 74-page report last month that pointed the finger at the Chinese military unit for carrying out thousands of hacking attacks against American companies and contractors at the behest of the Chinese government.
“Our research and observations indicate that the Communist Party of China is tasking the Chinese People’s Liberation Army to commit systematic cyber espionage and data theft against organizations around the world,” the report stated.
“Our analysis has led us to conclude that (Unit 61398) is … one of the most persistent of China’s cyber threat actors. We believe that (Unit 61398) is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support.”
The Alexandria, Virginia-based security firm traced the hacking to four large networks in Shanghai, two of which serve the Pudong New Area where a 12-storey building run by Unit 61398 of the People’s Liberation Army is located.
Chinese officials have indignantly denied the report’s findings, dismissing it as inaccurate.
Since the release of Mandiant’s report, a war of words has erupted between the U.S. and China, as each accuses the other of cyber-crimes.